diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1ce8b855b3..3b9b1aa6c8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,8 +24,8 @@ updates: interval: 'daily' versioning-strategy: increase-if-necessary ignore: - - dependency-name: "*" - update-types: [ "version-update:semver-major" ] + - dependency-name: '*' + update-types: ['version-update:semver-major'] labels: - 'dependencies' diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index c1e4637bf8..0911d76e5f 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -90,6 +90,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Set cache key (monthly refresh) + run: echo "CACHE_MONTH=$(date +'%Y-%m')" >> $GITHUB_ENV + - name: Cache composer uses: actions/cache@v4 with: @@ -142,15 +145,25 @@ jobs: - name: PHPStan - PHP Static Analysis Tool run: make phpstan - - name: Local PHP Security Checker + - name: Cache Local PHP Security Checker + id: cache-security-checker + uses: actions/cache@v4 + with: + path: ./local-php-security-checker + key: local-php-security-checker-${{ runner.os }}-${{ env.CACHE_MONTH }} + restore-keys: | + local-php-security-checker-${{ runner.os }}- + + - name: Download Local PHP Security Checker if not cached + if: steps.cache-security-checker.outputs.cache-hit != 'true' run: |- lastReleaseInfo=$(curl --silent "https://api.github.com/repos/fabpot/local-php-security-checker/releases/latest") securityCheckVersion=$(echo "${lastReleaseInfo}" | grep '"tag_name":' | sed -E 's/.*"v(.+)",/\1/') - curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v${securityCheckVersion}/local-php-security-checker_linux_$(dpkg --print-architecture) --output ./local-php-security-checker chmod +x ./local-php-security-checker - ./local-php-security-checker + - name: Run Local PHP Security Checker + run: ./local-php-security-checker phpunit: name: PHPUnit