ci(deps): bump actions/checkout from 4 to 5 #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Updates Check | |
| on: | |
| # Run every Monday at 9:00 AM Mexico City time | |
| schedule: | |
| - cron: '0 15 * * 1' # 15:00 UTC = 9:00 AM Mexico City | |
| # Allow manual trigger | |
| workflow_dispatch: | |
| # Run when Dependabot creates PRs | |
| pull_request: | |
| types: [opened, synchronize] | |
| branches: | |
| - master | |
| jobs: | |
| check-composer-updates: | |
| name: 📦 Check Composer Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 📥 Checkout code | |
| uses: actions/checkout@v5 | |
| - name: 🐘 Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.3' | |
| extensions: mbstring, xml, json | |
| coverage: none | |
| - name: ✅ Validate composer.json and composer.lock | |
| run: composer validate --strict | |
| - name: 📦 Install dependencies | |
| run: composer install --prefer-dist --no-progress --no-interaction | |
| - name: 🔍 Check for Composer updates | |
| id: composer-outdated | |
| run: | | |
| echo "Checking for outdated Composer packages..." | |
| composer outdated --direct --format=json > composer-outdated.json || echo '{"installed":[]}' > composer-outdated.json | |
| # Check if there are outdated packages | |
| OUTDATED_COUNT=$(jq '.installed | length' composer-outdated.json) | |
| echo "outdated_count=$OUTDATED_COUNT" >> $GITHUB_OUTPUT | |
| if [ "$OUTDATED_COUNT" -gt 0 ]; then | |
| echo "## 📦 Outdated Composer Packages" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "| Package | Current | Latest | Status |" >> $GITHUB_STEP_SUMMARY | |
| echo "|---------|---------|--------|--------|" >> $GITHUB_STEP_SUMMARY | |
| jq -r '.installed[] | "| \(.name) | \(.version) | \(.latest) | \(.["latest-status"]) |"' composer-outdated.json >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "## ✅ All Composer packages are up to date!" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| - name: 🔧 Run PHPCS (Code Style) | |
| run: | | |
| echo "## 🎨 Code Style Check" >> $GITHUB_STEP_SUMMARY | |
| vendor/bin/phpcs --warning-severity=0 && echo "✅ PHPCS passed" >> $GITHUB_STEP_SUMMARY || echo "⚠️ PHPCS found issues - review recommended" >> $GITHUB_STEP_SUMMARY | |
| - name: 🔧 Run PHPStan (Static Analysis) | |
| run: | | |
| echo "## 🔍 Static Analysis Check" >> $GITHUB_STEP_SUMMARY | |
| php -d memory_limit=1G vendor/bin/phpstan analyse Includes/ --no-progress && echo "✅ PHPStan passed" >> $GITHUB_STEP_SUMMARY || echo "⚠️ PHPStan found issues - review recommended" >> $GITHUB_STEP_SUMMARY | |
| - name: 🧪 Run PHPUnit Tests | |
| run: | | |
| echo "## 🧪 Test Suite" >> $GITHUB_STEP_SUMMARY | |
| vendor/bin/phpunit --testdox && echo "✅ All tests passed" >> $GITHUB_STEP_SUMMARY || echo "❌ Tests failed" >> $GITHUB_STEP_SUMMARY | |
| - name: 📤 Upload Composer outdated report | |
| if: steps.composer-outdated.outputs.outdated_count > 0 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: composer-outdated-report | |
| path: composer-outdated.json | |
| retention-days: 30 | |
| security-audit: | |
| name: 🔒 Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 📥 Checkout code | |
| uses: actions/checkout@v5 | |
| - name: 🐘 Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.3' | |
| extensions: mbstring, xml, json | |
| coverage: none | |
| - name: 📦 Install dependencies | |
| run: composer install --prefer-dist --no-progress --no-interaction | |
| - name: 🔒 Composer security audit | |
| run: | | |
| echo "## 🔒 Composer Security Audit" >> $GITHUB_STEP_SUMMARY | |
| composer audit --format=json > composer-audit.json || true | |
| if [ -s composer-audit.json ]; then | |
| VULNERABILITIES=$(jq '.advisories | length' composer-audit.json 2>/dev/null || echo "0") | |
| if [ "$VULNERABILITIES" -gt 0 ]; then | |
| echo "⚠️ Found $VULNERABILITIES security advisories" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Details:" >> $GITHUB_STEP_SUMMARY | |
| jq -r '.advisories | to_entries[] | "- **\(.key)**: \(.value[0].title) (CVE: \(.value[0].cve // "N/A"))"' composer-audit.json >> $GITHUB_STEP_SUMMARY || true | |
| else | |
| echo "✅ No security vulnerabilities found" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| else | |
| echo "✅ No security vulnerabilities found" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| - name: 📤 Upload security report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-audit-report | |
| path: composer-audit.json | |
| retention-days: 90 | |
| auto-merge-dependabot: | |
| name: 🤖 Auto-merge Dependabot PRs | |
| needs: [check-composer-updates, security-audit] | |
| runs-on: ubuntu-latest | |
| if: github.actor == 'dependabot[bot]' && success() | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: 📋 Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: ✅ Auto-approve PR | |
| if: | | |
| steps.metadata.outputs.update-type == 'version-update:semver-patch' || | |
| steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 🔀 Enable auto-merge | |
| if: | | |
| steps.metadata.outputs.update-type == 'version-update:semver-patch' || | |
| steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| run: gh pr merge --auto --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: ⚠️ Comment on major version updates | |
| if: steps.metadata.outputs.update-type == 'version-update:semver-major' | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: `## ⚠️ Major Version Update Detected | |
| This PR contains a **major version update** that may include breaking changes. | |
| **Manual review required** - Please review the changelog and test thoroughly before merging. | |
| **Package**: \`${{ steps.metadata.outputs.dependency-names }}\` | |
| **Update**: \`${{ steps.metadata.outputs.previous-version }}\` → \`${{ steps.metadata.outputs.new-version }}\` | |
| ### Recommended Actions: | |
| 1. Review the package's CHANGELOG or release notes | |
| 2. Run full test suite locally | |
| 3. Check for breaking changes in documentation | |
| 4. Test plugin functionality in WordPress environment | |
| 5. Verify compatibility with PHP 8.2, 8.3, and 8.4` | |
| }); |