.github/workflows/ci.yml

name: CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  validate:
    name: Validate composer configuration
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Validate composer.json
        run: composer validate

  static-analysis:
    needs: validate
    name: Run static analysis and code style checks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'
          coverage: none
          tools: composer:v2

      - name: Install dependencies
        run: composer install --prefer-dist --no-interaction --no-progress

      - name: Run static analysis
        run: composer analyse

      - name: Check coding style
        run: composer cs:check

      - name: Check Rector rules
        run: composer rector:check

  security:
    needs: validate
    name: Run security vulnerability checks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'
          coverage: none
          tools: composer:v2

      - name: Install dependencies
        run: composer install --prefer-dist --no-interaction --no-progress

      - name: Security check
        uses: symfonycorp/security-checker-action@v5

      - name: Cache security advisories
        uses: actions/cache@v4
        with:
          path: ~/.symfony/cache
          key: security-advisories-${{ github.sha }}

  tests:
    needs: [security, static-analysis]
    runs-on: ubuntu-latest
    strategy:
      max-parallel: 3
      fail-fast: false
      matrix:
        php: ['8.2', '8.3', '8.4']
        stability: [prefer-lowest, prefer-stable]
    name: Run tests on PHP ${{ matrix.php }} - ${{ matrix.stability }}
    steps:
      - uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: ${{ matrix.php }}
          coverage: pcov
          tools: composer:v2

      - name: Install dependencies
        run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress

      - name: Run tests
        run: composer test:all

  dependencies-review:
    if: github.event_name == 'pull_request'
    name: Review dependency changes
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/dependency-review-action@v4