ergebnis · localheinz · May 2, 2023 · May 2, 2023
@@ -12,3 +12,4 @@
 /Makefile                       export-ignore
 /psalm-baseline.xml             export-ignore
 /psalm.xml                      export-ignore
+/rector.php                     export-ignore
@@ -1 +1,3 @@
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
 * @ergebnis-bot @localheinz
@@ -6,7 +6,6 @@ For details, take a look at the following workflow configuration files:
 
 - [`workflows/integrate.yaml`](workflows/integrate.yaml)
 - [`workflows/merge.yaml`](workflows/merge.yaml)
-- [`workflows/prune.yaml`](workflows/prune.yaml)
 - [`workflows/release.yaml`](workflows/release.yaml)
 - [`workflows/renew.yaml`](workflows/renew.yaml)
 - [`workflows/triage.yaml`](workflows/triage.yaml)
@@ -47,9 +46,45 @@ make dependency-analysis
 
 to run a dependency analysis.
 
+## Mutation Tests
+
+We are using [`infection/infection`](https://github.com/infection/infection) to ensure a minimum quality of the tests.
+
+Enable `Xdebug` and run
+
+```sh
+make mutation-tests
+```
+
+to run mutation tests.
+
+## Refactoring
+
+We are using [`rector/rector`](https://github.com/rectorphp/rector) to automatically refactor code.
+
+Run
+
+```sh
+make refactoring
+```
+
+to automatically refactor code.
+
+## Security Analysis
+
+We are using [`composer`](https://github.com/composer/composer) to run a security analysis.
+
+Run
+
+```sh
+make security-analysis
+```
+
+to run a security analysis.
+
 ## Static Code Analysis
 
-We are using [`vimeo/psalm`](https://github.com/vimeo/psalm) to statically analyze the code.
+We are using [`phpstan/phpstan`](https://github.com/phpstan/phpstan) and [`vimeo/psalm`](https://github.com/vimeo/psalm) to statically analyze the code.
 
 Run
 
@@ -83,18 +118,6 @@ make tests
 
 to run all the tests.
 
-## Mutation Tests
-
-We are using [`infection/infection`](https://github.com/infection/infection) to ensure a minimum quality of the tests.
-
-Enable `pcov` or `Xdebug` and run
-
-```sh
-make mutation-tests
-```
-
-to run mutation tests.
-
 ## Extra lazy?
 
