Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
version: 2
updates:
# Maintain dependencies for GitHub Actions.
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# Too noisy. See https://github.community/t/increase-if-necessary-for-github-actions-in-dependabot/179581
open-pull-requests-limit: 0
# Maintain dependencies for GitHub Actions.
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
cooldown:
default-days: 7
ignore:
- dependency-name: "yiisoft/*"

# Maintain dependencies for Composer
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"
versioning-strategy: increase-if-necessary
# Maintain dependencies for Composer
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"
versioning-strategy: increase-if-necessary
cooldown:
default-days: 7
2 changes: 2 additions & 0 deletions .github/workflows/composer-require-checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
composer-require-checker:
uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows/db-mssql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
build:
name: PHP ${{ matrix.php }}
Expand All @@ -43,7 +45,7 @@

services:
mssql:
image: mcr.microsoft.com/mssql/server:2022-latest

Check failure on line 48 in .github/workflows/db-mssql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

unpinned-images

db-mssql.yml:48: unpinned image references: container image is not pinned to a SHA256 hash
env:
SA_PASSWORD: YourStrong!Passw0rd
ACCEPT_EULA: Y
Expand All @@ -61,13 +63,15 @@
sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18

- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5

Check warning on line 66 in .github/workflows/db-mssql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

ref-version-mismatch

db-mssql.yml:66: action's hash pin has mismatched or missing version comment: missing version comment
with:
persist-credentials: false

- name: Create MS SQL Database
run: docker exec -i mssql /opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P 'YourStrong!Passw0rd' -Q 'CREATE DATABASE [ar-test]'

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45

Check warning on line 74 in .github/workflows/db-mssql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-mssql.yml:74: commit hash does not point to a Git tag: this step
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -87,7 +91,7 @@
run: vendor/bin/phpunit --testsuite=Mssql --coverage-clover=coverage.xml --colors=always --display-warnings --display-deprecations

- name: Upload coverage to Codecov.
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@04b047e8bb82a0c002c8312c1c880fbc6a999d45

Check warning on line 94 in .github/workflows/db-mssql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-mssql.yml:94: commit hash does not point to a Git tag: this step
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
12 changes: 8 additions & 4 deletions .github/workflows/db-mysql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
build:
name: PHP ${{ matrix.php }}
Expand All @@ -43,7 +45,7 @@

services:
mysql:
image: mysql:latest
image: mysql:9

Check failure on line 48 in .github/workflows/db-mysql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

unpinned-images

db-mysql.yml:48: unpinned image references: container image is not pinned to a SHA256 hash
env:
MYSQL_ALLOW_EMPTY_PASSWORD: true
MYSQL_DATABASE: ar-test
Expand All @@ -55,10 +57,12 @@

steps:
- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5

Check warning on line 60 in .github/workflows/db-mysql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

ref-version-mismatch

db-mysql.yml:60: action's hash pin has mismatched or missing version comment: missing version comment
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45

Check warning on line 65 in .github/workflows/db-mysql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-mysql.yml:65: commit hash does not point to a Git tag: this step
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -78,7 +82,7 @@
run: vendor/bin/phpunit --testsuite=Mysql --coverage-clover=coverage.xml --colors=always --display-warnings --display-deprecations

- name: Upload coverage to Codecov.
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@04b047e8bb82a0c002c8312c1c880fbc6a999d45

Check warning on line 85 in .github/workflows/db-mysql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-mysql.yml:85: commit hash does not point to a Git tag: this step
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
12 changes: 8 additions & 4 deletions .github/workflows/db-oracle.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
build:
name: PHP ${{ matrix.php }}
Expand All @@ -43,7 +45,7 @@

services:
oci:
image: gvenzl/oracle-xe:latest
image: gvenzl/oracle-xe:21

Check failure on line 48 in .github/workflows/db-oracle.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

unpinned-images

db-oracle.yml:48: unpinned image references: container image is not pinned to a SHA256 hash
ports:
- 1521:1521
env:
Expand All @@ -63,10 +65,12 @@
run: docker exec -i oci bash -c "sqlplus -s system/root@XE <<< 'ALTER USER system DEFAULT TABLESPACE USERS;'"

- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5

Check warning on line 68 in .github/workflows/db-oracle.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

ref-version-mismatch

db-oracle.yml:68: action's hash pin has mismatched or missing version comment: missing version comment
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45

Check warning on line 73 in .github/workflows/db-oracle.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-oracle.yml:73: commit hash does not point to a Git tag: this step
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -86,7 +90,7 @@
run: vendor/bin/phpunit --testsuite=Oracle --coverage-clover=coverage.xml --colors=always --display-warnings --display-deprecations

- name: Upload coverage to Codecov.
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@04b047e8bb82a0c002c8312c1c880fbc6a999d45

Check warning on line 93 in .github/workflows/db-oracle.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-oracle.yml:93: commit hash does not point to a Git tag: this step
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
10 changes: 7 additions & 3 deletions .github/workflows/db-pgsql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
build:
name: PHP ${{ matrix.php }}
Expand All @@ -42,7 +44,7 @@

services:
postgres:
image: postgres:18

Check failure on line 47 in .github/workflows/db-pgsql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

unpinned-images

db-pgsql.yml:47: unpinned image references: container image is not pinned to a SHA256 hash
env:
POSTGRES_DB: ar-test
POSTGRES_USER: yii
Expand All @@ -53,10 +55,12 @@

steps:
- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45

Check warning on line 63 in .github/workflows/db-pgsql.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

stale-action-refs

db-pgsql.yml:63: commit hash does not point to a Git tag: this step
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -76,7 +80,7 @@
run: vendor/bin/phpunit --testsuite=Pgsql --coverage-clover=coverage.xml --colors=always --display-warnings --display-deprecations

- name: Upload coverage to Codecov.
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
10 changes: 7 additions & 3 deletions .github/workflows/db-sqlite.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
build:
name: PHP ${{ matrix.php }}-sqlite-${{ matrix.os }}
Expand All @@ -47,10 +49,12 @@ jobs:

steps:
- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -70,7 +74,7 @@ jobs:
run: vendor/bin/phpunit --testsuite=Sqlite --coverage-clover=coverage.xml --colors=always --display-warnings --display-deprecations

- name: Upload coverage to Codecov.
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@04b047e8bb82a0c002c8312c1c880fbc6a999d45
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
10 changes: 7 additions & 3 deletions .github/workflows/mutation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
mutation:
name: PHP ${{ matrix.php }}-${{ matrix.os }}
Expand All @@ -36,7 +38,7 @@

services:
postgres:
image: postgres:18

Check failure on line 41 in .github/workflows/mutation.yml

View workflow job for this annotation

GitHub Actions / zizmor / Run zizmor 🌈

unpinned-images

mutation.yml:41: unpinned image references: container image is not pinned to a SHA256 hash
env:
POSTGRES_DB: ar-test
POSTGRES_USER: yii
Expand All @@ -47,10 +49,12 @@

steps:
- name: Checkout.
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45
with:
php-version: ${{ matrix.php }}
extensions: ${{ env.extensions }}
Expand All @@ -61,7 +65,7 @@
run: composer remove --dev yiisoft/db-sqlite yiisoft/db-mysql yiisoft/db-mssql yiisoft/db-oracle

- name: Install Composer dependencies
uses: ramsey/composer-install@v3
uses: ramsey/composer-install@a8d0d959dab41457692a5e2041bd9b757a119e3f

- name: Install required yiisoft/db and yiisoft/db-pgsql
uses: yiisoft/actions/install-packages@master
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/static.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read
jobs:
psalm:
uses: yiisoft/actions/.github/workflows/psalm.yml@master
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/update-readme-packages.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Update README packages

on:
pull_request_target:
pull_request:
paths:
- '.github/workflows/update-readme-packages.yml'
- 'composer.json'
Expand Down
22 changes: 22 additions & 0 deletions .github/workflows/zizmor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: GitHub Actions Security Analysis with zizmor 🌈

on:
push:
branches:
- master
- main
paths:
- '.github/**.yml'
- '.github/**.yaml'
pull_request:
paths:
- '.github/**.yml'
- '.github/**.yaml'

permissions:
actions: read # Required by zizmor when reading workflow metadata through the API.
contents: read # Required to read workflow files.

jobs:
zizmor:
uses: yiisoft/actions/.github/workflows/zizmor.yml@master
Loading