POC: use Github Action instead of Jenkins

.github/workflows/php.code_quality.yaml

@@ -0,0 +1,91 @@
+name: PHP - Code quality
+
+on:
+  pull_request:
+
+env:
+  PHP_VERSION: 8.1
+
+jobs:
+  cache_dependencies:
+    name: Fetch composer dependencies
+    runs-on: ubuntu-latest
+    steps:
+    - name: Fetch lastest changes
+      uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # renovate: tag=v3.0.0
+    - name: Prepare/restore dependencies cache
+      uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed # renovate: tag=v2.1.7
+      with:
+        # NOTE: the allows to reuse it if the composer.json has not changed
+        key: composer/${{ runner.os }}/${{ hashFiles('**/composer.json') }}
+        path: |
+          composer.lock
+          vendor/
+    - name: Install/update dependencies
+      uses: php-actions/composer@d936bcb900310224b9089aff3337f2221a8df9a0 # renovate: tag=v6.0.0
+      with:
+        php_version: ${{ env.PHP_VERSION }}
+
+  php_analysis:
+    name: Code quality checks
+    runs-on: ubuntu-latest
+    needs: [cache_dependencies]
+    strategy:
+      fail-fast: false
+      matrix:
+        tool: [phpcpd, phpcs, phpmd, phpstan, phpunit]
+    steps:
+    - name: Setup PHP ${{ env.PHP_VERSION }} environment
+      uses: shivammathur/setup-php@b75c104ca87c371bbc71be81a4e5dd5a5d298241 # renovate: tag=v2.17.1
+      with:
+        php-version: ${{ env.PHP_VERSION }}
+    - name: Fetch lastest changes
+      uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # renovate: tag=v3.0.0
+    - name: Restore dependencies cache
+      uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed # renovate: tag=v2.1.7
+      with:
+        key: composer/${{ runner.os }}/${{ hashFiles('**/composer.json') }}
+        path: |
+          composer.lock
+          vendor/
+    - name: Run ${{ matrix.tool }}
+      run: make ${{ matrix.tool }}-ci
+    - name: Upload ${{ matrix.tool }} reports
+      uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # renovate: tag=v3.0.0
+      if: always()
+      with:
+        name: ${{ matrix.tool }}-reports
+        path: build/**/*.junit.xml
+        retention-days: 1
+
+  php_report:
+    name: Report PHP code quality
+    runs-on: ubuntu-latest
+    needs: [php_analysis]
+    if: always()
+    steps:
+    - name: Create build/ directory
+      run: mkdir -p build
+
+    # NOTE: only phpunit, phpcs & phpcpd generate reports
+    - name: Download phpunit reports
+      uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # renovate: tag=v3.0.0
+      with:
+        name: phpunit-reports
+        path: build/
+    - name: Download phpcs reports
+      uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # renovate: tag=v3.0.0
+      with:
+        name: phpcs-reports
+        path: build/
+    - name: Download phpcpd reports
+      uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # renovate: tag=v3.0.0
+      with:
+        name: phpcpd-reports
+        path: build/
+
+    - name: Report analisys results
+      uses: mikepenz/action-junit-report@127c778ac944abc0f48a5103964304bab7eb208b # renovate: tag=v2.9.1
+      with:
+        check_name: See PHP code quality reports
+        report_paths: build/reports/*.xml

.github/workflows/security.gh-action.yaml

@@ -0,0 +1,15 @@
+name: Security checks - Github Action
+
+on:
+  pull_request:
+    paths: [.github/workflows/**]
+
+jobs:
+  ci_harden_security:
+    name: Ensure SHA pinned actions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch lastest changes
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # renovate: tag=v3.0.0
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@a397475397837fb57396bd18f09d991625e604fe # renovate: tag=v1.2.0

