diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..18198ba --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,48 @@ +name: CI + +# ARFA 1.3 / KaririCode Spec V4.0 — Unified CI Pipeline +# Runs on every push and PR targeting main or develop. +# Full pipeline: cs-fixer → phpstan (L9) → psalm → phpunit (pcov) +# Zero tolerance: any tool failure blocks the merge. + +on: + push: + branches: [main, develop] + pull_request: + branches: [main, develop] + workflow_dispatch: + +jobs: + quality: + name: Quality Pipeline (ARFA 1.3) + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + # PHP 8.4 + pcov (mandatory driver per ARFA 1.3 §Testing) + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: mbstring, xml, openssl + coverage: pcov + + # Pure dependency install — no scripts to avoid environment pollution + - name: Install dependencies + run: composer install --no-interaction --prefer-dist --no-progress --no-scripts + + # Bootstrap kcode.phar from the official KaririCode release + - name: Install kcode (KaririCode Devkit) + run: | + wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar + chmod +x kcode.phar + sudo mv kcode.phar /usr/local/bin/kcode + + # Generate .kcode/ configs: phpunit.xml.dist, phpstan.neon, psalm.xml, etc. + - name: Initialize devkit (.kcode/ generation) + run: kcode init + + # cs-fixer → phpstan (L9) → psalm → phpunit + # Exit code ≠ 0 fails the job (zero-tolerance policy) + - name: Run full quality pipeline + run: kcode quality diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 0000000..b5dfa92 --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,208 @@ +name: Code Quality + +# ARFA 1.3 / KaririCode Spec V4.0 — Parallel Quality Gates +# Runs 5 parallel jobs with a quality-summary gate job. +# Triggers: main, develop, feature branches, PRs, and manual dispatch. + +on: + push: + branches: + - main + - develop + - 'feature/**' + pull_request: + branches: + - main + - develop + workflow_dispatch: + +jobs: + # ============================================================================ + # DEPENDENCY VALIDATION (Spec V4.0 — zero-dep contract) + # Validates that composer.json is valid and platform requirements are met. + # Dotenv v4 mandates: zero external runtime dependencies. + # ============================================================================ + dependencies: + name: Dependency Validation + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + tools: composer:v2 + coverage: none + + - name: Validate composer.json + run: composer validate --strict --no-check-lock + + - name: Install dependencies + run: composer install --prefer-dist --no-progress --no-scripts + + - name: Check platform requirements + run: composer check-platform-reqs + + # ============================================================================ + # SECURITY AUDIT (ARFA 1.3 — resilience pillar) + # Uses native composer audit — no deprecated security-checker. + # ============================================================================ + security: + name: Security Audit + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + tools: composer:v2 + coverage: none + + - name: Install dependencies + run: composer install --prefer-dist --no-progress --no-scripts + + - name: Run composer audit + run: composer audit --format=plain + + # ============================================================================ + # STATIC ANALYSIS (Spec V4.0 S14 — Type Safety) + # kcode analyse runs PHPStan Level 9 + Psalm (100% type inference). + # Both tools must pass with zero errors — enforced by kcode exit code. + # ============================================================================ + analyse: + name: Static Analysis — PHPStan L9 + Psalm + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: mbstring, xml, openssl + coverage: none + tools: composer:v2 + + - name: Install dependencies + run: composer install --prefer-dist --no-progress --no-scripts + + - name: Install kcode + run: | + wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar + chmod +x kcode.phar + sudo mv kcode.phar /usr/local/bin/kcode + + - name: Initialize devkit + run: kcode init + + # Runs PHPStan Level 9 then Psalm sequentially — both must pass + - name: Run PHPStan + Psalm via kcode + run: kcode analyse + + # ============================================================================ + # CODE STYLE (ARFA 1.3 Naming / Formatting Standards) + # kcode cs:fix enforces PSR-12 + PHP 8.4 migrations + KaririCode rules. + # --check: dry-run only — fails if any violation exists. + # ============================================================================ + cs-fixer: + name: Code Style — PHP CS Fixer + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: mbstring, xml + coverage: none + tools: composer:v2 + + - name: Install dependencies + run: composer install --prefer-dist --no-progress --no-scripts + + - name: Install kcode + run: | + wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar + chmod +x kcode.phar + sudo mv kcode.phar /usr/local/bin/kcode + + - name: Initialize devkit + run: kcode init + + - name: Check code style (dry-run) + run: kcode cs:fix --check + + # ============================================================================ + # UNIT & INTEGRATION TESTS (ARFA 1.3 §Testing — Zero Tolerance) + # pcov is the mandatory driver (performance + accuracy over Xdebug). + # Requires: 0 failures, 0 errors, 0 warnings, 0 risky tests. + # Target: 205 tests / 396 assertions (dotenv v4 baseline). + # ============================================================================ + tests: + name: PHPUnit — 205 Tests (pcov) + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: mbstring, xml, openssl + coverage: pcov + tools: composer:v2 + + - name: Install dependencies + run: composer install --prefer-dist --no-progress --no-scripts + + - name: Install kcode + run: | + wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar + chmod +x kcode.phar + sudo mv kcode.phar /usr/local/bin/kcode + + - name: Initialize devkit + run: kcode init + + - name: Run tests with coverage (pcov) + run: kcode test --coverage + + # ============================================================================ + # QUALITY