php.yml

name: CI

on:
  push:
    branches: [ '**' ]
    paths-ignore:
      - '**.md'
  pull_request:
    branches: [ master, simplesamlphp-* ]
    paths-ignore:
      - '**.md'

jobs:
  basic-tests:
    name: Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}
    runs-on: ${{ matrix.operating-system }}
    strategy:
      fail-fast: false
      matrix:
        operating-system: [ubuntu-latest, windows-latest]
        php-versions: ['8.0', '8.1']

    steps:
      - name: Setup PHP, with composer and extensions
        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: intl, mbstring, mysql, pdo, pdo_sqlite, xml
          tools: composer:v2
          ini-values: error_reporting=E_ALL
          coverage: xdebug

      - name: Setup problem matchers for PHP
        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

      - name: Setup problem matchers for PHPUnit
        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"

      - name: Set git to use LF
        run: |
          git config --global core.autocrlf false
          git config --global core.eol lf

      - uses: actions/checkout@v3

      - name: Get composer cache directory
        id: composer-cache
        run: echo "::set-output name=dir::$(composer config cache-files-dir)"

      - name: Cache composer dependencies
        uses: actions/cache@v3
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
          restore-keys: ${{ runner.os }}-composer-

      - name: Validate composer.json and composer.lock
        run: composer validate

      - name: Install Composer dependencies
        run: composer install --no-progress --prefer-dist --optimize-autoloader

      - name: Syntax check PHP
        run: bash vendor/bin/check-syntax-php.sh

      - name: Decide whether to run code coverage or not
        if: ${{ matrix.php-versions != '8.0' || matrix.operating-system != 'ubuntu-latest' }}
        run: |
          echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV

      - name: Run unit tests
        run: |
          echo $NO_COVERAGE
          ./vendor/bin/phpunit $NO_COVERAGE

      - name: Save coverage data
        if: ${{ matrix.php-versions == '8.0' && matrix.operating-system == 'ubuntu-latest' }}
        uses: actions/upload-artifact@v3
        with:
            name: build-data
            path: ${{ github.workspace }}/build

  security:
    name: Security checks
    runs-on: [ubuntu-latest]
    steps:
      - name: Setup PHP, with composer and extensions
        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
        with:
            php-version: '8.0'
            extensions: mbstring, xml
            tools: composer:v2
            coverage: none

      - name: Setup problem matchers for PHP
        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

      - uses: actions/checkout@v3

      - name: Get composer cache directory
        id: composer-cache
        run: echo "::set-output name=dir::$(composer config cache-files-dir)"

      - name: Cache composer dependencies
        uses: actions/cache@v3
        with:
            path: ${{ steps.composer-cache.outputs.dir }}
            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
            restore-keys: ${{ runner.os }}-composer-

      - name: Install Composer dependencies
        run: composer install --no-progress --prefer-dist --optimize-autoloader

      - name: Security check for locked dependencies
        uses: symfonycorp/security-checker-action@v3

      - name: Update Composer dependencies
        run: composer update --no-progress --prefer-dist --optimize-autoloader

      - name: Security check for updated dependencies
        uses: symfonycorp/security-checker-action@v3

  sanity-check:
    name: Sanity checks
    runs-on: [ubuntu-latest]

    steps:
      - name: Setup PHP, with composer and extensions
        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
        with:
          php-version: '8.0'
          extensions: mbstring, xml
          tools: composer:v2
          coverage: none

      - name: Setup problem matchers for PHP
        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

      - uses: actions/checkout@v3

      - name: Get composer cache directory
        id: composer-cache
        run: echo "::set-output name=dir::$(composer config cache-files-dir)"

      - name: Cache composer dependencies
        uses: actions/cache@v3
        with:
            path: ${{ steps.composer-cache.outputs.dir }}
            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
            restore-keys: ${{ runner.os }}-composer-

      - name: Install Composer dependencies
        run: composer install --no-progress --prefer-dist --optimize-autoloader

      - name: Syntax check YAML / XML / JSON
        run: |
          bash vendor/bin/check-syntax-yaml.sh
          bash vendor/bin/check-syntax-xml.sh
          bash vendor/bin/check-syntax-json.sh

  quality:
    name: Quality control
    runs-on: [ubuntu-latest]
    needs: [basic-tests]

    steps:
      - name: Setup PHP, with composer and extensions
        id: setup-php
        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
        with:
          php-version: '8.0'
          tools: composer:v2
          extensions: mbstring, xml

      - name: Setup problem matchers for PHP
        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

      - uses: actions/checkout@v3

      - name: Get composer cache directory
        id: composer-cache
        run: echo "::set-output name=dir::$(composer config cache-files-dir)"

      - name: Cache composer dependencies
        uses: actions/cache@v3
        with:
            path: ${{ steps.composer-cache.outputs.dir }}
            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
            restore-keys: ${{ runner.os }}-composer-

      - name: Install Composer dependencies
        run: composer install --no-progress --prefer-dist --optimize-autoloader

      - uses: actions/download-artifact@v3
        with:
          name: build-data
          path: ${{ github.workspace }}/build

      - name: Codecov
        uses: codecov/codecov-action@v3

      - name: PHP Code Sniffer
        continue-on-error: false
        run: php vendor/bin/phpcs

      - name: Psalm
        continue-on-error: true
        run: php vendor/bin/psalm --show-info=true --shepherd --php-version=${{ steps.setup-php.outputs.php-version }}

      - name: Psalter
        continue-on-error: false
        run: php vendor/bin/psalter --issues=UnnecessaryVarAnnotation --dry-run --php-version=${{ steps.setup-php.outputs.php-version }}