Enhancement: Synchronize with ergebnis/php-package-template

Author: localheinz

.gitattributes

@@ -13,3 +13,4 @@
 /Makefile                       export-ignore
 /psalm-baseline.xml             export-ignore
 /psalm.xml                      export-ignore
+/rector.php                     export-ignore

.github/CODEOWNERS

@@ -1 +1,3 @@
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-file-size
+
 * @ergebnis-bot @localheinz

.github/CONTRIBUTING.md

@@ -6,7 +6,6 @@ For details, take a look at the following workflow configuration files:
 
 - [`workflows/integrate.yaml`](workflows/integrate.yaml)
 - [`workflows/merge.yaml`](workflows/merge.yaml)
-- [`workflows/prune.yaml`](workflows/prune.yaml)
 - [`workflows/release.yaml`](workflows/release.yaml)
 - [`workflows/renew.yaml`](workflows/renew.yaml)
 - [`workflows/triage.yaml`](workflows/triage.yaml)
@@ -47,9 +46,45 @@ make dependency-analysis
 
 to run a dependency analysis.
 
+## Mutation Tests
+
+We are using [`infection/infection`](https://github.com/infection/infection) to ensure a minimum quality of the tests.
+
+Enable `Xdebug` and run
+
+```sh
+make mutation-tests
+```
+
+to run mutation tests.
+
+## Refactoring
+
+We are using [`rector/rector`](https://github.com/rectorphp/rector) to automatically refactor code.
+
+Run
+
+```sh
+make refactoring
+```
+
+to automatically refactor code.
+
+## Security Analysis
+
+We are using [`composer`](https://github.com/composer/composer) to run a security analysis.
+
+Run
+
+```sh
+make security-analysis
+```
+
+to run a security analysis.
+
 ## Static Code Analysis
 
-We are using [`vimeo/psalm`](https://github.com/vimeo/psalm) to statically analyze the code.
+We are using [`phpstan/phpstan`](https://github.com/phpstan/phpstan) and [`vimeo/psalm`](https://github.com/vimeo/psalm) to statically analyze the code.
 
 Run
 
@@ -59,17 +94,17 @@ make static-code-analysis
 
 to run a static code analysis.
 
-We are also using the baseline feature of [`vimeo/psalm`](https://psalm.dev/docs/running_psalm/dealing_with_code_issues/#using-a-baseline-file).
+We are also using the baseline features of [`phpstan/phpstan`](https://phpstan.org/user-guide/baseline) and [`vimeo/psalm`](https://psalm.dev/docs/running_psalm/dealing_with_code_issues/#using-a-baseline-file).
 
 Run
 
 ```sh
 make static-code-analysis-baseline
 ```
 
-to regenerate the baseline in [`../psalm-baseline.xml`](../psalm-baseline.xml).
+to regenerate the baselines in [`../phpstan-baseline.neon`](../phpstan-baseline.neon) and [`../psalm-baseline.xml`](../psalm-baseline.xml).
 
-:exclamation: Ideally, the baseline should shrink over time.
+:exclamation: Ideally, the baselines should shrink over time.
 
 ## Tests
 
@@ -83,18 +118,6 @@ make tests
 
 to run all the tests.
 
-## Mutation Tests
-
-We are using [`infection/infection`](https://github.com/infection/infection) to ensure a minimum quality of the tests.
-
-Enable `pcov` or `Xdebug` and run
-
-```sh
-make mutation-tests
-```
-
-to run mutation tests.
-
 ## Extra lazy?
 
