ci(ci): Update action references and enhance CI configurations

guanguans · guanguans · commit b23c7c8c7c6e · 2026-03-19T14:57:06.000+08:00
- Change issues-translate-action reference to dromara/issues-translate-action
- Set COMPOSER_NO_SECURITY_BLOCKING environment variable in multiple CI files
- Add php-cs-fixer, phpstan, and rector steps for dry-run and error format outputs
- Upload phpstan analysis results in SARIF format to GitHub

Signed-off-by: guanguans &lt;ityaozm@gmail.com&gt;
diff --git a/.github/workflows/issues-translate.yml b/.github/workflows/issues-translate.yml
@@ -11,6 +11,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: usthe/issues-translate-action@v2.7
+      - uses: dromara/issues-translate-action@v2.7
         with:
           IS_MODIFY_TITLE: true
diff --git a/.github/workflows/php-cs-fixer.yml b/.github/workflows/php-cs-fixer.yml
@@ -5,6 +5,9 @@ on:
   push:
   pull_request:
 
+env:
+  COMPOSER_NO_SECURITY_BLOCKING: 1
+
 jobs:
   php-cs-fixer:
     name: php-cs-fixer
@@ -37,5 +40,9 @@ jobs:
       - name: Run composer install
         run: composer install --no-interaction --ansi -v
 
+      - name: Run php-cs-fixer with annotate-pull-request format
+        continue-on-error: true
+        run: composer php-cs-fixer:fix-dry-run-format-annotate-pull-request
+
       - name: Run php-cs-fixer
         run: composer php-cs-fixer:fix-dry-run
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
@@ -5,6 +5,13 @@ on:
   push:
   pull_request:
 
+env:
+  COMPOSER_NO_SECURITY_BLOCKING: 1
+
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   phpstan:
     name: phpstan
@@ -37,5 +44,19 @@ jobs:
       - name: Run composer install
         run: composer install --no-interaction --ansi -v
 
+      - name: Run phpstan with sarif error format
+        continue-on-error: true
+        run: composer phpstan:analyse-error-format-sarif
+
+      - name: Upload the analysis results of sarif to GitHub
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: .build/phpstan/results.sarif
+          wait-for-processing: true
+
+      - name: Run phpstan with annotate-pull-request error format
+        continue-on-error: true
+        run: composer phpstan:analyse-error-format-annotate-pull-request
+
       - name: Run phpstan
         run: composer phpstan:analyse
diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml
@@ -5,6 +5,9 @@ on:
   push:
   pull_request:
 
+env:
+  COMPOSER_NO_SECURITY_BLOCKING: 1
+
 jobs:
   rector:
     name: rector
@@ -37,5 +40,9 @@ jobs:
       - name: Run composer install
         run: composer install --no-interaction --ansi -v
 
+      - name: Run rector with github output format
+        continue-on-error: true
+        run: composer rector:process-dry-run-output-format-github
+
       - name: Run rector
         run: composer rector:process-dry-run
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -5,6 +5,9 @@ on:
   push:
   pull_request:
 
