actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2026-05-24 05:56:29 +07:00
Code Issues Packages Projects Releases Wiki Activity

Harden GitHub Actions workflows

Browse Source
This commit is contained in:
Shivam Mathur
2026-05-15 23:56:20 +05:30
parent 5825be4b77
commit deb2299a77
6 changed files with 82 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/dependabot.yml vendored
View File

@@ -1,7 +1,13 @@
version: 2 version: 2
updates: updates:
- package-ecosystem: "github-actions" - package-ecosystem: 'github-actions'
directory: "/" directory: '/'
target-branch: "develop" target-branch: 'develop'
schedule: schedule:
interval: "weekly" interval: 'weekly'
groups:
github-actions:
patterns:
- '*'
cooldown:
default-days: 7

13
.github/workflows/codeql.yml vendored
View File

@@ -5,9 +5,13 @@ on:
- cron: '0 15 * * 6' - cron: '0 15 * * 6'
permissions: permissions:
contents: read contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs: jobs:
codeql: codeql:
name: CodeQL Analysis
if: github.event.repository.fork == false if: github.event.repository.fork == false
permissions: permissions:
actions: read # for github/codeql-action/init to get workflow details actions: read # for github/codeql-action/init to get workflow details
@@ -16,18 +20,19 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
fetch-depth: 2 fetch-depth: 2
persist-credentials: false
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v4 uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
with: with:
config-file: ./.github/codeql/codeql-configuration.yml config-file: ./.github/codeql/codeql-configuration.yml
languages: javascript languages: javascript
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v4 uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4 uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4

30
.github/workflows/docs.yml vendored
View File

@@ -5,12 +5,15 @@ on:
- cron: '0 15 * * 6' - cron: '0 15 * * 6'
permissions: permissions:
contents: read contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs: jobs:
create: create:
if: github.event.repository.fork == false if: github.event.repository.fork == false
permissions: permissions:
contents: none contents: none # this job only prepares artifacts and uploads them, no repository writes
name: Create name: Create
runs-on: ${{ matrix.operating-system }} runs-on: ${{ matrix.operating-system }}
strategy: strategy:
@@ -20,7 +23,7 @@ jobs:
php-versions: ['5.3', '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5', '8.6'] php-versions: ['5.3', '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5', '8.6']
steps: steps:
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2
with: with:
php-version: ${{ matrix.php-versions }} php-version: ${{ matrix.php-versions }}
tools: none tools: none
@@ -39,7 +42,7 @@ jobs:
run: | run: |
php -m | Out-File -FilePath "$env:file.all" -Append php -m | Out-File -FilePath "$env:file.all" -Append
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2
with: with:
php-version: ${{ matrix.php-versions }} php-version: ${{ matrix.php-versions }}
extensions: none extensions: none
@@ -72,7 +75,7 @@ jobs:
version: ${{ matrix.php-versions }} version: ${{ matrix.php-versions }}
if: matrix.operating-system == 'windows-2022' if: matrix.operating-system == 'windows-2022'
run: | run: |
Write-Output "## PHP ${{ matrix.php-versions }}`n" | Out-File -FilePath "$env:file" Write-Output "## PHP $env:version`n" | Out-File -FilePath "$env:file"
Write-Output "``````" | Out-File -FilePath "$env:file" -Append Write-Output "``````" | Out-File -FilePath "$env:file" -Append
php -m | Out-File -FilePath "$env:file.builtin" -Append php -m | Out-File -FilePath "$env:file.builtin" -Append
Get-Content "$env:file.all" | ForEach-Object { Get-Content "$env:file.all" | ForEach-Object {
@@ -88,7 +91,7 @@ jobs:
Remove-Item "$env:file.all" -Force Remove-Item "$env:file.all" -Force
Remove-Item "$env:file.builtin" -Force Remove-Item "$env:file.builtin" -Force
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v7 uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with: with:
name: lists-php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md name: lists-php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md
path: php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md path: php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md
@@ -101,19 +104,23 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
repository: ${{ github.repository }}.wiki repository: ${{ github.repository }}.wiki
persist-credentials: false
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v8 uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with: with:
path: ${{ github.workspace }}/lists path: ${{ github.workspace }}/lists
pattern: lists-* pattern: lists-*
merge-multiple: true merge-multiple: true
- name: Configure Git - name: Configure Git
env:
GIT_USER_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com
GIT_USER_NAME: github-actions[bot]
run : | run : |
git config --local user.email "${{ secrets.email }}" git config --local user.email "$GIT_USER_EMAIL"
git config --local user.name "${{ github.repository_owner }}" git config --local user.name "$GIT_USER_NAME"
- name: Combine - name: Combine
run: | run: |
for os in ubuntu-24.04 ubuntu-22.04 windows-2025 windows-2022 windows-2019 macos-13 macos-14 macos-15 macos-26; do for os in ubuntu-24.04 ubuntu-22.04 windows-2025 windows-2022 windows-2019 macos-13 macos-14 macos-15 macos-26; do
@@ -130,9 +137,12 @@ jobs:
done done
rm -rf ./lists rm -rf ./lists
- name: Update - name: Update
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WIKI_REPOSITORY: ${{ github.repository }}
run: | run: |
if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" != "0" ]; then if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" != "0" ]; then
git add . git add .
git commit -m "Update PHP extensions on wiki - $(date +'%d-%m-%y')" git commit -m "Update PHP extensions on wiki - $(date +'%d-%m-%y')"
git push -f https://${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.wiki.git master || true git push -f https://x-access-token:${GITHUB_TOKEN}@github.com/${WIKI_REPOSITORY}.wiki.git master || true
fi fi

