-
Notifications
You must be signed in to change notification settings - Fork 83
238 lines (228 loc) · 8.99 KB
/
code_quality.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Static analysis **
#
# This GitHub Action requires every pull request to fulfill the minimum requirements at all times. Various static
# analysis tools are included and executed during this workflow. They only check out the source code without the need
# to run the whole Share community platform. Hence, this automated static analysis checks are fast. Besides, no tests
# have to be created manually. However, no behavior can be tested.
#
# - This tests must never fail!:
#
# We should never allow those checks to fail before merging a pull request. Having failing pipelines over a more
# extended period results in developers and code reviewers to ignore those checks, which again results in more and
# more errors over time. If necessary, it is better to reduce the strictness of some checks in the corresponding
# config files, or explicitly tell the tools to ignore a particular pattern or line.
#
# - Tool integration:
#
# Most tools are integrated directly using a package manager (npm, composer). This allows to Dependabot to update
# the dependencies of the GitHub Actions. Besides, the CI system uses the same versions like developers would
# locally. However, this approach also a a drawback. More "artificial" dependencies on the static analysis tools
# which are not necessary to run the Share community platform. In case, one they there arise dependency conflicts
# just remove the tool from the package manager and add the tool using a pre-built executable (wget) or an action
# from the marketplace (This is already the case or This is already the case for `phploc` and `phpcpd`.)
#
# - Caching:
#
# By caching the third party code installed by package manager, the build time can be significantly reduced.
#
# - Composites:
#
# By using composites to build the jobs, a lot of duplicated code can be prevent.
#
name: 'Static analysis'
# Run-on every creation, update and merge of a pull request.
# However, prevent checks to be initiated twice if the pull request origins from a branch on the official repository.
# For example, this happens with dependabot.
on:
pull_request:
branches:
- '**' # all branches
- '!main' # excludes main to prevent double test runs during release prep.
jobs:
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Javascript **
#
# Eslint:
# - Statically analyzes javascript code (depends on node and npm)
# - Config defined in .eslintrc.yaml
# - Automatic fix support
# - npm "test" script must be defined in package.json
# - More information at: (https://eslint.org/)
#
eslint:
name: JavaScript [ESLint]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup Node and npm modules'
uses: ./.github/actions/setup-npm-node-modules
- run: npm run test-js
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Sass,CSS **
#
# StyleLint:
# - Statically analyzes Sass and css files (depends on node and npm)
# - Config defined in .stylelintrc.json
# - Automatic fix support
# - More information at: https://stylelint.io/
# - "test-style" script is defined in package.json to execute stylelint
#
stylelint:
name: Sass,CSS [StyleLint]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup Node and npm modules'
uses: ./.github/actions/setup-npm-node-modules
- run: npm run test-css
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Sass,CSS,MD,YAML **
#
# Prettier:
# - Check formatting style (depends on node and npm)
# - Config defined in .prettierrc.json and .prettierignore
# - Automatic fix support npx prettier . --check
# - More information at: https://prettier.io/
#
prettier:
name: Sass,CSS,MD,YAML formatting [Prettier]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup Node and npm modules'
uses: ./.github/actions/setup-npm-node-modules
- run: npm run test-asset
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** PHP **
#
#
# Php-CS-Fixer:
# - Reports code style issues in php files
# - config defined in .php_cs(.dist)
# - More information at: https://github.com/FriendsOfPHP/PHP-CS-Fixer
#
php-cs-fixer:
name: PHP Code Style [Php-CS-Fixer]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: PHP_CS_FIXER_IGNORE_ENV=1 php bin/php-cs-fixer fix --diff --dry-run --allow-risky=yes --verbose --format=txt
#
# PhpStan:
#
# - Statically analyzes php files (The more strongly-typed the code is, the more information we get)
# - config defined in phpstan.neon(.dist) (8 different levels!)
# - More information at: https://phpstan.org/
#
# - Why use both PhpStan and Psalm? In their current state they are able to find different possible problems.
#
phpstan:
name: PHP Static Analysis [Php-Stan]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: bin/phpstan analyze
#
# Psalm:
#
# - Statically analyzes php files (The more strongly-typed the code is, the more information we get)
# - config defined in psalm.xml(.dist) (8 different levels!)
# - More information at: https://psalm.dev/
#
# - Why use both PhpStan and Psalm? In their current state they are able to find different possible problems.
#
psalm:
name: PHP Static Analysis [Psalm]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: vendor/vimeo/psalm/psalm
#
# phpcpd (Php Copy Paste Detector):
#
# - Checking for PHP code that was just copied
# - More information at: https://github.com/sebastianbergmann/phpcpd
#
phpcpd:
name: PHP Static Analysis [PhpCPD]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: PHP Copy Paste Detector
uses: StephaneBour/[email protected]
with:
args: src
#
# phpdd (Php Code Fixer):
#
# - to search issues with deprecated functionality in newer interpreter versions..
# - More information at: https://github.com/wapmorgan/PhpDeprecationDetector
#
# phpdd:
# name: PHP Static Analysis [Phpdd]
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - name: "Setup PHP and composer packages"
# uses: ./.github/actions/setup-php-composer
# - run: bin/phpdd src tests # Currently disabled: https://github.com/wapmorgan/PhpDeprecationDetector/issues
#
# PhpLoc:
#
# - Measuring the size and analyzing the structure of the project (php)
# - More information at: https://github.com/sebastianbergmann/phploc
#
php-loc:
name: PHP Info [PhpLoc]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: wget https://phar.phpunit.de/phploc.phar
- run: php phploc.phar src tests
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Twig **
#
# - Lints a template and outputs encountered errors.
#
lint-twig:
name: Twig [Lint]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: bin/console lint:twig templates/
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** YAML **
#
# - Ensures all yaml files contain valid syntax
#
lint-yaml:
name: Yaml [Lint]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: bin/console lint:yaml translations/ config/ .github/ docker/ behat.yaml.dist .eslintrc.yaml
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ** Container**
#
# - Checks the services defined in the container
# - Ensures that arguments injected into services match type declarations
#
lint-container:
name: Symfony Container [Lint]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Setup PHP and composer packages'
uses: ./.github/actions/setup-php-composer
- run: bin/console lint:container