Dependency Update #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Update | |
| on: | |
| schedule: | |
| # Run every Monday at 9 AM UTC | |
| - cron: "0 9 * * 1" | |
| workflow_dispatch: | |
| jobs: | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: "8.1" | |
| tools: composer | |
| - name: Create test composer.json for security audit | |
| run: | | |
| cat > composer-security.json << 'EOF' | |
| { | |
| "name": "security-audit-test", | |
| "require": { | |
| "symfony/console": "^5.0|^6.0", | |
| "guzzlehttp/guzzle": "^7.0", | |
| "monolog/monolog": "^2.0|^3.0", | |
| "psr/log": "^1.0|^2.0|^3.0", | |
| "laminas/laminas-http": "^2.15" | |
| }, | |
| "minimum-stability": "stable" | |
| } | |
| EOF | |
| - name: Install dependencies for security check | |
| run: | | |
| composer install --no-progress --prefer-dist --working-dir=. --file=composer-security.json | |
| - name: Run security audit | |
| run: | | |
| echo "## π Security Audit Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| composer audit --working-dir=. --format=json > security-report.json || true | |
| if [ -s security-report.json ]; then | |
| ADVISORY_COUNT=$(cat security-report.json | jq -r '.advisories | length // 0' 2>/dev/null || echo "0") | |
| if [ "$ADVISORY_COUNT" -gt 0 ]; then | |
| echo "β οΈ Found $ADVISORY_COUNT security advisories" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Security Issues Found" >> $GITHUB_STEP_SUMMARY | |
| cat security-report.json | jq -r '.advisories[] | "- **" + .packageName + "**: " + .title' >> $GITHUB_STEP_SUMMARY || true | |
| # Create security issue | |
| if [ -n "${{ secrets.GITHUB_TOKEN }}" ]; then | |
| ISSUE_TITLE="Security Vulnerabilities Found - $(date +%Y-%m-%d)" | |
| ISSUE_BODY="Security audit found $ADVISORY_COUNT advisories. Please review dependencies and update vulnerable packages." | |
| curl -X POST \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| https://api.github.com/repos/${{ github.repository }}/issues \ | |
| -d "{ | |
| \"title\": \"$ISSUE_TITLE\", | |
| \"body\": \"$ISSUE_BODY\", | |
| \"labels\": [\"security\", \"dependencies\", \"high-priority\"] | |
| }" 2>/dev/null || echo "Failed to create security issue" | |
| fi | |
| else | |
| echo "β No security advisories found" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| else | |
| echo "β Security audit completed successfully" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| dependency-check: | |
| name: Dependency Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: "8.1" | |
| tools: composer | |
| - name: Analyze composer.json | |
| run: | | |
| echo "## π¦ Dependency Analysis" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Count dependencies | |
| REQUIRE_COUNT=$(jq -r '.require | length' composer.json 2>/dev/null || echo "0") | |
| REQUIRE_DEV_COUNT=$(jq -r '.["require-dev"] | length // 0' composer.json 2>/dev/null || echo "0") | |
| echo "### Current Dependencies" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Production dependencies**: $REQUIRE_COUNT" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Development dependencies**: $REQUIRE_DEV_COUNT" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # List main dependencies | |
| echo "### Production Dependencies" >> $GITHUB_STEP_SUMMARY | |
| echo '```json' >> $GITHUB_STEP_SUMMARY | |
| jq -r '.require' composer.json 2>/dev/null || echo "Could not parse dependencies" | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| # Check for potential issues | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Analysis Notes" >> $GITHUB_STEP_SUMMARY | |
| # Check for wildcard versions | |
| WILDCARD_COUNT=$(jq -r '.require | to_entries[] | select(.value == "*") | .key' composer.json 2>/dev/null | wc -l || echo "0") | |
| if [ "$WILDCARD_COUNT" -gt 0 ]; then | |
| echo "β οΈ Found $WILDCARD_COUNT dependencies with wildcard versions (*)" >> $GITHUB_STEP_SUMMARY | |
| echo "Consider specifying version constraints for better stability" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "β No wildcard version constraints found" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| # Check minimum stability | |
| MIN_STABILITY=$(jq -r '.["minimum-stability"] // "stable"' composer.json 2>/dev/null || echo "stable") | |
| if [ "$MIN_STABILITY" != "stable" ]; then | |
| echo "β οΈ Minimum stability is set to: $MIN_STABILITY" >> $GITHUB_STEP_SUMMARY | |
| echo "Consider using 'stable' for production releases" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "β Minimum stability is set to stable" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| create-update-recommendations: | |
