This directory contains comprehensive GitHub Actions workflows for the Magento 2 Prometheus Exporter project. These workflows ensure code quality, automate releases, and maintain project health.
Trigger: Push/PR to master or develop branches
Purpose: Core testing and quality assurance pipeline
Jobs:
- PHP CS Fixer: Code style validation and automatic fixing
- PHPStan: Static analysis for type safety and code quality
- Unit Tests: Runs across PHP 7.4, 8.0, 8.1, 8.2 with coverage reporting
- Integration Tests: Tests against Magento 2.4.5 and 2.4.6
- Compatibility Check: Validates Magento coding standards and PHP compatibility
- Security Check: Scans for security vulnerabilities
- Composer Validation: Ensures composer.json integrity
Trigger: Git tags (v*.*.*) or manual dispatch
Purpose: Automated release management and distribution
Jobs:
- Validate Release: Checks version format and changelog consistency
- Run Tests: Final test suite before release
- Create Release: Generates GitHub release with archives
- Update Packagist: Notifies Packagist of new version
- Post Release: Updates development branch versions
Trigger: Push/PR to main branches, weekly schedule
Purpose: Comprehensive code quality analysis
Jobs:
- PHP CS Fixer: Advanced code style enforcement
- PHPStan: Deep static analysis
- Psalm: Additional static analysis tool
- Magento Coding Standard: Magento-specific code standards
- PHP Compatibility: Multi-version PHP compatibility check
- PHPMD: Mess detection for code smells
- PHPCPD: Copy/paste detection
- Security Checker: Vulnerability scanning
- Dependency Check: Unused dependency detection
- Code Metrics: Lines of code analysis
Trigger: Weekly schedule (Mondays 9 AM UTC) or manual
Purpose: Automated dependency management and security monitoring
Jobs:
- Update Dependencies: Creates PRs for patch/minor updates
- Security Audit: Scans for security vulnerabilities
- Composer Audit: Official Composer security advisories
- Outdated Check: Reports on outdated packages
- Cleanup: Removes old dependency update PRs
Trigger: Changes to docs, README, or source code
Purpose: Documentation validation and generation
Jobs:
- Validate Docs: Markdown linting and link checking
- Generate API Docs: Creates PHPDoc documentation
- Check Changelog: Ensures changelog updates in PRs
- Validate Changelog: Checks changelog format
- Spell Check: Spell checking with custom dictionary
- Update Docs: Auto-generates metrics and config documentation
- Deploy Docs: Publishes to GitHub Pages
Trigger: Push/PR to main branches, weekly schedule
Purpose: Performance testing and monitoring
Jobs:
- Performance Baseline: Measures core performance metrics
- Performance Comparison: Compares PR performance vs base branch
- Load Testing: High-load scenario testing with k6
Add these secrets in your GitHub repository settings:
GITHUB_TOKEN: Automatically provided by GitHubPACKAGIST_TOKEN: For automated Packagist updates (optional)
Ensure the following permissions are enabled for GitHub Actions:
- Contents: Read/Write (for creating releases and updating docs)
- Issues: Write (for creating security issue reports)
- Pull Requests: Write (for dependency update PRs)
- Pages: Write (for documentation deployment)
- β Code Style: Automatic code formatting on develop branch
- π Dependency Updates: Weekly automated dependency PRs
- π Documentation: Auto-generated API docs and metrics lists
- π·οΈ Releases: Fully automated release process with archives
- π Security: Continuous vulnerability monitoring
- π Performance: Regular performance regression testing
- Unit Tests: Must pass across all PHP versions
- Integration Tests: Must pass against supported Magento versions
- Security: No critical vulnerabilities allowed
- Code Style: Must follow PSR-12 and Magento standards
- Static Analysis: PHPStan level 5 compliance required
All workflows generate detailed reports in the GitHub Actions summary, including:
- Test coverage metrics
- Performance benchmarks
- Security scan results
- Code quality scores
- Dependency status
- Fork/Clone this repository
- Enable Actions in your repository settings
- Add Secrets (if needed for Packagist integration)
- Push Changes to trigger the workflows
You can monitor workflow status through:
- GitHub Actions Tab: Real-time workflow execution
- README Badges: Add status badges to your README
- Branch Protection: Configure required status checks
Add these to your README.md:
- PHP Versions: Update matrix in
ci.ymlandrelease.yml - Magento Versions: Update matrix in integration test jobs
- Schedule: Modify cron expressions for scheduled workflows
- Quality Gates: Adjust PHPStan levels, coverage thresholds
- Create new jobs in existing workflows
- Add custom scripts in
.github/scripts/ - Use marketplace actions for additional functionality
- Composer Auth: May need Magento marketplace credentials
- Memory Limits: Increase PHP memory for large projects
- Timeouts: Adjust timeout values for slow operations
- Permissions: Ensure proper GitHub token permissions
Enable debug logging by setting repository variable:
ACTIONS_STEP_DEBUG:trueACTIONS_RUNNER_DEBUG:true
When contributing to workflows:
- Test changes in a fork first
- Update documentation for new features
- Follow existing naming conventions
- Add appropriate error handling
These workflows are designed to be production-ready and can be customized based on your specific requirements.