ci: development file updates

.gitattributes

@@ -9,16 +9,15 @@
 .gitignore export-ignore
 .php-cs-fixer.dist.php export-ignore
 .pre-commit-config.yaml export-ignore
-.yamllint.yaml export-ignore
 composer.lock export-ignore
 composer-require-checker.json export-ignore
 docker-compose.yaml export-ignore
 infection.json.dist export-ignore
 Makefile export-ignore
+pest.xml.dist export-ignore
 phpstan.neon.dist export-ignore
 phpstan-baseline.neon export-ignore
 phpunit.xml.dist export-ignore
 psalm.xml export-ignore
 psalm-baseline.xml export-ignore
-renovate.json export-ignore
 rector.php export-ignore

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+* @lotyp

.github/SECURITY.md

@@ -4,18 +4,6 @@ Thank you for helping keep `wayofdev/php-cs-fixer-config` and its users safe. We
 
 <br>
 
-## 🙋‍♂️ Supported Versions
-
-Only certain versions of `wayofdev/php-cs-fixer-config` are currently being maintained with security updates. Please use or upgrade to one of these supported versions:
-
-| Version | Supported          |
-|---------|--------------------|
-| ^1.3    | :white_check_mark: |
-
-Please ensure that you are using one of these supported versions before reporting a security issue.
-
-<br>
-
 ## 🚨 Reporting a Vulnerability
 
 We take all security bugs in `wayofdev/php-cs-fixer-config` seriously. Please follow the instructions below to report security vulnerabilities.

.github/labeler.yml

@@ -11,7 +11,7 @@
 
 "type: documentation":
   - changed-files:
-      - any-glob-to-any-file: ['assets/**/*', '.github/*', './*.md']
+      - any-glob-to-any-file: ['.github/*', './*.md']
 
 "type: maintenance":
   - changed-files:

.github/workflows/auto-merge-release.yml

@@ -4,6 +4,8 @@
 
 on:  # yamllint disable-line rule:truthy
   pull_request:
+    branches:
+      - master
 
 permissions:
   pull-requests: write
@@ -13,15 +15,14 @@ name: 🤞 Auto merge release
 
 jobs:
   auto-merge:
-    if: github.actor == 'lotyp' && startsWith(github.head_ref, 'release-please--')
-    runs-on: ubuntu-latest
-    steps:
-      - name: 🤞 Auto-merge pull request
-        uses: peter-evans/enable-pull-request-automerge@v3
-        with:
-          pull-request-number: ${{ github.event.pull_request.number }}
-          merge-method: merge
-          # to trigger other workflows, pass PAT token instead of GITHUB_TOKEN
-          token: ${{ secrets.GITHUB_TOKEN }}
+    uses: wayofdev/gh-actions/.github/workflows/auto-merge-release.yml@v3.1.0
+    with:
+      os: ubuntu-latest
+      pull-request-number: ${{ github.event.pull_request.number }}
+      actor: lotyp
+      merge-method: merge
+    secrets:
+      # to trigger other workflows, pass PAT token instead of GITHUB_TOKEN
+      token: ${{ secrets.PERSONAL_GITHUB_TOKEN }}
 
 ...

.github/workflows/coding-standards.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           configFile: ${{ github.workspace }}/.github/.commitlint.config.mjs
           failOnWarnings: false
-          failOnErrors: false
+          failOnErrors: true
           helpURL: 'https://github.com/conventional-changelog/commitlint/#what-is-commitlint'
 
   yaml-linting:
@@ -42,7 +42,7 @@ jobs:
       - name: 🧐 Lint YAML files
         uses: ibiqlik/action-yamllint@v3.1.1
         with:
-          config_file: .yamllint.yaml
+          config_file: .github/.yamllint.yaml
           file_or_dir: '.'
           strict: true
 
@@ -59,6 +59,7 @@ jobs:
       - name: 🧐 Lint Markdown files
         uses: DavidAnson/markdownlint-cli2-action@v16.0.0
         with:
+          config: '.github/.markdownlint.json'
           globs: |
             **/*.md
             !CHANGELOG.md

