diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9426200cbb..31dcdc6fec 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,6 +16,14 @@ updates: prefix: "GH Actions:" labels: - "Type: chores/QA" + cooldown: + semver-major-days: 10 + groups: + action-runners: + applies-to: version-updates + update-types: + - "minor" + - "patch" # Handle updates for the orphan gh-pages branch. - package-ecosystem: "github-actions" @@ -28,3 +36,11 @@ updates: prefix: "GH Pages/Actions:" labels: - "Type: chores/QA" + cooldown: + semver-major-days: 10 + groups: + action-runners: + applies-to: version-updates + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/end-to-end-tests.yml b/.github/workflows/end-to-end-tests.yml index 1b1f297b76..07da89974f 100644 --- a/.github/workflows/end-to-end-tests.yml +++ b/.github/workflows/end-to-end-tests.yml @@ -39,10 +39,10 @@ jobs: run: git config --global core.autocrlf input - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: ${{ matrix.php }} ini-values: "error_reporting=-1, display_errors=On, display_startup_errors=On" diff --git a/.github/workflows/happy-new-year.yml b/.github/workflows/happy-new-year.yml index 0f0a9097de..d9a4c59b92 100644 --- a/.github/workflows/happy-new-year.yml +++ b/.github/workflows/happy-new-year.yml @@ -49,13 +49,13 @@ jobs: run: "echo current year: ${{ steps.year.outputs.NEW_YEAR }} - previous year: ${{ steps.year.outputs.PREVIOUS_YEAR }}" - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ steps.branches.outputs.BASE }} - name: Update the year in the copyright tag in the fixed file id: findreplace - uses: jacobtomlinson/gha-find-replace@v3 + uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 # 3.0.5 with: find: "* @copyright ${{ steps.year.outputs.PREVIOUS_YEAR }} Squiz Pty Ltd (ABN 77 084 670 600)" replace: "* @copyright ${{ steps.year.outputs.NEW_YEAR }} Squiz Pty Ltd (ABN 77 084 670 600)" @@ -73,7 +73,7 @@ jobs: run: exit 1 - name: Create pull request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: base: ${{ steps.branches.outputs.BASE }} branch: ${{ steps.branches.outputs.PR_BRANCH }} diff --git a/.github/workflows/label-merge-conflicts.yml b/.github/workflows/label-merge-conflicts.yml index f086fefd3e..a4e9f6a94c 100644 --- a/.github/workflows/label-merge-conflicts.yml +++ b/.github/workflows/label-merge-conflicts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Check PRs for merge conflicts - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 with: dirtyLabel: "Status: has merge conflict" repoToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/label-new-prs.yml b/.github/workflows/label-new-prs.yml index 8a083b6e3d..f1874505fb 100644 --- a/.github/workflows/label-new-prs.yml +++ b/.github/workflows/label-new-prs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Label new PRs - uses: srvaroa/labeler@v1 + uses: srvaroa/labeler@0a20eccb8c94a1ee0bed5f16859aece1c45c3e55 # v1.13.0 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" @@ -38,10 +38,10 @@ jobs: steps: # Checkout is needed to use the `use_local_config` option. - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify changes to the labeling logic - uses: srvaroa/labeler@v1 + uses: srvaroa/labeler@0a20eccb8c94a1ee0bed5f16859aece1c45c3e55 # v1.13.0 with: use_local_config: true fail_on_error: true diff --git a/.github/workflows/label-remove-outdated.yml b/.github/workflows/label-remove-outdated.yml index 14acf10cc5..d72393da72 100644 --- a/.github/workflows/label-remove-outdated.yml +++ b/.github/workflows/label-remove-outdated.yml @@ -18,7 +18,7 @@ jobs: name: Clean up labels on issue close steps: - - uses: mondeja/remove-labels-gh-action@v2 + - uses: mondeja/remove-labels-gh-action@b7118e4ba5dca74acf1059b3cb7660378ff9ab1a # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} labels: | @@ -35,7 +35,7 @@ jobs: name: "Clean up labels on PR (re-)review request" steps: - - uses: mondeja/remove-labels-gh-action@v2 + - uses: mondeja/remove-labels-gh-action@b7118e4ba5dca74acf1059b3cb7660378ff9ab1a # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} labels: | @@ -48,7 +48,7 @@ jobs: name: Clean up labels on PR merge steps: - - uses: mondeja/remove-labels-gh-action@v2 + - uses: mondeja/remove-labels-gh-action@b7118e4ba5dca74acf1059b3cb7660378ff9ab1a # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} labels: | @@ -68,7 +68,7 @@ jobs: name: Clean up labels on PR close steps: - - uses: mondeja/remove-labels-gh-action@v2 + - uses: mondeja/remove-labels-gh-action@b7118e4ba5dca74acf1059b3cb7660378ff9ab1a # v2.