diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9dc98f8..61f6b18 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -79,3 +79,47 @@ updates:
package-ecosystem: "github-actions"
schedule:
interval: "daily"
+
+ - commit-message:
+ include: "scope"
+ prefix: "github-actions"
+ directory: "/actions/oh-dear/check/request-run"
+ labels:
+ - "dependency"
+ open-pull-requests-limit: 10
+ package-ecosystem: "github-actions"
+ schedule:
+ interval: "daily"
+
+ - commit-message:
+ include: "scope"
+ prefix: "github-actions"
+ directory: "/actions/oh-dear/maintenance-period/start"
+ labels:
+ - "dependency"
+ open-pull-requests-limit: 10
+ package-ecosystem: "github-actions"
+ schedule:
+ interval: "daily"
+
+ - commit-message:
+ include: "scope"
+ prefix: "github-actions"
+ directory: "/actions/oh-dear/maintenance-period/stop"
+ labels:
+ - "dependency"
+ open-pull-requests-limit: 10
+ package-ecosystem: "github-actions"
+ schedule:
+ interval: "daily"
+
+ - commit-message:
+ include: "scope"
+ prefix: "github-actions"
+ directory: "/actions/phive/install"
+ labels:
+ - "dependency"
+ open-pull-requests-limit: 10
+ package-ecosystem: "github-actions"
+ schedule:
+ interval: "daily"
diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml
index 3642c95..af3df2f 100644
--- a/.github/workflows/integrate.yaml
+++ b/.github/workflows/integrate.yaml
@@ -16,10 +16,10 @@ jobs:
steps:
- name: "Checkout"
- uses: "actions/checkout@v3.0.2"
+ uses: "actions/checkout@v3.3.0"
- name: "Lint YAML files"
- uses: "ibiqlik/action-yamllint@v3.1.0"
+ uses: "ibiqlik/action-yamllint@v3.1.1"
with:
config_file: ".yamllint.yaml"
file_or_dir: "."
diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml
index 18d55b8..ed31553 100644
--- a/.github/workflows/merge.yaml
+++ b/.github/workflows/merge.yaml
@@ -24,23 +24,23 @@ jobs:
steps:
- name: "Request review from @ergebnis-bot"
- uses: "ergebnis/.github/actions/github/pull-request/request-review@1.5.1"
+ uses: "ergebnis/.github/actions/github/pull-request/request-review@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
reviewer: "ergebnis-bot"
- name: "Assign @ergebnis-bot"
- uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.5.1"
+ uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
assignee: "ergebnis-bot"
- name: "Approve pull request"
- uses: "ergebnis/.github/actions/github/pull-request/approve@1.5.1"
+ uses: "ergebnis/.github/actions/github/pull-request/approve@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
- name: "Merge pull request"
- uses: "ergebnis/.github/actions/github/pull-request/merge@1.5.1"
+ uses: "ergebnis/.github/actions/github/pull-request/merge@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 87f7977..957f35e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -15,6 +15,6 @@ jobs:
steps:
- name: "Create release"
- uses: "ergebnis/.github/actions/github/release/create@1.5.1"
+ uses: "ergebnis/.github/actions/github/release/create@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml
index 59fa6c4..9448fa2 100644
--- a/.github/workflows/triage.yaml
+++ b/.github/workflows/triage.yaml
@@ -15,6 +15,6 @@ jobs:
steps:
- name: "Add labels based on branch name"
- uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.5.1"
+ uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.7.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9c3cb6..342dae4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Unreleased
-For a full diff see [`1.7.0...main`][1.7.0...main].
+For a full diff see [`1.8.0...main`][1.8.0...main].
+
+## [`1.8.0`][1.8.0]
+
+For a full diff see [`1.7.0...1.8.0`][1.7.0...1.8.0].
+
+### Added
+
+- Added composite action `phive/install` for installing dependencies with [`phive`](https://phar.io) ([#142]), by [@localheinz]
## [`1.7.0`][1.7.0]
@@ -144,7 +152,8 @@ For a full diff see [`1.0.0...main`][1.0.0...main].