 Run
@@ -103,7 +126,7 @@ Run
 make
 ```
 
-to enforce coding standards, run a static code analysis, and run tests!
+to automatically refactor code, enforce coding standards, run a static code analysis, and run tests!
 
 ## Help
 

@@ -13,21 +13,23 @@ branches:
         require_code_owner_reviews: true
         required_approving_review_count: 1
       required_status_checks:
-        contexts:
-          - "Code Coverage (8.0, locked)"
-          - "Coding Standards (8.0, locked)"
-          - "Dependency Analysis (8.0, locked)"
-          - "Mutation Tests (8.0, locked)"
-          - "Static Code Analysis (8.0, locked)"
-          - "Tests (8.0, highest)"
-          - "Tests (8.0, locked)"
-          - "Tests (8.0, lowest)"
-          - "Tests (8.1, highest)"
-          - "Tests (8.1, locked)"
-          - "Tests (8.1, lowest)"
-          - "Tests (8.2, highest)"
-          - "Tests (8.2, locked)"
-          - "Tests (8.2, lowest)"
+        checks:
+          - context: "Code Coverage (8.0, locked)"
+          - context: "Coding Standards (8.0, locked)"
+          - context: "Dependency Analysis (8.0, locked)"
+          - context: "Mutation Tests (8.0, locked)"
+          - context: "Refactoring (8.0, locked)"
+          - context: "Security Analysis (8.0, locked)"
+          - context: "Static Code Analysis (8.0, locked)"
+          - context: "Tests (8.0, highest)"
+          - context: "Tests (8.0, locked)"
+          - context: "Tests (8.0, lowest)"
+          - context: "Tests (8.1, highest)"
+          - context: "Tests (8.1, locked)"
+          - context: "Tests (8.1, lowest)"
+          - context: "Tests (8.2, highest)"
+          - context: "Tests (8.2, locked)"
+          - context: "Tests (8.2, lowest)"
         strict: false
       restrictions:
 
@@ -65,10 +67,6 @@ labels:
     color: "ee0701"
     description: ""
 
-  - name: "stale"
-    color: "eeeeee"
-    description: ""
-
 # https://docs.github.com/en/rest/reference/repos#update-a-repository
 
 repository:
@@ -81,6 +79,7 @@ repository:
   description: ":page_with_curl: Provides JSON pointer as a value object."
   enable_automated_security_fixes: true
   enable_vulnerability_alerts: true
+  has_discussions: false
   has_downloads: true
   has_issues: true
   has_pages: false

@@ -57,12 +57,13 @@ jobs:
       - name: "Collect code coverage with Xdebug and phpunit/phpunit"
         env:
           XDEBUG_MODE: "coverage"
-        run: "vendor/bin/phpunit --configuration=test/Unit/phpunit.xml --coverage-clover=.build/phpunit/logs/clover.xml"
+        run: "vendor/bin/phpunit --colors=always --configuration=test/Unit/phpunit.xml --coverage-clover=.build/phpunit/logs/clover.xml"
 
-      - name: "Send code coverage report to Codecov.io"
-        env:
-          CODECOV_TOKEN: "${{ secrets.CODECOV_TOKEN }}"
-        run: "bash <(curl -s https://codecov.io/bash)"
+      - name: "Send code coverage report to codecov.io"
+        uses: "codecov/codecov-action@v3.1.3"
+        with:
+          files: ".build/phpunit/logs/clover.xml"
+          token: "${{ secrets.CODECOV_TOKEN }}"
 
   coding-standards:
     name: "Coding Standards"
@@ -82,7 +83,7 @@ jobs:
         uses: "actions/checkout@v3.5.2"
 
       - name: "Lint YAML files"
-        uses: "ibiqlik/action-yamllint@v3.1"
+        uses: "ibiqlik/action-yamllint@v3.1.1"
         with:
           config_file: ".yamllint.yaml"
           file_or_dir: "."
@@ -132,7 +133,7 @@ jobs:
             php-${{ matrix.php-version }}-php-cs-fixer-
 
       - name: "Run friendsofphp/php-cs-fixer"
-        run: "vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.php --diff --dry-run --verbose"
+        run: "vendor/bin/php-cs-fixer fix --ansi --config=.php-cs-fixer.php --diff --dry-run --verbose"
 
   dependency-analysis:
     name: "Dependency Analysis"
@@ -157,6 +158,7 @@ jobs:
           coverage: "none"
           extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
           php-version: "${{ matrix.php-version }}"
+          tools: "phive"
 
       - name: "Set up problem matchers for PHP"
         run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
@@ -176,6 +178,11 @@ jobs:
         with:
           dependencies: "${{ matrix.dependencies }}"
 
+      - name: "Install dependencies with phive"
+        uses: "ergebnis/.github/actions/phive/install@1.8.0"
+        with:
+          trust-gpg-keys: "0x033E5F8D801A2F8D"
+
       - name: "Run maglnet/composer-require-checker"
         run: ".phive/composer-require-checker check --config-file=$(pwd)/composer-require-checker.json"
 
@@ -224,7 +231,97 @@ jobs:
       - name: "Run mutation tests with Xdebug and infection/infection"
         env:
           XDEBUG_MODE: "coverage"
-        run: "vendor/bin/infection --configuration=infection.json --logger-github"