 Run
@@ -103,7 +126,7 @@ Run
 make
 ```
 
-to enforce coding standards, run a static code analysis, and run tests!
+to automatically refactor code, enforce coding standards, run a static code analysis, and run tests!
 
 ## Help
 

.github/settings.yml

@@ -18,6 +18,8 @@ branches:
           - context: "Coding Standards (8.1, locked)"
           - context: "Dependency Analysis (8.1, locked)"
           - context: "Mutation Tests (8.1, locked)"
+          - context: "Refactoring (8.1, locked)"
+          - context: "Security Analysis (8.1, locked)"
           - context: "Static Code Analysis (8.1, locked)"
           - context: "Tests (8.1, locked)"
           - context: "Tests (8.2, locked)"
@@ -58,10 +60,6 @@ labels:
     color: "ee0701"
     description: ""
 
-  - name: "stale"
-    color: "eeeeee"
-    description: ""
-
 # https://docs.github.com/en/rest/reference/repos#update-a-repository
 
 repository:

.github/workflows/integrate.yaml

@@ -83,7 +83,7 @@ jobs:
         uses: "actions/[email protected]"
 
       - name: "Lint YAML files"
-        uses: "ibiqlik/[email protected]"
+        uses: "ibiqlik/[email protected].1"
         with:
           config_file: ".yamllint.yaml"
           file_or_dir: "."
@@ -127,8 +127,10 @@ jobs:
         uses: "actions/[email protected]"
         with:
           path: ".build/php-cs-fixer"
-          key: "php-${{ matrix.php-version }}-php-cs-fixer-${{ github.sha }}"
-          restore-keys: "php-${{ matrix.php-version }}-php-cs-fixer-"
+          key: "php-${{ matrix.php-version }}-php-cs-fixer-${{ github.ref_name }}"
+          restore-keys: |
+            php-${{ matrix.php-version }}-php-cs-fixer-main
+            php-${{ matrix.php-version }}-php-cs-fixer-
 
       - name: "Run friendsofphp/php-cs-fixer"
         run: "vendor/bin/php-cs-fixer fix --ansi --config=.php-cs-fixer.php --diff --dry-run --verbose"
@@ -156,6 +158,7 @@ jobs:
           coverage: "none"
           extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
           php-version: "${{ matrix.php-version }}"
+          tools: "phive"
 
       - name: "Set up problem matchers for PHP"
         run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
@@ -175,6 +178,11 @@ jobs:
         with:
           dependencies: "${{ matrix.dependencies }}"
 
+      - name: "Install dependencies with phive"
+        uses: "ergebnis/.github/actions/phive/[email protected]"
+        with:
+          trust-gpg-keys: "0x033E5F8D801A2F8D"
+
       - name: "Run maglnet/composer-require-checker"
         run: ".phive/composer-require-checker check --config-file=$(pwd)/composer-require-checker.json"
 
@@ -225,6 +233,96 @@ jobs:
           XDEBUG_MODE: "coverage"
         run: "vendor/bin/infection --ansi --configuration=infection.json --logger-github"
 
+  refactoring:
+    name: "Refactoring"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "8.1"
+
+        dependencies:
+          - "locked"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/[email protected]"
+
+      - name: "Set up PHP"
+        uses: "shivammathur/[email protected]"
+        with:
+          coverage: "none"
+          extensions: "none, ctype, dom, intl, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Set up problem matchers for PHP"
+        run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      - name: "Determine composer cache directory"
+        uses: "ergebnis/.github/actions/composer/[email protected]"
+
+      - name: "Cache dependencies installed with composer"
+        uses: "actions/[email protected]"
+        with:
+          path: "${{ env.COMPOSER_CACHE_DIR }}"
+          key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}"
+          restore-keys: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-"
+
+      - name: "Install ${{ matrix.dependencies }} dependencies with composer"
+        uses: "ergebnis/.github/actions/composer/[email protected]"
+        with:
+          dependencies: "${{ matrix.dependencies }}"
+
+      - name: "Create cache directory for rector/rector"
+        run: "mkdir -p .build/rector"
+
+      - name: "Cache cache directory for rector/rector"
+        uses: "actions/[email protected]"
+        with:
+          path: ".build/rector"
+          key: "php-${{ matrix.php-version }}-rector-${{ github.ref_name }}"
+          restore-keys: |
+            php-${{ matrix.php-version }}-rector-main
+            php-${{ matrix.php-version }}-rector-
+
+      - name: "Run automated refactoring with rector/rector"
+        run: "vendor/bin/rector --ansi --config=rector.php --dry-run"
+
+  security-analysis:
+    name: "Security Analysis"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "8.1"
+
+        dependencies:
+          - "locked"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/[email protected]"
+
+      - name: "Set up PHP"
+        uses: "shivammathur/[email protected]"
+        with:
+          coverage: "none"
+          extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Set up problem matchers for PHP"
+        run: "echo \"::add-matcher::${{ runner.tool_cache }}/php.json\""
+
+      - name: "Validate composer.json and composer.lock"
+        run: "composer validate --ansi --strict"
+
+      - name: "Check installed packages for security vulnerability advisories"
+        run: "composer audit --ansi"
+
   static-code-analysis:
     name: "Static Code Analysis"
 
@@ -246,7 +344,7 @@ jobs:
         uses: "shivammathur/[email protected]"
         with:
           coverage: "none"
-          extensions: "none, ctype, curl, dom, json, mbstring, pcntl, phar, posix, simplexml, tokenizer, xml, xmlwriter"
+          extensions: "none, ctype, curl, dom, json, mbstring, opcache, pcntl, phar, posix, simplexml, tokenizer, xml, xmlwriter"
           php-version: "${{ matrix.php-version }}"
 
       - name: "Set up problem matchers for PHP"

.github/workflows/merge.yaml

@@ -34,8 +34,8 @@ jobs:
       - name: "Assign @ergebnis-bot"
         uses: "ergebnis/.github/actions/github/pull-request/[email protected]"
         with:
-          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
           assignee: "ergebnis-bot"
+          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
 
       - name: "Approve pull request"
         uses: "ergebnis/.github/actions/github/pull-request/[email protected]"

.github/workflows/prune.yaml

@@ -61,8 +61,10 @@ jobs:
         uses: "actions/[email protected]"
         with:
           path: ".build/php-cs-fixer"
-          key: "php-${{ matrix.php-version }}-php-cs-fixer-${{ github.sha }}"
-          restore-keys: "php-${{ matrix.php-version }}-php-cs-fixer-"
+          key: "php-${{ matrix.php-version }}-php-cs-fixer-${{ github.ref_name }}"
+          restore-keys: |
+            php-${{ matrix.php-version }}-php-cs-fixer-main
+            php-${{ matrix.php-version }}-php-cs-fixer-
 
       - name: "Run friendsofphp/php-cs-fixer"
         run: "vendor/bin/php-cs-fixer fix --ansi --config=.php-cs-fixer.php --diff --verbose"

.github/workflows/renew.yaml

@@ -1,5 +1,7 @@
 /.build/
 /.notes/
+/.phive/
 /demo/obsidian/
-!/demo/obsidian/.gitkeep
 /vendor/
+!/.phive/phars.xml
+!/demo/obsidian/.gitkeep

.gitignore

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
-  <phar name="composer-require-checker" version="^4.1.0" installed="4.1.0" location="./.phive/composer-require-checker" copy="true"/>
+  <phar name="composer-require-checker" version="^4.5.0" installed="4.5.0" location="./.phive/composer-require-checker" copy="false"/>
 </phive>