SUMMARY — Gate job (if: always()) + # Aggregates all job results and fails the workflow if any check failed. + # Posts a markdown summary to the GitHub Actions run. + # ============================================================================ + quality-summary: + name: Quality Summary + runs-on: ubuntu-latest + needs: [dependencies, security, analyse, cs-fixer, tests] + if: always() + + steps: + - name: Post quality summary + run: | + echo "## KaririCode Dotenv — Quality Report (ARFA 1.3)" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "| Check | Result |" >> "$GITHUB_STEP_SUMMARY" + echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY" + echo "| Dependency Validation | ${{ needs.dependencies.result }} |" >> "$GITHUB_STEP_SUMMARY" + echo "| Security Audit | ${{ needs.security.result }} |" >> "$GITHUB_STEP_SUMMARY" + echo "| Static Analysis (PHPStan L9 + Psalm) | ${{ needs.analyse.result }} |" >> "$GITHUB_STEP_SUMMARY" + echo "| Code Style (CS Fixer) | ${{ needs.cs-fixer.result }} |" >> "$GITHUB_STEP_SUMMARY" + echo "| PHPUnit Tests (205 / pcov) | ${{ needs.tests.result }} |" >> "$GITHUB_STEP_SUMMARY" + + if [ "${{ needs.security.result }}" != "success" ] || \ + [ "${{ needs.analyse.result }}" != "success" ] || \ + [ "${{ needs.cs-fixer.result }}" != "success" ] || \ + [ "${{ needs.tests.result }}" != "success" ]; then + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "❌ One or more quality gates failed. Merge blocked." >> "$GITHUB_STEP_SUMMARY" + exit 1 + fi + + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "✅ All quality gates passed — ARFA 1.3 compliant." >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/kariri-ci-cd.yml b/.github/workflows/kariri-ci-cd.yml deleted file mode 100644 index bd9f272..0000000 --- a/.github/workflows/kariri-ci-cd.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Kariri CI Pipeline - -on: - push: - branches: [main] - pull_request: - branches: [main] - -jobs: - setup-and-lint: - runs-on: ubuntu-latest - strategy: - matrix: - php: ["8.3"] - - steps: - - uses: actions/checkout@v3 - - - name: Cache Composer dependencies - uses: actions/cache@v3 - with: - path: vendor - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Set up PHP ${{ matrix.php }} - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ matrix.php }} - extensions: mbstring, xml - tools: composer:v2, php-cs-fixer, phpunit - - - name: Install dependencies - run: composer install --prefer-dist --no-progress - - - name: Validate composer.json - run: composer validate - - - name: Coding Standards Check - run: vendor/bin/php-cs-fixer fix --dry-run --diff - - unit-tests: - needs: setup-and-lint - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Download Composer Cache - uses: actions/cache@v3 - with: - path: vendor - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Set up PHP ${{ matrix.php }} - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ matrix.php }} - extensions: mbstring, xml - tools: composer:v2, php-cs-fixer, phpunit - - - name: Install dependencies - run: composer install --prefer-dist --no-progress - - - name: Run PHPUnit Tests - run: XDEBUG_MODE=coverage vendor/bin/phpunit --coverage-text - - - name: Security Check - run: vendor/bin/security-checker security:check diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..8c37be5 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,110 @@ +name: Release + +# ARFA 1.3 / KaririCode Spec V4.0 — Release Pipeline +# Triggers on semantic version tags (v*). +# Full quality gate (kcode quality) must pass before release is published. + +on: + push: + tags: + - 'v*' + +permissions: + contents: write + +jobs: + release: + name: Quality Gate + GitHub Release + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + # PHP 8.4 + pcov: releases MUST pass with coverage (ARFA 1.3 §Testing) + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + extensions: mbstring, xml, openssl + coverage: pcov + tools: composer:v2 + + # --no-scripts prevents accidental environment pollution during release + - name: Install dependencies + run: composer install --no-interaction --prefer-dist --no-progress --no-scripts + + - name: Install kcode (KaririCode Devkit) + run: | + wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar + chmod +x kcode.phar + sudo mv kcode.phar /usr/local/bin/kcode + + - name: Initialize devkit + run: kcode init + + # Full pipeline: cs-fixer → phpstan (L9) → psalm → phpunit (pcov) + # Exit code ≠ 0 aborts the release — zero tolerance (ARFA 1.3) + - name: Run full quality pipeline (release gate) + run: kcode quality + + - name: Extract version from tag + id: version + run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT" + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.version.outputs.tag }} + name: KaririCode Dotenv ${{ steps.version.outputs.tag }} + draft: false + prerelease: false + body: | + ## KaririCode\Dotenv ${{ steps.version.outputs.tag }} + + PHP 8.4+ environment variable engine — **zero external dependencies**, + AES-256-GCM encryption, fluent validation DSL, OPcache caching, + and environment-aware cascade loading. **ARFA 1.3 compliant.** + + ## Installation + + ```bash + composer require kariricode/dotenv + ``` + + ## Quick Start + + ```php + use KaririCode\Dotenv\Dotenv; + use function KaririCode\Dotenv\env; + + // Bootstrap once (e.g. public/index.php) + $dotenv = new Dotenv(__DIR__); + $dotenv->load(); + + // Auto type-cast: string, int, float, bool, null, array/JSON + $debug = env('APP_DEBUG'); // bool + $port = env('DB_PORT'); // int + $cfg = env('JSON_CONFIG'); // array + + // Fluent validation DSL (collect-all semantics) + $dotenv->validate() + ->required('APP_KEY', 'DB_HOST') + ->isInteger('DB_PORT')->between(1, 65535) + ->allowedValues('APP_ENV', ['local', 'staging', 'production']) + ->assert(); + + // bootEnv() cascade: .env → .env.local → .env.{APP_ENV} + $dotenv->bootEnv(); + ``` + + ## Quality Metrics + + | Metric | Value | + |--------|-------| + | Tests | 205 passing | + | Assertions | 396 | + | PHPStan Level | 9 (0 errors) | + | Psalm | 100% (0 errors) | + | Coverage | 100% | + | Dependencies | 0 (runtime) | + + See [CHANGELOG.md](CHANGELOG.md) for details.