.github/workflows/dependency-analysis.yml

@@ -1,22 +1,20 @@
 ---
 
-name: 🔐 Dependency analysis
-
 on:  # yamllint disable-line rule:truthy
   pull_request:
     paths:
       - 'src/**'
       - 'tests/**'
       - '.php-cs-fixer.dist.php'
-      - 'composer.json'
-      - 'composer.lock'
+      - 'composer.*'
   push:
     paths:
       - 'src/**'
       - 'tests/**'
       - '.php-cs-fixer.dist.php'
-      - 'composer.json'
-      - 'composer.lock'
+      - 'composer.*'
+
+name: 🔐 Dependency analysis
 
 jobs:
   dependency-analysis:

.github/workflows/security-analysis.yml

@@ -1,10 +1,14 @@
 ---
 
-name: 🔐 Security analysis
-
 on:  # yamllint disable-line rule:truthy
   pull_request:
+    branches:
+      - master
   push:
+    branches:
+      - master
+
+name: 🔐 Security analysis
 
 jobs:
   security-analysis:

.github/workflows/shellcheck.yml

@@ -2,6 +2,8 @@
 
 on:  # yamllint disable-line rule:truthy
   pull_request:
+    branches:
+      - master
 
 name: 🐞 Differential shell-check
 

.github/workflows/static-analysis.yml

@@ -5,28 +5,32 @@ on:  # yamllint disable-line rule:truthy
     branches:
       - master
     paths:
+      - 'phpstan*'
+      - 'psalm*'
+      - 'composer.*'
       - 'src/**'
       - 'tests/**'
-      - 'bin/trap'
       - '.php-cs-fixer.dist.php'
   pull_request:
     branches:
       - master
     paths:
+      - 'phpstan*'
+      - 'psalm*'
+      - 'composer.*'
       - 'src/**'
       - 'tests/**'
-      - 'bin/trap'
       - '.php-cs-fixer.dist.php'
 
 name: 🔍 Static analysis
 
 jobs:
-  static-analysis:
+  phpstan:
     timeout-minutes: 4
     runs-on: ${{ matrix.os }}
     concurrency:
       cancel-in-progress: true
-      group: static-analysis-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+      group: phpstan-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
     strategy:
       fail-fast: true
       matrix:
@@ -71,3 +75,54 @@ jobs:
 
       - name: 🔍 Run static analysis using phpstan/phpstan
         run: composer stan:ci
+
+  psalm:
+    timeout-minutes: 4
+    runs-on: ${{ matrix.os }}
+    concurrency:
+      cancel-in-progress: true
+      group: psalm-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    strategy:
+      fail-fast: true
+      matrix:
+        os:
+          - ubuntu-latest
+        php-version:
+          - '8.1'
+        dependencies:
+          - locked
+    steps:
+      - name: 📦 Check out the codebase
+        uses: actions/checkout@v4.1.6
+
+      - name: 🛠️ Setup PHP
+        uses: shivammathur/setup-php@2.30.4
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: none, ctype, curl, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter, opcache, pcntl, posix
+          ini-values: error_reporting=E_ALL
+          coverage: xdebug
+
+      - name: 🛠️ Setup problem matchers
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - name: 🤖 Validate composer.json and composer.lock
+        run: composer validate --ansi --strict
+
+      - name: 🔍 Get composer cache directory
+        uses: wayofdev/gh-actions/actions/composer/get-cache-directory@v3.1.0
+
+      - name: ♻️ Restore cached dependencies installed with composer
+        uses: actions/cache@v4.0.2
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}
+          restore-keys: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-
+
+      - name: 📥 Install "${{ matrix.dependencies }}" dependencies
+        uses: wayofdev/gh-actions/actions/composer/install@v3.1.0
+        with:
+          dependencies: ${{ matrix.dependencies }}
+
+      - name: 🔍 Run static analysis using vimeo/psalm
+        run: composer psalm:ci

