SMusatov
/
PHP-CS-Fixer
mirror of https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
							name: Static Code Analysis

on:
  - pull_request
  - push

permissions:
  contents: read # to fetch code (actions/checkout)

concurrency:
  group: sca-${{ github.head_ref || github.run_id }} # will be canceled on subsequent pushes in pull requests but not branches
  cancel-in-progress: true

jobs:
  everything:
    name: Static Code Analysis

    runs-on: 'ubuntu-24.04'
    env:
      php-version: '8.3'

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      # We need to fetch base branch because `actions/checkout` only initializes empty repo and fetches PR's meta-branch
      # which leads to `fatal: ambiguous argument 'origin/...': unknown revision or path not in the working tree.`,
      # because of that `CHANGED_PHP_FILES` is not set, and tools based on diff between branches (like Mess Detector) don't work.
      - name: Fetch base branch
        if: ${{ github.event_name == 'pull_request' }}
        run: git fetch --no-tags --prune --no-recurse-submodules --depth=1 origin $GITHUB_BASE_REF

      - name: Setup PHP with Composer deps
        uses: ./.github/composite-actions/setup-php-with-composer-deps
        with:
          os: ${{ runner.os }}
          php: ${{ env.php-version }}

      ## We want to have a lock-file used on PR level, so contributors are not bothered by SCA complains unrelated to their changes,
      ## and same time we want to be aware that we are complying with bleeding edge of SCA tools as maintainers observing the push hook.
      - name: Unlock dev-tools
        if: ${{ github.event_name != 'pull_request' }}
        run: rm ./dev-tools/composer.lock

      - name: Cache dev-tools
        uses: actions/cache@v4
        with:
          path: dev-tools/bin/
          key: DevTools-${{ hashFiles('dev-tools/install.sh') }}

      - name: Install dev-tools
        uses: nick-invision/retry@v3
        with:
          timeout_minutes: 5
          max_attempts: 5
          retry_wait_seconds: 30
          command: ./dev-tools/install.sh

      - name: Show PHPUnit version
        run: vendor/bin/phpunit --version

      - name: Run AutoReview
        run: vendor/bin/paraunit run --testsuite auto-review

      - name: Check - file permissions
        run: ./dev-tools/check_file_permissions.sh

      - name: Check - trailing spaces
        run: ./dev-tools/check_trailing_spaces.sh

      - name: Check - Composer's autoload
        run: composer dump-autoload --dry-run --optimize --strict-psr

      - name: Check - phpstan
        run: ./dev-tools/vendor/bin/phpstan analyse --ansi

      - name: Check - composer-unused
        run: ./dev-tools/vendor/bin/composer-unused --no-progress --excludePackage=composer/xdebug-handler

      - name: Check - composer-require-checker
        run: ./dev-tools/vendor/bin/composer-require-checker check composer.json --config-file .composer-require-checker.json

      - name: Check - composer normalize
        run: |
          composer normalize --dry-run --working-dir=./dev-tools ../composer.json
          composer normalize --dry-run --working-dir=./dev-tools composer.json

      - name: Check - shell scripts
        run: ./dev-tools/check_shell_scripts.sh

      - name: Find changed files (for pull request)
        if: ${{ github.event_name == 'pull_request' }}
        run: |
          if git diff origin/$GITHUB_BASE_REF --name-only --diff-filter=ACMRTUXB | grep -E "\.php$"; then
            echo 'CHANGED_PHP_FILES<<EOF' >> $GITHUB_ENV
            git diff origin/$GITHUB_BASE_REF --name-only --diff-filter=ACMRTUXB | grep -E "\.php$" >> $GITHUB_ENV
            echo 'EOF' >> $GITHUB_ENV
          fi

      - name: Find changed files (for push)
        if: ${{ github.event_name != 'pull_request' }}
        run: |
          if git diff --name-only --diff-filter=ACMRTUXB HEAD~..HEAD | grep -E "\.php$"; then
            echo 'CHANGED_PHP_FILES<<EOF' >> $GITHUB_ENV
            git diff --name-only --diff-filter=ACMRTUXB HEAD~..HEAD | grep -E "\.php$" >> $GITHUB_ENV
            echo 'EOF' >> $GITHUB_ENV
          fi

      - name: Check - well defined array keys
        if: ${{ env.CHANGED_PHP_FILES }}
        run: |
          echo "Array types must explicitly declare key-type, i.e. as \`array<type-of-key, type-of-value>\`, \`list<type-of-value>\` or \`array{...}\` - instead of \`array<type-of-value>\` or \`type-of-value[]\`."
          echo "Hint: don't apply those rules blindly, provide array key type explicitly\!"
          ./php-cs-fixer check --config=dev-tools/.php-cs-fixer.well-defined-arrays.php --path-mode=intersection $CHANGED_PHP_FILES

      - name: Check - Mess Detector (phpmd)
        if: ${{ env.CHANGED_PHP_FILES }}
        run: |
          if [ '${{ github.event_name }}' == 'pull_request' ]; then
            ./dev-tools/vendor/bin/phpmd `echo "$CHANGED_PHP_FILES" | grep -v /Fixtures/ | xargs | sed 's/ /,/g'` github ./dev-tools/mess-detector/phpmd.xml
          else
            ./dev-tools/vendor/bin/phpmd `echo "$CHANGED_PHP_FILES" | grep -v /Fixtures/ | xargs | sed 's/ /,/g'` ansi ./dev-tools/mess-detector/phpmd.xml
          fi

      - name: Check - ensure test files are not present in the archive
        run: |
          git archive -o /dev/null HEAD -v 2>&1 | grep tests | grep \.php \
          && (echo "Test files detected in archive" && exit 1) || echo "No test files detected in archive"