+env:
+  COMPOSER_NO_SECURITY_BLOCKING: 1
+
 jobs:
   test:
     runs-on: ${{ matrix.os }}
diff --git a/.typos.toml b/.typos.toml
@@ -0,0 +1,34 @@
+# https://github.com/crate-ci/typos/blob/master/docs/reference.md
+# https://github.com/crate-ci/typos/wiki
+# https://github.com/GitoxideLabs/gitoxide/blob/main/_typos.toml
+# https://github.com/letsencrypt/boulder/blob/main/.typos.toml
+# https://github.com/nushell/nushell/blob/main/typos.toml
+[files]
+ignore-hidden = false
+extend-exclude = [
+  ".git/",
+  "CHANGELOG.md",
+]
+
+[default]
+extend-ignore-re = [
+  # https://github.com/sirwart/ripsecrets/blob/main/src/lib.rs
+  '\b[0-9A-Za-z+/_-]{36,}\b',  # Anything base64 or base64url longer than 36 chars is probably encoded.
+  "at_[0-9a-zA-Z-]+",  # 忽略以 at_ 开头的令牌字符串
+  "[0-9A-Z]{16}",  # 忽略评分 ID
+]
+extend-ignore-identifiers-re = [
+  "[0-9a-f]{7,}",  # Git commit hash
+]
+extend-ignore-words-re = [
+  # "Symplify",
+]
+
+[default.extend-words]
+"Symplify" = "Symplify"
+"reguard" = "reguard"
+"responsable" = "responsable"
+"STATMENT" = "STATMENT"
+
+[default.extend-identifiers]
+# "Symplify" = "Symplify"
diff --git a/composer.json b/composer.json
@@ -56,6 +56,7 @@
         "guanguans/php-cs-fixer-custom-fixers": "^1.2",
         "guanguans/rector-rules": "^1.7",
         "illuminate/support": "^10.49 || ^11.0 || ^12.0 || ^13.0",
+        "jbelien/phpstan-sarif-formatter": "^1.2",
         "mockery/mockery": "^1.6",
         "nette/utils": "^4.0",
         "pestphp/pest": "^2.36 || ^3.0 || ^4.0",
@@ -162,6 +163,8 @@
             "@composer:normalize"
         ],
         "actionlint": "actionlint -ignore=SC2035 -ignore=SC2086 -color -oneline -verbose",
+        "argtyper": "@php vendor/bin/argtyper --ansi -vv",
+        "argtyper:add-types": "@argtyper add-types .",
         "blade-formatter": "blade-formatter resources/views/*.blade.php resources/views/**/*.blade.php --ignore-path= --php-version=8.1 --progress",
         "blade-formatter:check-formatted": "@blade-formatter --check-formatted",
         "blade-formatter:write": "@blade-formatter --write",
@@ -176,6 +179,7 @@
         ],
         "checks:optional": [
             "@putenv:xdebug-off",
+            "@composer:unlink",
             "@class-leak:check",
             "@composer-dependency-analyser",
             "@composer:normalize-dry-run",
@@ -205,6 +209,7 @@
             "@php-cs-fixer:custom-fix-dry-run",
             "@php-cs-fixer:custom-ln-config",
             "@rule-doc-generator:generate",
+            "@typos",
             "@zhlint"
         ],
         "checks:required": [
@@ -242,6 +247,7 @@
         "composer:diff": "@composer diff --with-platform --ansi -vv",
         "composer:normalize": "@composer normalize --diff --ansi -vv",
         "composer:normalize-dry-run": "@composer:normalize --dry-run",
+        "composer:unlink": "@php -r \"@unlink('vendor/bin/composer');\"",
         "composer:validate": "@composer validate --check-lock --strict --ansi -vv",
         "detect-collisions": "@php vendor/bin/detect-collisions examples/ src/",
         "facade:lint": "@facade:update --lint",
@@ -307,6 +313,7 @@
             "@putenv:xdebug-off"
         ],
         "pest:coverage": "@pest --coverage-html=.build/phpunit/ --coverage-clover=.build/phpunit/clover.xml",
+        "pest:generate-baseline": "@pest --generate-baseline=phpunit-baseline.xml",
         "pest:highest": [
             "@putenv:php",
             "@putenv:xdebug-on",
@@ -333,6 +340,7 @@
         ],
         "php-cs-fixer:fix": "@php-cs-fixer fix --show-progress=dots --diff",
         "php-cs-fixer:fix-dry-run": "@php-cs-fixer:fix --dry-run",
+        "php-cs-fixer:fix-dry-run-format-annotate-pull-request": "@php vendor/bin/php-cs-fixer --ansi -vv 'fix' '--show-progress=dots' '--diff' '--dry-run' --format=checkstyle | vendor/bin/cs2pr --notices-as-warnings --colorize",
         "php-cs-fixer:list-files": "@php-cs-fixer list-files",
         "php-cs-fixer:list-sets": "@php-cs-fixer list-sets --ansi -vv",
         "php-lint": [
@@ -344,6 +352,14 @@
         "phpmnd": "@php vendor/bin/phpmnd src/ --exclude-path=Support/helpers.phpp --ignore-numbers=2,-1 --hint --progress --ansi -vv",
         "phpstan": "@php vendor/bin/phpstan --ansi -vv",
         "phpstan:analyse": "@phpstan analyse",
+        "phpstan:analyse-error-format-annotate-pull-request": "@php vendor/bin/phpstan --ansi -vv 'analyse' --error-format=checkstyle | vendor/bin/cs2pr --notices-as-warnings --colorize",
+        "phpstan:analyse-error-format-checkstyle": "@phpstan:analyse --error-format=checkstyle",
+        "phpstan:analyse-error-format-github": "@phpstan:analyse --error-format=github",
+        "phpstan:analyse-error-format-llm": "@phpstan:analyse --error-format=llm",
+        "phpstan:analyse-error-format-sarif": [
+            "[ -d .build/phpstan/ ] || mkdir -p .build/phpstan/",
+            "@php vendor/bin/phpstan --ansi -vv 'analyse' --error-format=sarif > .build/phpstan/results.sarif"
+        ],
         "phpstan:analyse-generate-baseline": "@phpstan:analyse --generate-baseline --allow-empty-baseline",
         "phpstan:analyse-split-baseline": [
             "@phpstan:analyse --generate-baseline=baselines/loader.neon --allow-empty-baseline",
@@ -357,6 +373,10 @@
             "@php vendor/bin/pint --ansi -vv"
         ],
         "pint:test": "@pint --test",
+        "pint:test-format-annotate-pull-request": [
+            "@putenv:xdebug-off",
+            "@php vendor/bin/pint --ansi -vv '--test' --format=checkstyle | vendor/bin/cs2pr --notices-as-warnings --colorize"
+        ],
         "putenv:composer-memory-unlimited": "@putenv COMPOSER_MEMORY_LIMIT=-1",
         "putenv:php": [
             "@putenv PHP74=/opt/homebrew/opt/php@7.4/bin/php",
@@ -375,14 +395,20 @@
         "rector": "@php vendor/bin/rector",
         "rector:custom-rule": "@rector custom-rule",
         "rector:list-rules": "@rector list-rules",
-        "rector:process": "@rector process",
+        "rector:process": "@rector process --ansi",
         "rector:process-clear-cache": "@rector:process --clear-cache",
         "rector:process-clear-cache-dry-run": "@rector:process-clear-cache --dry-run",
         "rector:process-dry-run": "@rector:process --dry-run",
+        "rector:process-dry-run-output-format-github": "@rector:process-dry-run --output-format=github",
         "rector:process-only": "@rector:process-clear-cache --only=Guanguans\\SoarPHP\\Support\\Rectors\\AddHasOptionsDocCommentRector",
         "rector:process-only-dry-run": "@rector:process-only --dry-run",
         "rector:process-options": "@rector:process-clear-cache --config=rector-options.php",
         "rector:process-options-dry-run": "@rector:process-options --dry-run",
+        "roave-backward-compatibility-check": [
+            "@putenv:php",
+            "$PHP82 vendor/bin/roave-backward-compatibility-check --install-development-dependencies --ansi -vv"
+        ],
+        "roave-backward-compatibility-check:format-github-actions": "@roave-backward-compatibility-check --format=github-actions",
         "rule-doc-generator": [
             "@putenv:php",
             "$PHP82 rule-doc-generator --ansi -vv"
@@ -398,7 +424,12 @@
         "sk:finalize-classes-dry-run": "@sk:finalize-classes --dry-run",
         "sk:find-multi-classes": "@sk find-multi-classes examples/ src/",
         "sk:generate-symfony-config-builders": "@sk generate-symfony-config-builders --help",
-        "sk:namespace-to-psr-4": "@sk namespace-to-psr-4 src/ --namespace-root=Guanguans\\SoarPHP\\",
+        "sk:namespace-to-psr-4": [
+            "@sk:namespace-to-psr-4-src",
+            "@sk:namespace-to-psr-4-tests"
+        ],
+        "sk:namespace-to-psr-4-src": "@sk namespace-to-psr-4 src/ --namespace-root=Guanguans\\SoarPHP\\",
+        "sk:namespace-to-psr-4-tests": "@sk namespace-to-psr-4 tests/ --namespace-root=Guanguans\\SoarPHPTests\\",
         "sk:pretty-json": "@sk pretty-json .lintmdrc",
         "sk:pretty-json-dry-run": "@sk:pretty-json --dry-run",
         "sk:privatize-constants": "@sk privatize-constants examples/ src/",
@@ -448,6 +479,8 @@
         ],
         "todo-lint": "! git --no-pager grep --extended-regexp --ignore-case 'todo|fixme' -- '*.php' ':!*.blade.php' ':(exclude)resources/'",
         "trufflehog": "trufflehog git https://github.com/guanguans/soar-php --only-verified",
+        "typos": "typos --color=always --sort --verbose",
+        "typos:write-changes": "@typos --write-changes",
         "var-dump-server:cli": "@php vendor/bin/var-dump-server --ansi -vv",
         "var-dump-server:html": [
             "@composer-config:disable-process-timeout",
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -27,6 +27,20 @@ includes:
 #    - vendor/symplify/phpstan-rules/config/rector-rules.neon
 #    - vendor/symplify/phpstan-rules/config/symfony-rules.neon
 