[1.5.0...1.5.1]: https://github.com/ergebnis/.github/compare/1.5.0...1.5.1
[1.5.1...1.6.0]: https://github.com/ergebnis/.github/compare/1.5.1...1.6.0
[1.6.0...1.7.0]: https://github.com/ergebnis/.github/compare/1.6.0...1.7.0
-[1.7.0...main]: https://github.com/ergebnis/.github/compare/1.7.0...main
+[1.7.0...1.8.0]: https://github.com/ergebnis/.github/compare/1.7.0...1.8.0
+[1.8.0...main]: https://github.com/ergebnis/.github/compare/1.8.0...main
[#47]: https://github.com/ergebnis/.github/pull/47
[#48]: https://github.com/ergebnis/.github/pull/48
@@ -164,5 +173,6 @@ For a full diff see [`1.0.0...main`][1.0.0...main].
[#96]: https://github.com/ergebnis/.github/pull/96
[#123]: https://github.com/ergebnis/.github/pull/123
[#124]: https://github.com/ergebnis/.github/pull/124
+[#142]: https://github.com/ergebnis/.github/pull/142
[@localheinz]: https://github.com/localheinz
diff --git a/README.md b/README.md
index 91a6961..0782cff 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ This repository provides the following composite actions:
- [`ergebnis/.github/actions/oh-dear/check/request-run`](#oh-dear-check-request-run)
- [`ergebnis/.github/actions/oh-dear/maintenance-period/start`](#oh-dear-maintenance-period-start)
- [`ergebnis/.github/actions/oh-dear/maintenance-period/stop`](#oh-dear-maintenance-period-stop)
+- [`ergebnis/.github/actions/phive/install`](#phive-install)
### `ergebnis/.github/actions/composer/determine-cache-directory`
@@ -58,7 +59,7 @@ jobs:
php-version: "8.1"
- name: "Determine composer cache directory"
- uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.7.0"
+ uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.8.0"
- name: "Cache dependencies installed with composer"
uses: "actions/cache@v3.0.8"
@@ -114,7 +115,7 @@ jobs:
php-version: "8.1"
- name: "Determine composer root version"
- uses: "ergebnis/.github/actions/composer/determine-root-version@1.7.0"
+ uses: "ergebnis/.github/actions/composer/determine-root-version@1.8.0"
```
For details, see [`actions/composer/determine-root-version/action.yaml`](actions/composer/determine-root-version/action.yaml).
@@ -179,7 +180,7 @@ jobs:
php-version: "8.1"
- name: "Determine composer cache directory"
- uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.7.0"
+ uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.8.0"
- name: "Cache dependencies installed with composer"
uses: "actions/cache@v3.0.8"
@@ -189,7 +190,7 @@ jobs:
restore-keys: "composer-${{ matrix.dependencies }}-"
- name: "Install ${{ matrix.dependencies }} dependencies with composer"
- uses: "ergebnis/.github/actions/composer/install@1.7.0"
+ uses: "ergebnis/.github/actions/composer/install@1.8.0"
with:
dependencies: "${{ matrix.dependencies }}"
```
@@ -256,7 +257,7 @@ jobs:
steps:
- name: "Assign @ergebnis-bot"
- uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.7.0"
+ uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.8.0"
with:
assignee: "ergebnis-bot"
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
@@ -299,7 +300,7 @@ jobs:
steps:
- name: "Add labels based on branch name"
- uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.7.0"
+ uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.8.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
```
@@ -351,7 +352,7 @@ jobs:
steps:
- name: "Approve pull request"
- uses: "ergebnis/.github/actions/github/pull-request/approve@1.7.0"
