From 8e8b2dacd62a54fdb115e7ee1b16ce525208d5d6 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Sun, 5 Jul 2026 11:42:08 -0400 Subject: [PATCH] ci: replace Super-Linter with reusable quality and security workflows, pin reusable ECS workflow, group Dependabot updates, and refresh linter and Gitleaks configs. --- .github/dependabot.yml | 10 +++++++++ .github/linters/.codespellrc | 2 +- .github/linters/.editorconfig-checker.json | 5 +++++ .github/linters/.gitleaks.toml | 6 ----- .github/linters/actionlint.yml | 6 ----- .github/workflows/ecs.yml | 3 +-- .github/workflows/linter.yml | 17 -------------- .github/workflows/quality.yml | 22 ++++++++++++++++++ .github/workflows/security.yml | 19 ++++++++++++++++ .prettierignore | 26 +++++++++++----------- CHANGELOG.md | 2 ++ README.md | 5 +++-- composer.json | 16 ++++++++----- scaffold-lock.json | 16 +++++-------- src/config/rector.php | 2 ++ 15 files changed, 94 insertions(+), 63 deletions(-) delete mode 100644 .github/linters/actionlint.yml delete mode 100644 .github/workflows/linter.yml create mode 100644 .github/workflows/quality.yml create mode 100644 .github/workflows/security.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ce0844c..d864111 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,10 +6,20 @@ updates: directory: "/" schedule: interval: "daily" + cooldown: + default-days: 7 + groups: + github-actions: + patterns: ["*"] # Maintain dependencies for Composer - package-ecosystem: "composer" directory: "/" schedule: interval: "daily" + cooldown: + default-days: 7 + groups: + composer: + patterns: ["*"] versioning-strategy: increase-if-necessary diff --git a/.github/linters/.codespellrc b/.github/linters/.codespellrc index bb52ff4..303604d 100644 --- a/.github/linters/.codespellrc +++ b/.github/linters/.codespellrc @@ -1,2 +1,2 @@ [codespell] -skip = */tests/*,tests/**,*/composer.lock,*/composer.json,*/package-lock.json,*/dist/*,*/node_modules/* +skip = ./.git,.claude/*,.codex/*,.vscode/*,code_coverage/*,composer.lock,runtime/*,scaffold-lock.json,vendor/*,*/tests/*,tests/**,*/composer.lock,*/composer.json,*/package-lock.json,*/dist/*,*/node_modules/* diff --git a/.github/linters/.editorconfig-checker.json b/.github/linters/.editorconfig-checker.json index bb0f71a..0e57707 100644 --- a/.github/linters/.editorconfig-checker.json +++ b/.github/linters/.editorconfig-checker.json @@ -1,5 +1,10 @@ { "Exclude": [ + "^\\.claude/", + "^\\.codex/", + "^\\.vscode/", + "^code_coverage/", + "^composer\\.lock$", "phpstan-baseline\\.neon$", "^tests/runtime/", "\\.min\\.css$", diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml index 08ac9fb..1f08510 100644 --- a/.github/linters/.gitleaks.toml +++ b/.github/linters/.gitleaks.toml @@ -2,9 +2,3 @@ title = "gitleaks config" [extend] useDefault = true - -[allowlist] -description = "Allow test fixture data with dummy credentials" -paths = [ - '''tests/support/data/.*\.php''', -] diff --git a/.github/linters/actionlint.yml b/.github/linters/actionlint.yml deleted file mode 100644 index 328407a..0000000 --- a/.github/linters/actionlint.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -paths: - .github/workflows/**/*.yml: - ignore: - - '"pull_request" section is alias node but mapping node is expected' - - '"push" section is alias node but mapping node is expected' diff --git a/.github/workflows/ecs.yml b/.github/workflows/ecs.yml index 73388d3..d1d4d5e 100644 --- a/.github/workflows/ecs.yml +++ b/.github/workflows/ecs.yml @@ -14,10 +14,9 @@ name: ecs permissions: contents: read - pull-requests: write jobs: easy-coding-standard: - uses: yii2-framework/actions/.github/workflows/ecs.yml@main + uses: yii2-framework/actions/.github/workflows/ecs.yml@e02758a41a2a811fb3e706735192979171b2260d # v2.0.1 with: command-options: check src --config src/ecs-83.php --ansi diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml deleted file mode 100644 index 7b46557..0000000 --- a/.github/workflows/linter.