+services:
+    # https://github.com/guanguans/notify/security/code-scanning
+    # https://github.com/jbelien/phpstan-sarif-formatter
+    errorFormatter.sarif:
+        class: PHPStanSarifErrorFormatter\SarifErrorFormatter
+        arguments:
+            relativePathHelper: @simpleRelativePathHelper
+            currentWorkingDirectory: %currentWorkingDirectory%
+            pretty: true
+#    errorFormatter.checkstyle:
+#        class: NickSdot\PhpStanPhpStormErrorIdentifiers\CheckstyleErrorFormatterPhpStorm
+#    errorFormatter.llm:
+#        class: NickSdot\PhpStanPhpStormErrorIdentifiers\LlmErrorFormatter
+
 parameters:
     paths:
         - src/
@@ -58,10 +72,10 @@ parameters:
 #            - Rector\Contract\Rector\RectorInterface
     type_coverage:
         declare: 100
-        param_type: 100
-        return_type: 100
-        constant_type: 100
-        property_type: 100
+        param: 100
+        return: 100
+        constant: 100
+        property: 100
     type_perfect:
         narrow_param: true
         narrow_return: true

-Original file line number
+Diff line change
   build:
     runs-on: ubuntu-latest
     steps:
 -      - uses: usthe/[email protected]
 +      - uses: dromara/[email protected]
         with:
           IS_MODIFY_TITLE: true