+ uses: "ergebnis/.github/actions/github/pull-request/approve@1.8.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
```
@@ -402,7 +403,7 @@ jobs:
steps:
- name: "Merge pull request"
- uses: "ergebnis/.github/actions/github/pull-request/merge@1.7.0"
+ uses: "ergebnis/.github/actions/github/pull-request/merge@1.8.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
```
@@ -454,7 +455,7 @@ jobs:
steps:
- name: "Request review from @ergebnis-bot"
- uses: "ergebnis/.github/actions/github/pull-request/request-review@1.7.0"
+ uses: "ergebnis/.github/actions/github/pull-request/request-review@1.8.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
reviewer: "ergebnis-bot"
@@ -498,7 +499,7 @@ jobs:
steps:
- name: "Create release"
- uses: "ergebnis/.github/actions/github/release/create@1.7.0"
+ uses: "ergebnis/.github/actions/github/release/create@1.8.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
```
@@ -542,7 +543,7 @@ jobs:
fetch-depth: 50
- name: "Request broken links check on ohdear.app"
- uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.7.0"
+ uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.8.0"
with:
oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}"
oh-dear-check-id: "${{ secrets.OH_DEAR_BROKEN_LINKS_CHECK_ID }}"
@@ -588,7 +589,7 @@ jobs:
fetch-depth: 50
- name: "Start maintenance period on ohdear.app"
- uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.7.0"
+ uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.8.0"
with:
oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}"
oh-dear-site-id: "${{ secrets.OH_DEAR_SITE_ID }}"
@@ -634,7 +635,7 @@ jobs:
fetch-depth: 50
- name: "Stop maintenance period on ohdear.app"
- uses: "ergebnis/.github/actions/oh-dear/maintenance-period/stop@1.7.0"
+ uses: "ergebnis/.github/actions/oh-dear/maintenance-period/stop@1.8.0"
with:
oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}"
oh-dear-site-id: "${{ secrets.OH_DEAR_SITE_ID }}"
@@ -655,6 +656,63 @@ none
A maintenance period is stopped by the user who owns the Oh Dear API token specified with the `oh-dear-api-token` input for the site identified by the `oh-dear-site-id` input.
+### `ergebnis/.github/actions/phive/install`
+
+This action installs dependencies with [`phive`](https://phar.io).
+
+```yaml
+name: "Integrate"
+
+on:
+ pull_request: null
+ push:
+ branches:
+ - "main"
+
+jobs:
+ tests:
+ name: "Tests"
+
+ runs-on: "ubuntu-latest"
+
+ steps:
+ - name: "Checkout"
+ uses: "actions/checkout@v3.0.2"
+
+ - name: "Set up PHP"
+ uses: "shivammathur/setup-php@2.21.2"
+ with:
+ coverage: "none"
+ php-version: "8.1"
+ tools: "phive"
+
+ - name: "Install dependencies with phive"
+ uses: "ergebnis/.github/actions/phive/install@1.8.0"
+ with:
+ trust-gpg-keys: "0x033E5F8D801A2F8D,0x2A8299CE842DD38C"
+```
+
+For details, see [`actions/phive/install/action.yaml`](actions/phive/install/action.yaml).
+
+#### Inputs
+
+- `phive-home`, optional: Which directory to use as `PHIVE_HOME` directory, defaults to `".build/phive"`.
+- `trust-gpg-keys`, required: Which GPG keys to trust, a comma-separated list of trusted GPG keys
+
+#### Outputs
+
+none
+
+#### Side Effects
+
+Dependencies are installed, assuming
+
+- `phive` is available
+- `phive` could find a `phars.xml`
+- keys presented by packages are listed using the `trust-gpg-keys` option
+
+The directory configured by the `phive-home` directory is cached using [`actions/cache`](https://github.com/actions/cache).