.phive/phars.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
   <phar name="composer-normalize" version="^2.42.0" installed="2.42.0" location="./.phive/composer-normalize" copy="false"/>
-  <phar name="composer-require-checker" version="^4.10.0" installed="4.10.0" location="./.phive/composer-require-checker" copy="false"/>
+  <phar name="composer-require-checker" version="^4.11.0" installed="4.11.0" location="./.phive/composer-require-checker" copy="false"/>
 </phive>

.pre-commit-config.yaml

@@ -29,6 +29,7 @@ repos:
         description: Run markdownlint-cli2 on your Markdown files using the docker image
         language: docker_image
         types: [markdown]
-        entry: davidanson/markdownlint-cli2-rules:latest
+        entry: 'davidanson/markdownlint-cli2-rules:latest'
+        args: ['--config', '.github/.markdownlint.json']
 
 ...

Makefile

@@ -36,6 +36,7 @@ ENVSUBST ?= $(BUILDER) envsubst
 YAML_LINT_RUNNER ?= $(DOCKER) run --rm $$(tty -s && echo "-it" || echo) \
 	-v $(PWD):/data \
 	cytopia/yamllint:latest \
+	-c ./.github/.yamllint.yaml \
 	-f colored .
 
 ACTION_LINT_RUNNER ?= $(DOCKER) run --rm $$(tty -s && echo "-it" || echo) \
@@ -47,7 +48,8 @@ ACTION_LINT_RUNNER ?= $(DOCKER) run --rm $$(tty -s && echo "-it" || echo) \
 MARKDOWN_LINT_RUNNER ?= $(DOCKER) run --rm $$(tty -s && echo "-it" || echo) \
 	-v $(shell pwd):/app \
 	--workdir /app \
-	davidanson/markdownlint-cli2-rules:latest
+	davidanson/markdownlint-cli2-rules:latest \
+	--config ".github/.markdownlint.json"
 
 PHIVE_RUNNER ?= $(DOCKER_COMPOSE) run --rm --no-deps app
 
@@ -94,9 +96,9 @@ help: ## Show this menu
 	@echo
 	@echo '    📑 Logs are stored in      $(MAKE_LOGFILE)'
 	@echo
-	@echo '    📦 Package                 php-cs-fixer-config (github.com/wayofdev/php-cs-fixer-config)'
-	@echo '    🤠 Makefile Author         Andrij Orlenko (github.com/lotyp)'
-	@echo '    🏢 ${YELLOW}Org                     wayofdev (github.com/wayofdev)${RST}'
+	@echo '    📦 Package                 php-cs-fixer-config (https://github.com/wayofdev/php-cs-fixer-config)'
+	@echo '    🤠 Makefile Author         Andrij Orlenko (https://github.com/lotyp)'
+	@echo '    🏢 ${YELLOW}Org                     wayofdev (https://github.com/wayofdev)${RST}'
 	@echo
 .PHONY: help
 
@@ -140,6 +142,10 @@ down: # Stops and removes containers of this project
 	$(DOCKER_COMPOSE) down --remove-orphans --volumes
 .PHONY: down
 
+stop: ## Stops all containers, without removing them
+	$(DOCKER_COMPOSE) stop
+.PHONY: stop
+
 restart: down up ## Runs down and up commands
 .PHONY: restart
 
@@ -267,10 +273,17 @@ infect-ci: ## Runs infection – mutation testing framework with github output (
 	$(APP_COMPOSER) infect:ci
 .PHONY: lint-infect-ci
 
-test: ## Run project php-unit and pest tests
+test: test-unit test-arch ## Run project php-unit and pest tests
+.PHONY: test
+
+test-unit: ## Run project php-unit tests
 	$(APP_COMPOSER) test
 .PHONY: test
 
+test-arch: ## Run project pest tests with architecture checks
+	$(APP_COMPOSER) test:arch
+.PHONY: test-arch
+
 test-cc: ## Run project php-unit and pest tests in coverage mode and build report
 	$(APP_COMPOSER) test:cc
 .PHONY: test-cc