Skip to content

Composer.json: add link to security policy #417

Composer.json: add link to security policy

Composer.json: add link to security policy #417

Workflow file for this run

name: CS
on:
# Run on all pushes and on all pull requests.
# Prevent the build from running when there are only irrelevant changes.
push:
paths-ignore:
- '**.md'
branches-ignore:
- 'main'
pull_request:
# Allow manually triggering the workflow.
workflow_dispatch:
# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
# The concurrency group contains the workflow name and the branch name.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
checkcs:
name: 'Basic CS and QA checks'
runs-on: ubuntu-latest
env:
XMLLINT_INDENT: ' '
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.1' # Can be updated to "latest" once PHPCS 3.8.0 has been released.
coverage: none
tools: cs2pr
# Validate the composer.json file.
# @link https://getcomposer.org/doc/03-cli.md#validate
- name: Validate Composer installation
run: composer validate --no-check-all --strict
# The sniff stage doesn't run the unit tests, so no need for PHPUnit.
- name: 'Composer: adjust dependencies - remove PHPUnit'
run: composer remove --no-update --dev phpunit/phpunit --no-scripts --no-interaction
# Use the WIP/develop branches of all CS dependencies as an early detection system for bugs upstream.
- name: 'Composer: adjust dependencies - use dev versions of CS dependencies'
run: >
composer require --no-update --no-scripts --no-interaction
squizlabs/php_codesniffer:"dev-master"
phpcsstandards/phpcsutils:"dev-develop"
phpcsstandards/phpcsextra:"dev-develop"
wp-coding-standards/wpcs:"dev-develop"
# Install dependencies and handle caching in one go.
# @link https://github.com/marketplace/actions/install-php-dependencies-with-composer
- name: Install Composer dependencies
uses: ramsey/composer-install@v2
with:
# Bust the cache at least once a month - output format: YYYY-MM.
custom-cache-suffix: $(date -u "+%Y-%m")
- name: Install xmllint
run: |
sudo apt-get update
sudo apt-get install --no-install-recommends -y libxml2-utils
# Show XML violations inline in the file diff.
# @link https://github.com/marketplace/actions/xmllint-problem-matcher
- name: Enable showing XML issues inline
uses: korelstar/xmllint-problem-matcher@v1
# Validate the ruleset XML file.
# @link http://xmlsoft.org/xmllint.html
- name: Validate ruleset against XML schema
run: xmllint --noout --schema ./vendor/squizlabs/php_codesniffer/phpcs.xsd ./Yoast/ruleset.xml
# Validate the Docs XML files.
# @link http://xmlsoft.org/xmllint.html
- name: Validate the XML sniff docs against schema
run: xmllint --noout --schema vendor/phpcsstandards/phpcsdevtools/DocsXsd/phpcsdocs.xsd ./Yoast/Docs/*/*Standard.xml
# Check the code-style consistency of the XML ruleset files.
- name: Check XML ruleset code style
run: diff -B --tabsize=4 ./Yoast/ruleset.xml <(xmllint --format "./Yoast/ruleset.xml")
# Check the codestyle of the files within YoastCS.
# The results of the CS check will be shown inline in the PR via the CS2PR tool.
# @link https://github.com/staabm/annotate-pull-request-from-checkstyle/
- name: Check PHP code style
id: phpcs
run: composer check-cs -- --no-cache --report-full --report-checkstyle=./phpcs-report.xml
- name: Show PHPCS results in PR
if: ${{ always() && steps.phpcs.outcome == 'failure' }}
run: cs2pr ./phpcs-report.xml
# Check that the sniffs available are feature complete.
- name: Check sniff feature completeness
run: composer check-complete