Add (or update) GitHub Action (GHA) files and related config.

Author: Potherca

build/.remarkrc .config/.remarkrcbuild/.remarkrc renamed to .config/.remarkrc

@@ -0,0 +1,30 @@
+---
+# For all available rules see: https://github.com/hadolint/hadolint#rules
+ignored:
+  - DL3008  # We do not want to pin versions in apt get install.
+  - DL3018  # We do not want to pin versions in apk add
+
+# For full details see https://github.com/hadolint/hadolint#configure
+#
+# The following keys are available:
+#
+# failure-threshold: string               # name of threshold level (error | warning | info | style | ignore | none)
+# format: string                          # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+# label-schema:                           # See https://github.com/hadolint/hadolint#linting-labels for details
+#   author: string                        # Your name
+#   contact: string                       # email address
+#   created: timestamp                    # rfc3339 datetime
+#   version: string                       # semver
+#   documentation: string                 # url
+#   git-revision: string                  # hash
+#   license: string                       # spdx
+# no-color: boolean                       # true | false
+# no-fail: boolean                        # true | false
+# override:
+#   error: [string]                       # list of rules
+#   warning: [string]                     # list of rules
+#   info: [string]                        # list of rules
+#   style: [string]                       # list of rules
+# strict-labels: boolean                  # true | false
+# disable-ignore-pragma: boolean          # true | false
+# trustedRegistries: string | [string]    # registry or list of registries

build/.yamllint .config/.yamllintbuild/.yamllint renamed to .config/.yamllint

@@ -15,7 +15,7 @@
     <!--    <arg name="parallel" value="75"/>-->
 
     <file>.</file>
-    <exclude-pattern>*/vendor/*|*/build/*</exclude-pattern>
+    <exclude-pattern>*/vendor/*|*/.config/*</exclude-pattern>
 
     <rule ref="PHPCompatibility"/>
     <config name="testVersion" value="8.0-"/>

.config/hadolint.yml

@@ -0,0 +1,56 @@
+---
+name: Dockerfile Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '.config/hadolint.yml'
+      - '.dockerignore'
+      - '.github/workflows/dockerfile.yml'
+      - 'Dockerfile'
+      # Docker project specific, Dockerfile "COPY" and "ADD" entries.
+      - 'solid/'
+      - 'init-live.sh'
+      - 'init.sh'
+      - 'site.conf'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '.config/hadolint.yml'
+      - '.dockerignore'
+      - '.github/workflows/dockerfile.yml'
+      - 'Dockerfile'
+      # Docker project specific, Dockerfile "COPY" and "ADD" entries.
+      - 'solid/'
+      - 'init-live.sh'
+      - 'init.sh'
+      - 'site.conf'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 03.quality.docker.lint.yml
+  lint-dockerfile:
+    name: Dockerfile Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/hadolint
+        with:
+          args: >-
+            hadolint
+            --config .config/hadolint.yml
+            Dockerfile

build/phpcs.xml.dist .config/phpcs.xml.distbuild/phpcs.xml.dist renamed to .config/phpcs.xml.dist

@@ -0,0 +1,46 @@
+---
+name: JSON Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.json'
+      - '.github/workflows/json.yml'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.json'
+      - '.github/workflows/json.yml'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.preflight.json.lint-syntax.yml
+  lint-json-syntax:
+    name: JSON Syntax Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/jsonlint
+        with:
+          args: >-
+            find .
+            -not -path '*/.git/*'
+            -not -path '*/node_modules/*'
+            -not -path '*/vendor/*'
+            -name '*.json'
+            -type f
+            -exec jsonlint --quiet {} ;

.github/workflows/dependancy-security-check.yml

@@ -0,0 +1,42 @@
+---
+name: Markdown Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.md'
+      - '.github/workflows/markdown.yml'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.md'
+      - '.github/workflows/markdown.yml'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.quality.markdown.lint-syntax.yml
+  lint-markdown-syntax:
+    name: Markdown Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/remark-lint
+        with:
+          args: >-
+            remark
+            --rc-path=.config/.remarkrc
+            --ignore-pattern='*/vendor/*'

