diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..42ed3f3 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,26 @@ +name: Audit + +on: + workflow_dispatch: + schedule: + - cron: '23 3 * * 1' # Weekly on Monday + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + php: + uses: typisttech/.github/.github/workflows/audit-php.yml@v3 + + go: + uses: typisttech/.github/.github/workflows/audit-go.yml@v3 diff --git a/.github/workflows/composer-audit.yml b/.github/workflows/composer-audit.yml deleted file mode 100644 index c8cc2fa..0000000 --- a/.github/workflows/composer-audit.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Composer Audit - -on: - workflow_dispatch: - schedule: - - cron: '23 3 * * 1' # Weekly on Monday - pull_request: - branches: - - main - paths: - - .github/workflows/composer-audit.yml - - composer.* - push: - branches: - - main - paths: - - .github/workflows/composer-audit.yml - - composer.* - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - composer-audit: - uses: typisttech/.github/.github/workflows/composer-audit.yml@v2 - permissions: - contents: read diff --git a/.github/workflows/composer-normalize.yml b/.github/workflows/composer-normalize.yml deleted file mode 100644 index cd04efa..0000000 --- a/.github/workflows/composer-normalize.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Composer Normalize - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - .github/workflows/composer-normalize.yml - - composer.* - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - composer-normalize: - uses: typisttech/.github/.github/workflows/composer-normalize.yml@v2 - permissions: - contents: read - secrets: inherit diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index d337c93..6abcb8a 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -9,14 +9,13 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true -permissions: {} +permissions: + contents: write + pull-requests: write jobs: dependabot: - permissions: - contents: write - pull-requests: write - uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v2 + uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v3 with: minor: true patch: true diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml new file mode 100644 index 0000000..c7da486 --- /dev/null +++ b/.github/workflows/format.yml @@ -0,0 +1,22 @@ +name: Format + +on: + workflow_dispatch: + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write + +jobs: + php: + uses: typisttech/.github/.github/workflows/format-php.yml@v3 + with: + pint-extra-paths: bin/* + secrets: inherit diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml deleted file mode 100644 index 7501d2a..0000000 --- a/.github/workflows/govulncheck.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: govulncheck - -on: - schedule: - - cron: '2 2 * * 1' # Weekly on Monday - workflow_dispatch: - pull_request: - branches: - - main - push: - branches: - - main - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref_name }}-${{ github.event.pull_request.number || github.sha }} - cancel-in-progress: true - -permissions: {} - -jobs: - govulncheck: - runs-on: ubuntu-latest - steps: - - uses: golang/govulncheck-action@v1 - with: - go-version-file: 'go.mod' - go-package: ./... diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 21bb211..36bc3c5 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,33 +13,22 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref_name }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true -permissions: {} +permissions: + contents: read jobs: - phpstan: + php: + uses: typisttech/.github/.github/workflows/lint-php.yml@v3 + with: + box: true + + go: + uses: typisttech/.github/.github/workflows/lint-go.yml@v3 + + wait-for-all-lint: + needs: + - php + - go runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - - uses: shivammathur/setup-php@v2 - with: - php-version: '8.4' - coverage: none - - uses: ramsey/composer-install@v3 - - - run: vendor/bin/phpstan analyse --error-format=github - - box: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - uses: shivammathur/setup-php@v2 - with: - php-version: '8.4' - coverage: none - tools: box:4 - - - run: box validate + - run: exit 0 diff --git a/.github/workflows/pint.yml b/.github/workflows/pint.yml deleted file mode 100644 index bfba64a..0000000 --- a/.github/workflows/pint.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Pint - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - .github/workflows/pint.yml - - '**.php' - - composer.* - - pint.json - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - pint: - uses: typisttech/.github/.github/workflows/pint.yml@v2 - permissions: - contents: read - with: - php-version: '8.4' - secrets: inherit