11
.github/workflows/node.yml vendored
View File

@@ -18,10 +18,14 @@ on:
- 'examples/**' - 'examples/**'
permissions: permissions:
contents: read contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs: jobs:
run: run:
name: Run name: Run
environment: codecov
runs-on: ${{ matrix.operating-system }} runs-on: ${{ matrix.operating-system }}
strategy: strategy:
fail-fast: false fail-fast: false
@@ -29,12 +33,13 @@ jobs:
operating-system: [ubuntu-latest, windows-latest, macos-latest] operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
fetch-depth: 2 fetch-depth: 2
persist-credentials: false
- name: Setup Node.js 24.x - name: Setup Node.js 24.x
uses: actions/setup-node@v6 uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version: 24.x node-version: 24.x
@@ -54,7 +59,7 @@ jobs:
run: npm audit run: npm audit
- name: Send Coverage - name: Send Coverage
uses: codecov/codecov-action@v6 uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6
with: with:
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}
files: coverage/lcov.info files: coverage/lcov.info

21
.github/workflows/php.yml vendored
View File

@@ -19,8 +19,11 @@ on:
- 'examples/**' - 'examples/**'
permissions: permissions:
contents: read contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env: env:
default-php-version: '8.2' default-php-version: '8.5'
jobs: jobs:
run: run:
name: Run name: Run
@@ -39,18 +42,20 @@ jobs:
key: cache-v5 key: cache-v5
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Setup cache environment - name: Setup cache environment
id: cache-env id: cache-env
uses: shivammathur/cache-extensions@develop uses: shivammathur/cache-extensions@256729b5fef535345e27904657f78048c0990f81 # v1
with: with:
php-version: ${{ matrix.php-versions || env.default-php-version }} php-version: ${{ matrix.php-versions || env.default-php-version }}
extensions: ${{ env.extensions }} extensions: ${{ env.extensions }}
key: ${{ env.key }} key: ${{ env.key }}
- name: Cache extensions - name: Cache extensions
uses: actions/cache@v5 uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
with: with:
path: ${{ steps.cache-env.outputs.dir }} path: ${{ steps.cache-env.outputs.dir }}
key: ${{ steps.cache-env.outputs.key }} key: ${{ steps.cache-env.outputs.key }}
@@ -58,8 +63,10 @@ jobs:
- name: Stage php-version-file - name: Stage php-version-file
if: ${{ matrix.php-version-file == 'php-version-file' }} if: ${{ matrix.php-version-file == 'php-version-file' }}
env:
DEFAULT_PHP_VERSION: ${{ env.default-php-version }}
run: | run: |
echo ${{ env.default-php-version }} > php-version-file echo "$DEFAULT_PHP_VERSION" > php-version-file
- name: Setup PHP with extensions and custom config - name: Setup PHP with extensions and custom config
run: node dist/index.js run: node dist/index.js
@@ -70,9 +77,11 @@ jobs:
ini-values: post_max_size=256M, short_open_tag=On, date.timezone=Asia/Kolkata ini-values: post_max_size=256M, short_open_tag=On, date.timezone=Asia/Kolkata
- name: Testing PHP version - name: Testing PHP version
env:
EXPECTED_PHP_VERSION: ${{ matrix.php-versions || env.default-php-version }}
run: | run: |
php -v php -v
php -r "if(strpos(phpversion(), '${{ matrix.php-versions || env.default-php-version }}') === false) {throw new Exception('Wrong PHP version Installed');}" php -r '$expected = getenv("EXPECTED_PHP_VERSION"); if(strpos(phpversion(), $expected) === false) {throw new Exception("Wrong PHP version Installed");}'
- name: Testing Composer version - name: Testing Composer version
run: | run: |

29
.github/workflows/publish.yml vendored
View File

@@ -10,29 +10,39 @@ on:
tag: tag:
description: Tag name description: Tag name
required: true required: true
jobs: concurrency:
build: group: ${{ github.workflow }}-${{ github.ref }}
runs-on: ubuntu-latest cancel-in-progress: false
permissions: permissions:
contents: read contents: read
packages: write jobs:
id-token: write build:
name: Build and Publish
permissions:
contents: read # for actions/checkout
packages: write # For publishing to GitHub Packages
id-token: write # For authentication with npm registry
runs-on: ubuntu-latest
steps: steps:
- name: Checkout release - name: Checkout release
if: github.event_name != 'workflow_dispatch' if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Checkout tag - name: Checkout tag
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
with: with:
ref: ${{ github.event.inputs.tag }} ref: ${{ github.event.inputs.tag }}
persist-credentials: false
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v6 uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
node-version: '24.x' node-version: '24.x'
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
package-manager-cache: false
- name: Install dependencies and add lib - name: Install dependencies and add lib
run: | run: |
@@ -45,9 +55,10 @@ jobs:
run: npm publish --access public run: npm publish --access public
- name: Change to GitHub Packages registry - name: Change to GitHub Packages registry
uses: actions/setup-node@v6 uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with: with:
registry-url: https://npm.pkg.github.com registry-url: https://npm.pkg.github.com
package-manager-cache: false
scope: '@shivammathur' scope: '@shivammathur'
- name: Patch package.json - name: Patch package.json