Makefile

@@ -1,85 +1,55 @@
-# Ensure SHELL is /bin/sh for every project and will fail if a piped
-# command fails
-SHELL = /bin/sh
-
 WORKSPACE ?= $(PWD)
 REPORTS_DIR ?= build/reports
-PHPSTAN_LEVEL = max
 
-.PHONY: audit
 audit: phpcpd phpcs phpmd phpstan ## Run static code analysis
+.PHONY: audit
 
-.PHONY: audit-ci
-audit-ci: phpcpd-ci phpcs-ci phpmd-ci phpstan-ci
-
-.PHONY: prepare-ci
-prepare-ci: ## Prepare workspace to run CI targets
-	@mkdir -p build/reports
-
-.PHONY: unit-tests
-unit-tests: ## Run unit tests
-	@vendor/bin/phpunit --exclude-group functional
-
-.PHONY: unit-tests-ci
-unit-tests-ci: prepare-ci ## Run unit tests and generate report file
-	- vendor/bin/phpunit --exclude-group functional --log-junit $(REPORTS_DIR)/unit-tests.xml
-
-.PHONY: lint
-lint: phpcbf ## Run linting
+lint: phpcbf ## Run linting (alias to phpcbf)
+phpcbf: ## Run PHP Code Beautifier and Fixer
+	vendor/bin/phpcbf --standard=phpcs.xml --extensions=php --ignore=vendor $(EXTRA_ARGS) .
+.PHONY: lint phpcbf
 
-.PHONY: phpcbf
-phpcbf: ## Run PHP Code Beatifier and Fixer
-	vendor/bin/phpcbf --standard=phpcs.xml --extensions=php . Tests --ignore=vendor
+phpcpd: ## Run PHP Copy Paste Detector
+	vendor/bin/phpcpd --min-lines=20 --exclude=vendor/ $(EXTRA_ARGS) .
+phpcpd-ci: prepare-ci ## Run PHP Copy Paste Detector (CI)
+	@xsltproc --version > /dev/null || sudo apt install xsltproc
+	@wget -qO junit.xslt https://phpmd.org/junit.xslt
+	EXTRA_ARGS="--log-pmd=$(REPORTS_DIR)/phpcpd.xml" $(MAKE) phpcpd
+	xsltproc junit.xslt $(REPORTS_DIR)/phpcpd.xml > $(REPORTS_DIR)/phpcpd.junit.xml
+.PHONY: phpcpd phpcpd-ci
 
-.PHONY: phpcs
 phpcs: ## Run PHP_CodeSniffer
-	vendor/bin/phpcs --standard=phpcs.xml --extensions=php . Tests --ignore=vendor
+	vendor/bin/phpcs --standard=phpcs.xml --extensions=php --ignore=vendor $(EXTRA_ARGS) .
+phpcs-ci: prepare-ci ## Run PHP_CodeSniffer (CI)
+	EXTRA_ARGS="--report=junit --report-file=$(REPORTS_DIR)/phpcs.junit.xml" $(MAKE) phpcs
+.PHONY: phpcs phpcs-ci
 
-.PHONY: phpcs-ci
-phpcs-ci: prepare-ci ## Run PHP_CodeSniffer and generate report file
-	vendor/bin/phpcs --report=checkstyle --report-file=$(REPORTS_DIR)/phpcs.xml --standard=phpcs.xml --extensions=php . Tests --ignore=vendor
-
-.PHONY: phpcs-ci-report
-phpcs-ci-report: ## Cleanup PHP_CodeSniffer report file
-	- sed -e 's#$(PWD)#$(WORKSPACE)#g' -i $(REPORTS_DIR)/phpcs.xml
-
-.PHONY: phpmd
+PHPMD_FORMAT ?= text
 phpmd: ## Run PHP Mess Detector
-	 vendor/bin/phpmd . text phpmd.xml --suffixes php
-
-.PHONY: phpmd-ci
-phpmd-ci: prepare-ci ## Run PHP Mess Detector and generate report file
-	vendor/bin/phpmd . xml phpmd.xml --suffixes php --reportfile $(REPORTS_DIR)/pmd.xml
+	 vendor/bin/phpmd . $(PHPMD_FORMAT) phpmd.xml --suffixes=php $(EXTRA_ARGS)
+phpmd-ci: prepare-ci ## Run PHP Mess Detector (CI)
+	PHPMD_FORMAT="github" $(MAKE) phpmd
+.PHONY: phpmd phpmd-ci
 