+        run: "vendor/bin/infection --ansi --configuration=infection.json --logger-github"
+
+  refactoring:
+    name: "Refactoring"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "8.0"
+
+        dependencies:
+          - "locked"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v3.5.2"
+
+      - name: "Set up PHP"
+        uses: "shivammathur/setup-php@2.25.1"
+        with:
+          coverage: "none"
+          extensions: "none, ctype, dom, intl, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Set up problem matchers for PHP"
+        run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      - name: "Determine composer cache directory"
+        uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.8.0"
+
+      - name: "Cache dependencies installed with composer"
+        uses: "actions/cache@v3.3.1"
+        with:
+          path: "${{ env.COMPOSER_CACHE_DIR }}"
+          key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}"
+          restore-keys: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-"
+
+      - name: "Install ${{ matrix.dependencies }} dependencies with composer"
+        uses: "ergebnis/.github/actions/composer/install@1.8.0"
+        with:
+          dependencies: "${{ matrix.dependencies }}"
+
+      - name: "Create cache directory for rector/rector"
+        run: "mkdir -p .build/rector"
+
+      - name: "Cache cache directory for rector/rector"
+        uses: "actions/cache@v3.3.1"
+        with:
+          path: ".build/rector"
+          key: "php-${{ matrix.php-version }}-rector-${{ github.ref_name }}"
+          restore-keys: |
+            php-${{ matrix.php-version }}-rector-main
+            php-${{ matrix.php-version }}-rector-
+
+      - name: "Run automated refactoring with rector/rector"
+        run: "vendor/bin/rector --ansi --config=rector.php --dry-run"
+
+  security-analysis:
+    name: "Security Analysis"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "8.0"
+
+        dependencies:
+          - "locked"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v3.5.2"
+
+      - name: "Set up PHP"
+        uses: "shivammathur/setup-php@2.25.1"
+        with:
+          coverage: "none"
+          extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Set up problem matchers for PHP"
+        run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      - name: "Validate composer.json and composer.lock"
+        run: "composer validate --ansi --strict"
+
+      - name: "Check installed packages for security vulnerability advisories"
+        run: "composer audit --ansi"
 
   static-code-analysis:
     name: "Static Code Analysis"
@@ -247,7 +344,7 @@ jobs:
         uses: "shivammathur/setup-php@2.25.1"
         with:
           coverage: "none"
-          extensions: "none, ctype, curl, dom, json, mbstring, pcntl, phar, posix, simplexml, tokenizer, xml, xmlwriter"
+          extensions: "none, ctype, curl, dom, json, mbstring, opcache, pcntl, phar, posix, simplexml, tokenizer, xml, xmlwriter"
           php-version: "${{ matrix.php-version }}"
 
       - name: "Set up problem matchers for PHP"
@@ -324,4 +421,4 @@ jobs:
           dependencies: "${{ matrix.dependencies }}"
 
       - name: "Run unit tests with phpunit/phpunit"
-        run: "vendor/bin/phpunit --configuration=test/Unit/phpunit.xml"
+        run: "vendor/bin/phpunit --colors=always --configuration=test/Unit/phpunit.xml"
@@ -33,8 +33,8 @@ jobs:
       - name: "Assign @ergebnis-bot"
         uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.8.0"
         with:
-          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
           assignee: "ergebnis-bot"
+          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
 
       - name: "Approve pull request"
         uses: "ergebnis/.github/actions/github/pull-request/approve@1.8.0"

@@ -67,7 +67,7 @@ jobs:
             php-${{ matrix.php-version }}-php-cs-fixer-
 
       - name: "Run friendsofphp/php-cs-fixer"
-        run: "vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.php --diff --verbose"
+        run: "vendor/bin/php-cs-fixer fix --ansi --config=.php-cs-fixer.php --diff --verbose"
 
       - name: "Commit modified files"
         uses: "stefanzweifel/git-auto-commit-action@v4.16.0"

@@ -1,3 +1,5 @@
 /.build/
 /.notes/
+/.phive/
 /vendor/
+!/.phive/phars.xml
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
-  <phar name="composer-require-checker" version="^4.3.0" installed="4.3.0" location="./.phive/composer-require-checker" copy="true"/>
+  <phar name="composer-require-checker" version="^4.3.0" installed="4.3.0" location="./.phive/composer-require-checker" copy="false"/>
 </phive>
Original file line number	Diff line number	Diff line change
		@@ -1 +1,3 @@
		# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

		* @ergebnis-bot @localheinz