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} labels: | diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index bfd1aaa870..eb9222f048 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -49,10 +49,10 @@ jobs: run: git config --global core.autocrlf input - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: ${{ matrix.php }} ini-values: 'error_reporting=-1, display_errors=On, display_startup_errors=On' @@ -61,7 +61,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") diff --git a/.github/workflows/reusable-build-phar.yml b/.github/workflows/reusable-build-phar.yml index 6b0fcb197b..2d966b2314 100644 --- a/.github/workflows/reusable-build-phar.yml +++ b/.github/workflows/reusable-build-phar.yml @@ -33,10 +33,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: ${{ inputs.phpVersion }} coverage: none @@ -48,7 +48,7 @@ jobs: # Provide provenance for generated binaries. - name: Generate artifact attestations if: ${{ inputs.createAttestations == true }} - uses: actions/attest-build-provenance@v3 + uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 with: subject-path: | ${{ github.workspace }}/phpcs.phar @@ -56,7 +56,7 @@ jobs: - name: Upload the PHPCS phar if: ${{ inputs.uploadArtifacts == true }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: phpcs-phar path: ./phpcs.phar @@ -65,7 +65,7 @@ jobs: - name: Upload the PHPCBF phar if: ${{ inputs.uploadArtifacts == true }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: phpcbf-phar path: ./phpcbf.phar diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f91ebb45d8..ab5b04b277 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -114,12 +114,12 @@ jobs: run: git config --global core.autocrlf input - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: "libxml2: find the latest relevant tag" if: ${{ matrix.libxml_minor }} id: libxml_version - uses: oprypin/find-latest-tag@v1 + uses: oprypin/find-latest-tag@dd2729fe78b0bb55523ae2b2a310c6773a652bd1 # v1.1.2 with: repository: GNOME/libxml2 releases-only: false # The libxml2 repository doesn't use GitHub's "release" feature. @@ -138,7 +138,7 @@ jobs: - name: "libxml2: restore cache" if: ${{ matrix.libxml_minor }} id: libxml_cache_restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: "libxml2-${{ steps.libxml_patch_version.outputs.PATCH }}" key: "${{ matrix.os }}-libxml-${{ matrix.libxml_minor }}-${{ steps.libxml_patch_version.outputs.PATCH }}" @@ -166,7 +166,7 @@ jobs: - name: "libxml2: save cache" if: ${{ matrix.libxml_minor && steps.libxml_cache_restore.outputs.cache-hit != 'true' }} id: libxml_cache_save - uses: actions/cache/save@v4 + uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: "libxml2-${{ steps.libxml_patch_version.outputs.PATCH }}" key: ${{ steps.libxml_cache_restore.outputs.cache-primary-key }} @@ -197,7 +197,7 @@ jobs: # yamllint enable rule:line-length - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: ${{ matrix.php }} ini-values: ${{ steps.set_ini.outputs.PHP_INI }} @@ -209,7 +209,7 @@ jobs: # This action also handles the caching of the dependencies. - name: Set up node if: ${{ matrix.custom_ini == false }} - uses: actions/setup-node@v5 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '20' @@ -224,7 +224,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: composer-options: ${{ matrix.php == '8.5' && '--ignore-platform-req=php+' || '' }} custom-cache-suffix: $(date -u "+%Y-%m") @@ -257,7 +257,7 @@ jobs: - name: Download the PHPCS phar if: ${{ matrix.custom_ini == false }} - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: phpcs-phar @@ -302,7 +302,7 @@ jobs: run: git config --global core.autocrlf input - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup ini config if: ${{ matrix.custom_ini == true && matrix.os != 'windows-latest' }} @@ -313,7 +313,7 @@ jobs: echo 'PHP_INI=, date.timezone=Australia/Sydney, short_open_tag=On' >> "$GITHUB_OUTPUT" - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: ${{ matrix.php }} ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On${{ steps.set_ini.outputs.PHP_INI }} @@ -322,7 +322,7 @@ jobs: # This action also handles the caching of the dependencies. - name: Set up node if: ${{ matrix.custom_ini == false }} - uses: actions/setup-node@v5 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '20' @@ -337,7 +337,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") @@ -385,7 +385,7 @@ jobs: - name: "Upload coverage results to Coveralls (normal run)" if: ${{ success() }} - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: format: clover file: build/logs/clover.xml @@ -394,7 +394,7 @@ jobs: - name: "Upload coverage results to Coveralls (CBF run)" if: ${{ matrix.os != 'windows-latest' && success() }} - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: format: clover file: build/logs/clover-cbf.xml @@ -409,6 +409,6 @@ jobs: steps: - name: Coveralls Finished - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: parallel-finished: true diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e31a3cae92..6791eee7f3 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -26,10 +26,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: 'latest' coverage: none @@ -52,38 +52,38 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Validate the XSD file. - name: Validate XSD against schema - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "phpcs.xsd" xsd-url: "https://www.w3.org/2012/04/XMLSchema.xsd" # Validate the XML ruleset files. - name: Validate rulesets against schema - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "./src/Standards/*/ruleset.xml" xsd-file: "phpcs.xsd" # Validate the Documentation XML files. - name: Validate documentation XML - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "./src/Standards/*/Docs/*/*Standard.xml" xsd-url: "https://phpcsstandards.github.io/PHPCSDevTools/phpcsdocs.xsd" # Validate dev tool related XML files. - name: Validate Project PHPCS ruleset against schema - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "phpcs.xml.dist" xsd-file: "phpcs.xsd" - name: "Validate PHPUnit config for well-formedness" - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "phpunit.xml.dist" @@ -99,7 +99,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Updating the lists can fail intermittently, typically after Microsoft has released a new package. # This should not be blocking for this job, so ignore any errors from this step. @@ -113,7 +113,7 @@ jobs: # Show XML violations inline in the file diff. - name: Enable showing XML issues inline - uses: korelstar/xmllint-problem-matcher@v1 + uses: korelstar/xmllint-problem-matcher@1bd292d642ddf3d369d02aaa8b262834d61198c0 # v1.2.0 # Check the code-style consistency of the XML files. - name: Check XML code style @@ -157,14 +157,14 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up problem matcher - uses: lumaxis/shellcheck-problem-matchers@v2 + uses: lumaxis/shellcheck-problem-matchers@b02a1715a00c729b20eed3ebb7edf56fa9a433ba # v2.1.0 with: format: gcc - name: Run ShellCheck - uses: ludeeus/action-shellcheck@2.0.0 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 with: format: gcc diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index ac3f070f7a..9d3f5bbe02 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Trigger schema website update - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 with: token: ${{ secrets.WORKFLOW_DISPATCH_PAT }} repository: PHPCSStandards/schema.phpcodesniffer.com @@ -53,7 +53,7 @@ jobs: steps: - name: Trigger wiki update - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 with: token: ${{ secrets.WORKFLOW_DISPATCH_DOCS_PAT }} repository: PHPCSStandards/PHP_CodeSniffer-documentation @@ -83,7 +83,7 @@ jobs: steps: - name: Retrieve latest release info - uses: octokit/request-action@v2.x + uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 id: get_latest_release with: route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest @@ -146,7 +146,7 @@ jobs: run: gpg --verify ${{ steps.source.outputs.FILE }}.asc ${{ steps.source.outputs.FILE }} - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: 'latest' ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On @@ -216,7 +216,7 @@ jobs: run: "echo ${{ steps.version.outputs.TAG }}" - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: 'latest' ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On