-.PHONY: phpmd-ci-report
-phpmd-ci-report: ## Cleanup PHP Mess Detector report file
-	- sed -e 's#$(PWD)#$(WORKSPACE)#g' -i $(REPORTS_DIR)/pmd.xml
-
-.PHONY: phpcpd
-phpcpd: ## Run PHP Copy Paste Detector
-	vendor/bin/phpcpd --min-lines=20 --exclude=vendor/ .
-
-.PHONY: phpcpd-ci
-phpcpd-ci: prepare-ci ## Run PHP Copy Paste and generate report file
-	vendor/bin/phpcpd --min-lines=20 --log-pmd=$(REPORTS_DIR)/phpcpd.xml --exclude=vendor/ .
-
-.PHONY: phpcpd-ci-report
-phpcpd-ci-report: ## Cleanup PHP Copy Paste report file
-	- sed -e 's#$(PWD)#$(WORKSPACE)#g' -i $(REPORTS_DIR)/phpcpd.xml
-
-.PHONY: phpstan
+PHPSTAN_LEVEL ?= max
 phpstan: ## Run PHPStan
-	vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=-1 --level $(PHPSTAN_LEVEL) .
-
-.PHONY: phpstan-ci
-phpstan-ci: prepare-ci ## Run PHPStan and generate report file
-	vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=-1 --level $(PHPSTAN_LEVEL) --error-format checkstyle . | awk NF > $(REPORTS_DIR)/phpstan.xml
-
-.PHONY: phpstan-ci-report
-phpstan-ci-report: ## Cleanup PHPStan report file
-	- sed -e 's#<file name="#<file name="$(WORKSPACE)/#g' -i $(REPORTS_DIR)/phpstan.xml
+	vendor/bin/phpstan analyse --configuration=phpstan.neon --memory-limit=-1 --level=$(PHPSTAN_LEVEL) $(EXTRA_ARGS) .
+phpstan-ci: prepare-ci ## Run PHPStan (CI)
+	EXTRA_ARGS="--error-format=github --no-progress" $(MAKE) phpstan
+.PHONY: phpstan phpstan-ci
+
+unit-tests: phpunit ## Run unit tests (alias to phpunit)
+phpunit: ## Run PHPUnit
+	vendor/bin/phpunit --exclude-group=functional $(EXTRA_ARGS)
+phpunit-ci: prepare-ci ## Run unit tests (CI)
+	EXTRA_ARGS="--log-junit $(REPORTS_DIR)/unit-tests.junit.xml" $(MAKE) unit-tests
+.PHONY: unit-tests unit-tests-ci
+
+prepare-ci:
+	@mkdir -p build/reports
+.PHONY: prepare-ci
 
-.DEFAULT_GOAL := help
-.PHONY: help
 help:
 	@grep -E '(^[a-zA-Z_-]+:.*?##.*$$)|(^##)' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[32m%-25s\033[0m %s\n", $$1, $$2}' | sed -e 's/\[32m##/[33m/'
+.PHONY: help
+.DEFAULT_GOAL := help

phpstan.neon

@@ -5,8 +5,8 @@ includes:
 
 parameters:
     excludePaths:
+        - %rootDir%/../../../DependencyInjection/Configuration.php
         - %rootDir%/../../../Tests
         - %rootDir%/../../../vendor
-        - %rootDir%/../../../DependencyInjection/Configuration.php
     checkMissingIterableValueType: false
     checkGenericClassInNonGenericObjectType: false