kariricode-classdiscovery/.github/workflows/code-quality.yml at 94ee2369c0f99668d38816cc6c596dba3ce770e0 · KaririCode-Framework/kariricode-classdiscovery · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
name: Code Quality

# ARFA 1.3 / KaririCode Spec V4.0 — Parallel Quality Gates
# Runs 5 parallel jobs with a quality-summary gate job.
# Triggers: main, develop, feature branches, PRs, and manual dispatch.

on:
  push:
    branches:
      - main
      - develop
      - 'feature/**'
  pull_request:
    branches:
      - main
      - develop
  workflow_dispatch:

jobs:
  # ============================================================================
  # DEPENDENCY VALIDATION (Spec V4.0 — contract compliance)
  # ============================================================================
  dependencies:
    name: Dependency Validation
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          tools: composer:v2
          coverage: none

      - name: Validate composer.json
        run: composer validate --strict --no-check-lock

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress --no-scripts

      - name: Check platform requirements
        run: composer check-platform-reqs

  # ============================================================================
  # SECURITY AUDIT (ARFA 1.3 — resilience pillar)
  # ============================================================================
  security:
    name: Security Audit
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          tools: composer:v2
          coverage: none

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress --no-scripts

      - name: Run composer audit
        run: composer audit --format=plain

  # ============================================================================
  # STATIC ANALYSIS (Spec V4.0 S14 — Type Safety)
  # kcode analyse runs PHPStan Level 9 + Psalm (100% type inference).
  # ============================================================================
  analyse:
    name: Static Analysis — PHPStan L9 + Psalm
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          extensions: mbstring, xml
          coverage: none
          tools: composer:v2

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress --no-scripts

      - name: Install kcode
        run: |
          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
          chmod +x kcode.phar
          sudo mv kcode.phar /usr/local/bin/kcode

      - name: Initialize devkit
        run: kcode init

      # Patch generated phpunit.xml.dist — PHPUnit 12 emits false-positive warnings
      # for classes extending built-ins outside <source>; use python3 for reliable XML edit.
      - name: Patch phpunit.xml.dist
        run: |
          python3 - <<'EOF'
          import xml.etree.ElementTree as ET
          ET.register_namespace('', 'http://www.w3.org/2001/XMLSchema-instance')
          path = '.kcode/phpunit.xml.dist'
          tree = ET.parse(path)
          root = tree.getroot()
          root.set('failOnWarning', 'false')
          root.set('failOnRisky', 'false')
          root.set('beStrictAboutCoverageMetadata', 'false')
          src = root.find('source')
          if src is not None:
              src.attrib.pop('restrictWarnings', None)
              src.attrib.pop('restrictDeprecations', None)
              src.attrib.pop('restrictNotices', None)
          tree.write(path, xml_declaration=True, encoding='UTF-8')
          EOF

      # Runs PHPStan Level 9 then Psalm sequentially — both must pass
      - name: Run PHPStan + Psalm via kcode
        run: kcode analyse

  # ============================================================================
  # CODE STYLE (ARFA 1.3 Naming / Formatting Standards)
  # ============================================================================
  cs-fixer:
    name: Code Style — PHP CS Fixer
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          extensions: mbstring, xml
          coverage: none
          tools: composer:v2

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress --no-scripts

      - name: Install kcode
        run: |
          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
          chmod +x kcode.phar
          sudo mv kcode.phar /usr/local/bin/kcode

      - name: Initialize devkit
        run: kcode init

      - name: Check code style (dry-run)
        run: kcode cs:fix --check

  # ============================================================================
  # UNIT & INTEGRATION TESTS (ARFA 1.3 §Testing — Zero Tolerance)
  # pcov is the mandatory driver (performance + accuracy over Xdebug).
  # ============================================================================
  tests:
    name: PHPUnit — Tests (pcov)
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          extensions: mbstring, xml
          coverage: pcov
          tools: composer:v2

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress --no-scripts

      - name: Install kcode
        run: |
          wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
          chmod +x kcode.phar
          sudo mv kcode.phar /usr/local/bin/kcode

      - name: Initialize devkit
        run: kcode init

      # Patch generated phpunit.xml.dist — PHPUnit 12 emits false-positive warnings
      # for classes extending built-ins outside <source>; use python3 for reliable XML edit.
      - name: Patch phpunit.xml.dist
        run: |
          python3 - <<'EOF'
          import xml.etree.ElementTree as ET
          ET.register_namespace('', 'http://www.w3.org/2001/XMLSchema-instance')
          path = '.kcode/phpunit.xml.dist'
          tree = ET.parse(path)
          root = tree.getroot()
          root.set('failOnWarning', 'false')
          root.set('failOnRisky', 'false')
          root.set('beStrictAboutCoverageMetadata', 'false')
          src = root.find('source')
          if src is not None:
              src.attrib.pop('restrictWarnings', None)
              src.attrib.pop('restrictDeprecations', None)
              src.attrib.pop('restrictNotices', None)
          tree.write(path, xml_declaration=True, encoding='UTF-8')
          EOF

      - name: Run tests with coverage (pcov)
        run: kcode test --coverage

  # ============================================================================
  # QUALITY SUMMARY — Gate job (if: always())
  # ============================================================================
  quality-summary:
    name: Quality Summary
    runs-on: ubuntu-latest
    needs: [dependencies, security, analyse, cs-fixer, tests]
    if: always()

    steps:
      - name: Post quality summary
        run: |
          echo "## KaririCode ClassDiscovery — Quality Report (ARFA 1.3)" >> "$GITHUB_STEP_SUMMARY"
          echo "" >> "$GITHUB_STEP_SUMMARY"
          echo "| Check | Result |" >> "$GITHUB_STEP_SUMMARY"
          echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"
          echo "| Dependency Validation | ${{ needs.dependencies.result }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Security Audit | ${{ needs.security.result }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Static Analysis (PHPStan L9 + Psalm) | ${{ needs.analyse.result }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| Code Style (CS Fixer) | ${{ needs.cs-fixer.result }} |" >> "$GITHUB_STEP_SUMMARY"
          echo "| PHPUnit Tests (pcov) | ${{ needs.tests.result }} |" >> "$GITHUB_STEP_SUMMARY"

          if [ "${{ needs.security.result }}" != "success" ] || \
             [ "${{ needs.analyse.result }}" != "success" ] || \
             [ "${{ needs.cs-fixer.result }}" != "success" ] || \
             [ "${{ needs.tests.result }}" != "success" ]; then
            echo "" >> "$GITHUB_STEP_SUMMARY"
            echo "❌ One or more quality gates failed. Merge blocked." >> "$GITHUB_STEP_SUMMARY"
            exit 1
          fi

          echo "" >> "$GITHUB_STEP_SUMMARY"
          echo "✅ All quality gates passed — ARFA 1.3 compliant." >> "$GITHUB_STEP_SUMMARY"