.github/workflows/dockerfile.yml

@@ -0,0 +1,152 @@
+---
+name: PHP Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    paths:
+      - '**.php'
+      - '.config/phpcs.xml.dist'
+      - '.config/phpunit.xml.dist'
+      - '.github/workflows/php.yml'
+      - 'composer.json'
+      - 'composer.lock'
+    branches: [ main ]
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.php'
+      - '.config/phpcs.xml.dist'
+      - '.config/phpunit.xml.dist'
+      - '.github/workflows/php.yml'
+      - 'composer.json'
+      - 'composer.lock'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.preflight.php.lint-syntax.yml
+  lint-php-syntax:
+    name: PHP Syntax Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/php-linter
+        with:
+          args: >-
+            parallel-lint
+            --exclude .git
+            --exclude vendor
+            --no-progress
+            .
+  # 01.quality.php.validate.dependencies-file.yml
+  validate-dependencies-file:
+    name: Validate dependencies file
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: >-
+            composer validate
+            --check-lock
+            --no-plugins
+            --no-scripts
+            --strict
+        working-directory: "solid"
+  # 02.test.php.test-unit.yml
+  php-unittest:
+    name: PHP Unit Tests
+    needs:
+      - lint-php-syntax
+      - validate-dependencies-file
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        php:
+          - '8.0'  # from 2020-11 to 2022-11 (2023-11)
+          - '8.1'  # from 2021-11 to 2023-11 (2025-12)
+          - '8.2'  # from 2022-12 to 2024-12 (2026-12)
+          - '8.3'  # from 2023-11 to 2025-12 (2027-12)
+    steps:
+      - uses: actions/checkout@v4
+      - uses: shivammathur/setup-php@v2
+        with:
+          coverage: xdebug
+          ini-values: error_reporting=E_ALL, display_errors=On
+          php-version: ${{ matrix.php }}
+      - name: Install and Cache Composer dependencies
+        uses: "ramsey/composer-install@v2"
+        with:
+          working-directory: "solid"
+        env:
+          COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ secrets.GITHUB_TOKEN }}"}}'
+      - run: bin/phpunit --configuration .config/phpunit.xml.dist
+  # 03.quality.php.scan.dependencies-vulnerabilities.yml
+  scan-dependencies-vulnerabilities:
+    name: Scan Dependencies Vulnerabilities
+    needs:
+      - validate-dependencies-file
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: >-
+            composer audit
+            --abandoned=report
+            --locked
+            --no-dev
+            --no-plugins
+            --no-scripts
+        working-directory: "solid"
+  # 03.quality.php.lint-quality.yml
+  php-lint-quality:
+    needs:
+      - lint-php-syntax
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/php-codesniffer
+        with:
+          args: >-
+            phpcs
+            -s
+            --extensions=php
+            --ignore='*vendor/*'
+            --standard=.config/phpcs.xml.dist
+            .
+  # 03.quality.php.lint-version-compatibility.yml
+  php-check-version-compatibility:
+    name: PHP Version Compatibility
+    needs:
+      - lint-php-syntax
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        php:
+          - '8.0'  # from 2020-11 to 2022-11 (2023-11)
+          - '8.1'  # from 2021-11 to 2023-11 (2025-12)
+          - '8.2'  # from 2022-12 to 2024-12 (2026-12)
+          - '8.3'  # from 2023-11 to 2025-12 (2027-12)
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/php-codesniffer
+        with:
+          args: >-
+            phpcs
+            -s
+            --extensions=php
+            --ignore='*vendor/*'
+            --runtime-set testVersion ${{ matrix.php }}
+            --standard=PHPCompatibility
+            .