diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f0ce8fc --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,31 @@ +version: 2 + +updates: + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 0 + labels: + - "php" + - "security" + - "dependencies" + groups: + php-security: + applies-to: security-updates + patterns: + - "*" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "build" + labels: + - "dependencies" + - "github-actions" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index a17e92e..f37e91f 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -18,7 +18,7 @@ jobs: - name: Assign issues and pull requests uses: gustavofreze/auto-assign@2.0.0 with: - assignees: '${{ secrets.ASSIGNEES }}' + assignees: '${{ vars.ASSIGNEES }}' github_token: '${{ secrets.GITHUB_TOKEN }}' allow_self_assign: 'true' allow_no_assignees: 'true' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8ba225..1ed5204 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Configure PHP uses: shivammathur/setup-php@v2 @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Configure PHP uses: shivammathur/setup-php@v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..4c6d7f7 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,35 @@ +name: Security checks + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: "0 0 * * *" + +permissions: + actions: read + contents: read + security-events: write + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: [ "actions" ] + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v4 diff --git a/.gitignore b/.gitignore index 3333ef2..42b841a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ .idea -/vendor/ -/report -*.lock +vendor +report .phpunit.* + +*.lock diff --git a/composer.json b/composer.json index ba27b55..95bc578 100644 --- a/composer.json +++ b/composer.json @@ -40,15 +40,15 @@ }, "require": { "php": "^8.3", - "symfony/process": "^7.1", - "tiny-blocks/ksuid": "^1", - "tiny-blocks/mapper": "^1", - "tiny-blocks/collection": "^1" + "symfony/process": "^7.2", + "tiny-blocks/ksuid": "^1.3", + "tiny-blocks/mapper": "^1.1", + "tiny-blocks/collection": "^1.10" }, "require-dev": { "phpmd/phpmd": "^2.15", - "phpunit/phpunit": "^11", - "phpstan/phpstan": "^1", + "phpunit/phpunit": "^11.5", + "phpstan/phpstan": "^1.12", "dg/bypass-finals": "^1.8", "squizlabs/php_codesniffer": "^3.11", "ext-pdo": "*"