| name: Update Recommendations | |
| runs-on: ubuntu-latest | |
| needs: [security-audit, dependency-check] | |
| if: always() | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Generate Update Recommendations | |
| run: | | |
| echo "## π Dependency Update Recommendations" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Based on the current analysis, here are the recommended actions:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### π οΈ Manual Update Process" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Since this is a Magento module with specific dependency requirements," >> $GITHUB_STEP_SUMMARY | |
| echo "we recommend manual dependency updates:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "1. **Security Updates** (High Priority)" >> $GITHUB_STEP_SUMMARY | |
| echo ' ```bash' >> $GITHUB_STEP_SUMMARY | |
| echo ' # Check for security advisories' >> $GITHUB_STEP_SUMMARY | |
| echo ' composer audit' >> $GITHUB_STEP_SUMMARY | |
| echo ' # Update specific vulnerable packages' >> $GITHUB_STEP_SUMMARY | |
| echo ' composer update package/name --with-dependencies' >> $GITHUB_STEP_SUMMARY | |
| echo ' ```' >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "2. **Testing Updates** (Recommended)" >> $GITHUB_STEP_SUMMARY | |
| echo ' ```bash' >> $GITHUB_STEP_SUMMARY | |
| echo ' # Update development dependencies' >> $GITHUB_STEP_SUMMARY | |
| echo ' composer update --dev --prefer-stable' >> $GITHUB_STEP_SUMMARY | |
| echo ' # Run tests to ensure compatibility' >> $GITHUB_STEP_SUMMARY | |
| echo ' vendor/bin/phpunit' >> $GITHUB_STEP_SUMMARY | |
| echo ' ```' >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "3. **Version Constraint Review**" >> $GITHUB_STEP_SUMMARY | |
| echo " - Review wildcard (*) constraints in composer.json" >> $GITHUB_STEP_SUMMARY | |
| echo " - Consider more specific version ranges for stability" >> $GITHUB_STEP_SUMMARY | |
| echo " - Test compatibility with latest Magento versions" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### π Security Status" >> $GITHUB_STEP_SUMMARY | |
| if [[ "${{ needs.security-audit.result }}" == "success" ]]; then | |
| echo "β Security audit completed - check results above" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "β Security audit failed - manual review recommended" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### π Next Steps" >> $GITHUB_STEP_SUMMARY | |
| echo "- [ ] Review security audit results" >> $GITHUB_STEP_SUMMARY | |
| echo "- [ ] Update vulnerable dependencies if found" >> $GITHUB_STEP_SUMMARY | |
| echo "- [ ] Test with latest Magento versions" >> $GITHUB_STEP_SUMMARY | |
| echo "- [ ] Consider creating a maintenance release" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "*This analysis runs automatically every Monday. Manual updates are recommended for Magento modules to ensure compatibility.*" >> $GITHUB_STEP_SUMMARY | |
| workflow-summary: | |
| name: Workflow Summary | |
| runs-on: ubuntu-latest | |
| needs: [security-audit, dependency-check, create-update-recommendations] | |
| if: always() | |
| steps: | |
| - name: Generate Final Summary | |
| run: | | |
| echo "## π Dependency Update Workflow Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "| Task | Status |" >> $GITHUB_STEP_SUMMARY | |
| echo "|------|--------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| Security Audit | ${{ needs.security-audit.result == 'success' && 'β Completed' || 'β Failed' }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Dependency Check | ${{ needs.dependency-check.result == 'success' && 'β Completed' || 'β Failed' }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Update Recommendations | ${{ needs.create-update-recommendations.result == 'success' && 'β Generated' || 'β Failed' }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| if [[ "${{ needs.security-audit.result }}" == "success" && "${{ needs.dependency-check.result }}" == "success" ]]; then | |
| echo "### β Workflow Status: SUCCESS" >> $GITHUB_STEP_SUMMARY | |
| echo "All dependency checks completed successfully." >> $GITHUB_STEP_SUMMARY | |
| echo "Review the recommendations above for any necessary actions." >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "### β οΈ Workflow Status: PARTIAL SUCCESS" >> $GITHUB_STEP_SUMMARY | |
| echo "Some checks may have encountered issues. Please review the individual job results." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Next scheduled run**: Every Monday at 09:00 UTC" >> $GITHUB_STEP_SUMMARY |