+
## Changelog
Please have a look at [`CHANGELOG.md`](CHANGELOG.md).
diff --git a/actions/github/pull-request/add-assignee/action.yaml b/actions/github/pull-request/add-assignee/action.yaml
index 8d0d8d6..18f41be 100644
--- a/actions/github/pull-request/add-assignee/action.yaml
+++ b/actions/github/pull-request/add-assignee/action.yaml
@@ -22,7 +22,7 @@ runs:
steps:
- name: "Determine pull request number"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
@@ -44,7 +44,7 @@ runs:
core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`);
- name: "Add assignee to pull request"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
env:
ASSIGNEE: "${{ inputs.assignee }}"
with:
diff --git a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml
index b3c6c54..e2b60c3 100644
--- a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml
+++ b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml
@@ -19,7 +19,7 @@ runs:
steps:
- name: "Determine pull request number"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
@@ -43,7 +43,7 @@ runs:
core.setFailed(`Unable to determine the pull request number and branch name for event "${context.eventName}"`);
- name: "Add label to pull request based on branch name"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
diff --git a/actions/github/pull-request/approve/action.yaml b/actions/github/pull-request/approve/action.yaml
index 82f295f..2fae547 100644
--- a/actions/github/pull-request/approve/action.yaml
+++ b/actions/github/pull-request/approve/action.yaml
@@ -19,7 +19,7 @@ runs:
steps:
- name: "Determine pull request number"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
@@ -41,7 +41,7 @@ runs:
core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`);
- name: "Approve pull request"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
diff --git a/actions/github/pull-request/merge/action.yaml b/actions/github/pull-request/merge/action.yaml
index 0a96a09..e724c1c 100644
--- a/actions/github/pull-request/merge/action.yaml
+++ b/actions/github/pull-request/merge/action.yaml
@@ -23,7 +23,7 @@ runs:
steps:
- name: "Determine pull request number"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
@@ -45,7 +45,7 @@ runs:
core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`);
- name: "Merge pull request"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
env:
MERGE_METHOD: "${{ inputs.merge-method }}"
with:
diff --git a/actions/github/pull-request/request-review/action.yaml b/actions/github/pull-request/request-review/action.yaml
index cf613c3..394ef02 100644
--- a/actions/github/pull-request/request-review/action.yaml
+++ b/actions/github/pull-request/request-review/action.yaml
@@ -22,7 +22,7 @@ runs:
steps:
- name: "Determine pull request number"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
@@ -44,7 +44,7 @@ runs:
core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`);
- name: "Request reviewer"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
env:
REVIEWER: "${{ inputs.reviewer }}"
with:
diff --git a/actions/github/release/create/action.yaml b/actions/github/release/create/action.yaml
index 76a0ca8..961898c 100644
--- a/actions/github/release/create/action.yaml
+++ b/actions/github/release/create/action.yaml
@@ -23,7 +23,7 @@ runs:
shell: "bash"
- name: "Create release"
- uses: "actions/github-script@v6.3.1"
+ uses: "actions/github-script@v6.3.3"
with:
github-token: "${{ inputs.github-token }}"
script: |
diff --git a/actions/phive/install/action.yaml b/actions/phive/install/action.yaml
new file mode 100644
index 0000000..758d2e2
--- /dev/null
+++ b/actions/phive/install/action.yaml
@@ -0,0 +1,39 @@
+# https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
+# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
+# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-composite-run-steps-actions
+# https://phar.io
+
+name: "Install dependencies with phive"
+
+description: "Installs dependencies with phive"
+
+inputs:
+ phive-home:
+ default: ".build/phive"
+ description: "Which directory to use as PHIVE_HOME directory"
+ required: false
+ trust-gpg-keys:
+ default: ""
+ description: "A comma-separated list of trusted GPG keys"
+ required: true
+
+runs:
+ using: "composite"
+
+ steps:
+ - name: "Create phive home directory"
+ run: "mkdir -p ${{ inputs.phive-home }}"
+ shell: "bash"
+
+ - name: "Cache dependencies installed with phive"
+ uses: "actions/cache@v3.2.3"
+ with:
+ path: "${{ inputs.phive-home }}"
+ key: "phive-hashFiles('**/phars.xml')"
+ restore-keys: "phive-"
+
+ - name: "Install dependencies with phive"
+ env:
+ PHIVE_HOME: "${{ inputs.phive-home }}"
+ run: "phive install --trust-gpg-keys ${{ inputs.trust-gpg-keys }}"
+ shell: "bash"