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -on: - - pull_request - - push - -name: linter - -permissions: - checks: write - contents: read - statuses: write - -jobs: - linter: - uses: yii2-framework/actions/.github/workflows/super-linter.yml@v1 - secrets: - AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml new file mode 100644 index 0000000..8b3d9e6 --- /dev/null +++ b/.github/workflows/quality.yml @@ -0,0 +1,22 @@ +--- +on: + - pull_request + - push + +name: quality + +permissions: + contents: read + +jobs: + quality: + uses: yii2-framework/actions/.github/workflows/quality.yml@e02758a41a2a811fb3e706735192979171b2260d # v2.0.1 + permissions: + contents: read + with: + codespell-config: .github/linters/.codespellrc + editorconfig-checker-config: .github/linters/.editorconfig-checker.json + markdownlint-config: .github/linters/.markdown-lint.yml + prettier-config: .prettierrc.json + prettier-ignore-path: .prettierignore + yamllint-targets: .github diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..8d212d1 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,19 @@ +--- +on: + - pull_request + - push + +name: security + +permissions: + contents: read + +jobs: + security: + uses: yii2-framework/actions/.github/workflows/security.yml@e02758a41a2a811fb3e706735192979171b2260d # v2.0.1 + permissions: + contents: read + with: + gitleaks-config: .github/linters/.gitleaks.toml + secrets: + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} diff --git a/.prettierignore b/.prettierignore index 1886a83..37e9c50 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,21 +1,21 @@ -**/*.min.css -**/*.min.js +# Local agent, editor, coverage, and generated runtime state. +.claude/** +.codex/** +.vscode/** +code_coverage/** +runtime/** -# Vite-built bundles (committed dist/) and lockfiles. -**/dist/** -**/node_modules/** -**/package-lock.json +# Dependencies. +vendor/** -# Yii AssetManager publishes a hashed copy of src/assets/ under tests/runtime/ -# whenever phpunit runs; the tree is regenerated on every test run, never -# authored, and ignored by git already. -tests/runtime/** +# Dependency lockfile ignored by git. +composer.lock -# License texts ship verbatim — never auto-formatted. +# License texts ship verbatim. **/LICENSE* -# Tool configs maintained by hand to keep their array order meaningful. +# Tool config maintained by hand to keep array order meaningful. composer-require-checker.json -# Auto-generated by yii2-extensions/scaffold; never hand-edited. +# Auto-generated by yii2-extensions/scaffold. scaffold-lock.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 8de9db6..4c91282 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## 0.3.3 Under development +- ci: replace Super-Linter with reusable quality and security workflows, pin reusable ECS workflow, group Dependabot updates, and refresh linter and Gitleaks configs. + ## 0.3.2 May 22, 2026 - chore: update `.gitleaks.toml` configuration and `scaffold-lock.json` version. diff --git a/README.md b/README.md index 367e157..9079904 100644 --- a/README.md +++ b/README.md @@ -195,9 +195,10 @@ Follow the same convention used across PHP Forge repositories: [![Latest Stable Version](https://img.shields.io/packagist/v/php-forge/coding-standard.svg?style=for-the-badge&logo=packagist&logoColor=white&label=Stable)](https://packagist.org/packages/php-forge/coding-standard) [![Total Downloads](https://img.shields.io/packagist/dt/php-forge/coding-standard.svg?style=for-the-badge&logo=composer&logoColor=white&label=Downloads)](https://packagist.org/packages/php-forge/coding-standard) -## Quality code +## Project status -[![Super-Linter](https://img.shields.io/github/actions/workflow/status/php-forge/coding-standard/linter.yml?style=for-the-badge&label=Super-Linter&logo=github)](https://github.com/php-forge/coding-standard/actions/workflows/linter.yml) +[![Quality](https://img.shields.io/github/actions/workflow/status/php-forge/coding-standard/quality.yml?style=for-the-badge&label=Quality&logo=github)](https://github.com/php-forge/coding-standard/actions/workflows/quality.yml) +[![Security](https://img.shields.io/github/actions/workflow/status/php-forge/coding-standard/security.yml?style=for-the-badge&label=Security&logo=github)](https://github.com/php-forge/coding-standard/actions/workflows/security.yml) [![StyleCI](https://img.shields.io/badge/StyleCI-Passed-44CC11.svg?style=for-the-badge&logo=github&logoColor=white)](https://github.styleci.io/repos/1141292628?branch=main) ## Our social networks diff --git a/composer.json b/composer.json index 979479c..fdf3a5b 100644 --- a/composer.json +++ b/composer.json @@ -10,16 +10,22 @@ "scaffold-provider" ], "license": "BSD-3-Clause", - "minimum-stability": "dev", - "prefer-stable": true, + "authors": [ + { + "name": "Wilmer Arambula", + "email": "terabytesoftw@gmail.com", + "homepage": "https://github.com/terabytesoftw", + "role": "Developer" + } + ], "require": { "php": ">=8.1", - "rector/rector": "^2.1", - "symplify/easy-coding-standard": "^13.0" + "rector/rector": "^2.4", + "symplify/easy-coding-standard": "^13.2" }, "require-dev": { "php-forge/baseline": "^0.1", - "yii2-extensions/scaffold": "^0.1" + "yii2-extensions/scaffold": "^0.2" }, "autoload": { "psr-4": { diff --git a/scaffold-lock.json b/scaffold-lock.json index 89f5245..0098675 100644 --- a/scaffold-lock.json +++ b/scaffold-lock.json @@ -1,7 +1,7 @@ { "providers": { "php-forge/baseline": { - "version": "0.1.1", + "version": "0.1.3", "path": "vendor/php-forge/baseline" } }, @@ -31,7 +31,7 @@ "mode": "replace" }, ".prettierignore": { - "hash": "sha256:d12c54d82c23d562342765ceda6897ca26b73eba0c700c127408c0a9bc17d595", + "hash": "sha256:f4b6198902354d400815e6169439b5805da5ce8fb50797f9ec79c6f91e6c22a4", "provider": "php-forge/baseline", "source": "metadata/.prettierignore", "mode": "replace" @@ -55,19 +55,19 @@ "mode": "preserve" }, ".github/linters/.codespellrc": { - "hash": "sha256:c89a5fae6e0bba775cede6add224570db555ebd607f2737c8efc15ba9a32fe92", + "hash": "sha256:b1a66a59f2042ac1601a277d09b21326aa8c85da8ba18592a138d1681760c9c7", "provider": "php-forge/baseline", "source": "metadata/.github/linters/.codespellrc", "mode": "replace" }, ".github/linters/.editorconfig-checker.json": { - "hash": "sha256:8227fada934c245fc98e67d691a9c8bee48b86adbbac9fbb6282057ca321d9b5", + "hash": "sha256:83ce0f9e83f68fb23500061cb17836eaa5e3107df93cc4ccfb578a7500b7f958", "provider": "php-forge/baseline", "source": "metadata/.github/linters/.editorconfig-checker.json", "mode": "replace" }, ".github/linters/.gitleaks.toml": { - "hash": "sha256:33589aa4b1b2bd29dc30603b2e590d75a83f59da3fcd8e0b7a148c59726efb85", + "hash": "sha256:4016e5e7237b525fd32eaf50c10577c21f452863ce95a901c059fb90d6b9318a", "provider": "php-forge/baseline", "source": "metadata/.github/linters/.gitleaks.toml", "mode": "replace" @@ -77,12 +77,6 @@ "provider": "php-forge/baseline", "source": "metadata/.github/linters/.markdown-lint.yml", "mode": "replace" - }, - ".github/linters/actionlint.yml": { - "hash": "sha256:5c4071e2aa711e7d2e6bbb9c06d82399feab06ef5ff8feae4f9b6a61b383852f", - "provider": "php-forge/baseline", - "source": "metadata/.github/linters/actionlint.yml", - "mode": "replace" } } } \ No newline at end of file diff --git a/src/config/rector.php b/src/config/rector.php index e1d5c7e..08ffc4a 100644 --- a/src/config/rector.php +++ b/src/config/rector.php @@ -7,6 +7,8 @@ return static function (RectorConfig $rectorConfig): void { $rectorConfig->import(__DIR__ . '/vendor/php-forge/coding-standard/src/rector-83.php'); + $rectorConfig->importNames(); + $rectorConfig->paths( [ __DIR__ . '/src',