 |
VOOZH | about |
|
VOOZH | about |
This document describes Maho's automated Continuous Integration and Continuous Deployment (CI/CD) pipeline implemented using GitHub Actions. The pipeline validates code quality, enforces coding standards, runs tests across multiple PHP versions and database engines, and performs security scanning.
For information about the testing framework used in the pipeline, see Testing with Pest. For static analysis tools and configuration, see Static Analysis and Code Quality. For security-specific workflows and best practices, see Security Best Practices.
Maho's CI/CD pipeline consists of multiple distinct GitHub Actions workflows that run on push to main, pull requests, and scheduled intervals. The workflows are designed to fail fast, cache dependencies aggressively, and perform incremental checks when possible to optimize CI runtime.
The following table shows when each workflow executes:
| Workflow | Push to Main | Pull Request | Schedule | Manual |
|---|---|---|---|---|
| PHP Syntax | ✓ | ✓ | - | ✓ |
| Copyright Check | ✓ | ✓ | - | - |
| PHPStan | ✓ | ✓ | - | ✓ |
| Rector | ✓ | ✓ | - | ✓ |
| XML Syntax | ✓ | ✓ | - | ✓ |
| CodeQL | ✓ | ✓ | - | ✓ |
| Pest Tests | ✓ | ✓ | - | ✓ |
| PHP-CS-Fixer | ✓ | ✓ | - | ✓ |
| Composer | ✓ | ✓ | - | ✓ |
| CSV Sorting | ✓ | ✓ | - | ✓ |
| Line Endings | ✓ | ✓ | - | ✓ |
| PHP Security | - | ✓ (composer.lock) | Weekly | ✓ |
| Sync L10N Repo | - | - | Daily | ✓ |
| phpDoc | ✓ | - | - | ✓ |
| Translation Checks | - | ✓ | - | - |
Sources: .github/workflows/syntax-php.yml1-10 .github/workflows/copyright.yml1-8 .github/workflows/phpstan.yml1-10 .github/workflows/rector.yml1-10 .github/workflows/syntax-xml.yml1-10 .github/workflows/codeql-analysis.yml12-21 .github/workflows/pest.yml1-10 .github/workflows/phpdoc.yml1-8 .github/workflows/check-missing-translations.yml1-5 .github/workflows/check-unused-translations.yml1-5
The syntax-php.yml workflow validates PHP syntax across multiple PHP versions using a matrix strategy.
The workflow uses SamhammerAG/last-successful-build-action@v7 to determine the last successful commit SHA .github/workflows/syntax-php.yml27-33 then tj-actions/changed-files@v47 to get only changed PHP/PHTML files since that commit .github/workflows/syntax-php.yml35-42 This incremental approach significantly reduces CI time on large codebases by only checking modified files.
The syntax check loop iterates through changed files, running php -l on each .github/workflows/syntax-php.yml56-57 Parse errors are extracted and reported as GitHub Annotations .github/workflows/syntax-php.yml61 with the file path and line number.
Sources: .github/workflows/syntax-php.yml1-65
The syntax-xml.yml workflow validates XML syntax using xmllint with the same incremental checking strategy .github/workflows/syntax-xml.yml30-36
The workflow installs the libxml2-utils package .github/workflows/syntax-xml.yml44 and runs xmllint --noout "$FILE" on each changed XML file .github/workflows/syntax-xml.yml52 Error messages are parsed to extract line numbers and reported as GitHub Annotations .github/workflows/syntax-xml.yml55-56
Sources: .github/workflows/syntax-xml.yml1-60
The phpstan.yml workflow runs PHPStan static analysis across the PHP version matrix.
The workflow implements a two-tier caching strategy:
actions/cache@v5 to cache Composer's download directory .github/workflows/phpstan.yml34-38var/ directory containing PHPStan's result cache .github/workflows/phpstan.yml44-51The result cache is always saved .github/workflows/phpstan.yml57-61 even on failure, to speed up subsequent runs.
Sources: .github/workflows/phpstan.yml1-62
The rector.yml workflow validates that code follows modern PHP practices. It runs php vendor/bin/rector -c .rector.php --dry-run .github/workflows/rector.yml40 to check for potential refactorings without applying them.
Sources: .github/workflows/rector.yml1-41
The pest.yml workflow runs the test suite across multiple database engines: MySQL, MariaDB, PostgreSQL, and SQLite.
The workflow uses GitHub Actions service containers for MySQL, MariaDB, and PostgreSQL .github/workflows/pest.yml57-73 Each service includes health checks to ensure database readiness before installation .github/workflows/pest.yml25-69
All installations include --sample_data 1 to test with realistic data .github/workflows/pest.yml122-175 After installation, the workflow runs ./maho index:reindex:all to populate indexes .github/workflows/pest.yml123-176 and ./maho cache:flush to clear caches .github/workflows/pest.yml124-177
Sources: .github/workflows/pest.yml1-181
The copyright.yml workflow enforces that all code files contain valid copyright notices. It dynamically builds a pattern that accepts year ranges (e.g., 2024-2025) .github/workflows/copyright.yml54-65 It checks files with .js, .php, and .phtml extensions .github/workflows/copyright.yml76-78 while ignoring specific configuration files .github/workflows/copyright.yml43-47
Sources: .github/workflows/copyright.yml1-100
The codeql-analysis.yml workflow performs security analysis using GitHub's CodeQL engine, specifically targeting JavaScript .github/workflows/codeql-analysis.yml38 It initializes the CodeQL tools and performs analysis on every push to main and pull request .github/workflows/codeql-analysis.yml17-51
Sources: .github/workflows/codeql-analysis.yml1-54
Two specialized workflows ensure the integrity of the translation system:
check-missing-translations.yml identifies untranslated strings in changed files using the dev:translations:missing command .github/workflows/check-missing-translations.yml37check-unused-translations.yml identifies obsolete strings in the CSV files using the dev:translations:unused command .github/workflows/check-unused-translations.yml35Sources: .github/workflows/check-missing-translations.yml1-46 .github/workflows/check-unused-translations.yml1-43
The sync-l10n-repo.yml workflow runs daily to synchronize core locale files from the main repository to the MahoCommerce/maho-l10n repository .github/workflows/sync-l10n-repo.yml3-4 It copies app/locale/en_US .github/workflows/sync-l10n-repo.yml46 and creates a pull request in the target repo if changes are found .github/workflows/sync-l10n-repo.yml54-60
Sources: .github/workflows/sync-l10n-repo.yml1-62
The phpdoc.yml workflow generates technical API documentation using the phpdoc tool with configuration from .github/phpdoc.xml .github/workflows/phpdoc.yml28 It analyzes app and lib directories while ignoring setup scripts and tests .github/phpdoc.xml14-22 Results are deployed to Cloudflare Pages .github/workflows/phpdoc.yml30-35
Sources: .github/workflows/phpdoc.yml1-36 .github/phpdoc.xml1-32
| Workflow | Key Components / Tools | PHP Version |
|---|---|---|
| PHP Syntax | php -l | 8.3, 8.4, 8.5 |
| PHPStan | phpstan.phar | 8.3, 8.4, 8.5 |
| Pest Tests | pest, MySQL, MariaDB, PgSQL, SQLite | 8.3 |
| Rector | rector | 8.3 |
| XML Syntax | xmllint | N/A |
| Translation Checks | maho dev:translations:* | 8.3 |
Sources: .github/workflows/syntax-php.yml19 .github/workflows/phpstan.yml19 .github/workflows/pest.yml78 .github/workflows/rector.yml20 .github/workflows/check-missing-translations.yml19
Refresh this wiki