Quality Workflow

This workflow is designed to automate quality checks for PHP applications. It performs static analysis with PHPStan, ensures code formatting using PHP CS Fixer, and audits Composer dependencies for known security vulnerabilities.

Usage Example

jobs:
  quality:
    uses: your-repo/.github/workflows/quality.yml@main

Secrets and Input Parameters

• username (optional):

  • Type: string
  • Default: ${{ vars.REGISTRY_USERNAME }}
  • Description: Username for Docker registry authentication. If not provided, the workflow uses the default value from the REGISTRY_USERNAME environment variable.

• password (optional):

  • Type: string
  • Default: ${{ vars.REGISTRY_PASSWORD }}
  • Description: Password for Docker registry authentication. If not provided, the workflow uses the default value from the REGISTRY_PASSWORD environment variable.

Workflow Job: quality

The quality job runs quality checks on the PHP codebase using the latest version of a Docker image specifically built for quality analysis.

Steps

1. Setup Composer:

   • Action:
     Uses (https://git.qlic.nl/actions/setup-composer@main) to configure and install Composer dependencies.
   • Description: This step sets up Composer to install the PHP dependencies required for running quality checks like PHPStan, PHP CS Fixer, and audit tools.

2. Run PHPStan:

   • Run Command:

     ./vendor/bin/phpstan analyse
     

   • Description: Executes PHPStan, a static analysis tool for PHP, to analyze the codebase and check for potential bugs, logic errors, and code issues.

3. Run PHP CS Fixer:

   • Run Command:

     ./vendor/bin/php-cs-fixer fix --diff --dry-run
     

   • Description: PHP CS Fixer checks for coding style issues and reports changes that would be applied to format the code correctly.

4. Run Composer Audit:

   • Run Command:

     composer audit
     

   • Description: This command checks the project's Composer dependencies for known security vulnerabilities by querying the PHP Security Advisories Database.