diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..e6af4cd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,11 @@ +blank_issues_enabled: false +contact_links: + - name: Request a new feature + url: https://github.com/hi-folks/data-block/issues/new?labels=enhancement + about: Share ideas for new features / functions + - name: Report a bug + url: https://github.com/hi-folks/data-block/issues/new?labels=bug + about: Report a reproducable bug + - name: Documentation + url: https://github.com/hi-folks/data-block/issues/new?labels=documentation + about: Improvements or additions to documentation diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..bf8206f --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,23 @@ +# Package Security Policy + +## Reporting Security Issues + +If you discover any security-related issues within our package, we take these matters seriously and encourage you to report them to us promptly. Your assistance in disclosing potential security vulnerabilities is highly appreciated. + +To report a security issue, please send an email to us at [roberto.butti@gmail.com](mailto:roberto.butti@gmail.com). We request that you do not use public issue trackers or other public communication channels to report security concerns related to this package. This helps us maintain the confidentiality and integrity of the issue while we investigate and address it. + +## Responsible Disclosure + +We follow a responsible disclosure policy, and we kindly ask you to: + +1. **Provide Sufficient Details**: When reporting a security issue, please include as much information as possible so that we can reproduce and understand the problem. This may include steps to reproduce, the affected component, and any proof-of-concept code if available. + +2. **Allow Time for Resolution**: We will acknowledge the receipt of your report promptly and work diligently to assess and resolve the issue. We appreciate your patience and understanding during this process. + +3. **Keep Information Confidential**: Please do not disclose or share the details of the security issue with others until we have addressed and resolved it. This helps protect our users and the security of our package. + +4. **Do Not Impact Other Users**: Please refrain from taking any actions that may negatively impact the availability or integrity of our package or the data of other users. + +If you are unsure whether a specific issue qualifies, please report it, and we will assess its validity. + +Thank you for your cooperation in helping us maintain the security of our package and protect our users. We value your contributions to our security efforts and we deeply appreciate your valuable contributions. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..30c8a49 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..2b9e9a5 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,32 @@ +name: dependabot-auto-merge +on: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2.1.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Auto-merge Dependabot PRs for semver-minor updates + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + - name: Auto-merge Dependabot PRs for semver-patch updates + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml new file mode 100644 index 0000000..1c09c82 --- /dev/null +++ b/.github/workflows/run-tests.yml @@ -0,0 +1,39 @@ +name: Tests + +on: [push, pull_request] + +jobs: + test: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: true + matrix: + os: [ubuntu-latest, windows-latest] + php: [8.1, 8.2, 8.3] + exclude: + - os: windows-latest + php: [8.1, 8.2] + + name: P${{ matrix.php }} - ${{ matrix.os }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + extensions: dom, curl, libxml, mbstring, zip, pcntl, bcmath, soap, intl, iconv, fileinfo + coverage: none + + - name: Setup problem matchers + run: | + echo "::add-matcher::${{ runner.tool_cache }}/php.json" + echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" + + - name: Install dependencies + run: composer install --prefer-dist --no-interaction + + - name: Execute tests + run: composer test diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml new file mode 100644 index 0000000..0d4fdac --- /dev/null +++ b/.github/workflows/static-code-analysis.yml @@ -0,0 +1,37 @@ +name: Static Code Analysis + +on: [push, pull_request] + +jobs: + test: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: true + matrix: + os: [ubuntu-latest] + php: [8.3] + stability: [prefer-stable] + + name: P${{ matrix.php }} - ${{ matrix.stability }} - ${{ matrix.os }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + extensions: dom, curl, libxml, mbstring, zip, pcntl, bcmath, intl, iconv, fileinfo + coverage: none + + - name: Setup problem matchers + run: | + echo "::add-matcher::${{ runner.tool_cache }}/php.json" + echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" + + - name: Install dependencies + run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction + + - name: Execute static code analysis + run: vendor/bin/phpstan analyse src --level 9 --error-format=github --no-progress --no-ansi