More fixes #3

Workflow file for this run

.github/workflows/verify-release.yml at fe4c981

	name: Verify release

	on:
	# Run whenever a release is published.
	release:
	types: [published]
	# And whenever this workflow is updated.
	push:
	paths:
	- '.github/workflows/verify-release.yml'
	# And whenever this workflow is updated.
	pull_request:
	paths:
	- '.github/workflows/verify-release.yml'
	# Allow manually triggering the workflow.
	workflow_dispatch:

	# Cancels all previous workflow runs for the same branch that have not yet completed.
	concurrency:
	# The concurrency group contains the workflow name and the branch name.
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	verify:
	runs-on: ubuntu-latest

	strategy:
	matrix:
	pharfile:
	- 'phpcs'
	- 'phpcbf'

	name: "Verify PHAR availibility: ${{ matrix.pharfile }}"

	steps:
	- name: Retrieve latest release info
	uses: octokit/request-action@v2.x
	id: get_latest_release
	with:
	route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: "Debug info: Show API request failure status"
	if: ${{ failure() }}
	run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"

	- name: Grab latest tag name from API response
	id: version
	run: \|
	echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"

	- name: Show tag name found in API response
	run: "echo latest release: ${{ steps.version.outputs.TAG }}"

	- name: Setup PHP
	uses: shivammathur/setup-php@v2
	with:
	php-version: 'latest'
	ini-values: error_reporting=-1, display_errors=On
	coverage: none
	tools: phive

	# ###########################
	# Verify the release assets.
	# ###########################
	- name: "Release assets: Verify PHAR file is available and download"
	run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar

	- name: "Release assets: Verify signature file is available and download"
	run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc

	- name: "Release assets: Verify attestation of the PHAR file"
	run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
	env:
	GH_TOKEN: ${{ github.token }}

	- name: "Release assets: Verify signature of the PHAR file"
	run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar

	- name: "Release assets: Verify the PHAR is nominally functional"
	run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12

	- name: "Release assets: Grab the version"
	id: version_release
	env:
	FILE_NAME: ${{ matrix.pharfile }}.phar
	# yamllint disable-line rule:line-length
	run: echo "VERSION=$(php "$FILE_NAME" --version \| grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"

	- name: "Release assets: Fail the build if the PHAR is not the correct version"
	if: ${{ steps.version_release.outputs.VERSION != steps.version.outputs.TAG }}
	run: exit 1

	- name: "Release assets: Clean the environment"
	run: rm -vrf


	# #########################################
	# Verify plain downloads from the website.
	# #########################################
	- name: "Website unversioned: Verify PHAR file is available and download"
	run: curl --remote-name https://phars.phpcodesniffer.com/${{ matrix.pharfile }}.phar

	- name: "Website unversioned: Verify signature file is available and download"
	run: curl --remote-name https://phars.phpcodesniffer.com/${{ matrix.pharfile }}.phar.asc

	- name: "Website unversioned: Verify attestation of the PHAR file"
	run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
	env:
	GH_TOKEN: ${{ github.token }}

	- name: "Website unversioned: Verify signature of the PHAR file"
	run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar

	- name: "Website unversioned: Verify the PHAR is nominally functional"
	run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12

	- name: "Website unversioned: Grab the version"
	id: version_web_plain
	env:
	FILE_NAME: ${{ matrix.pharfile }}.phar
	# yamllint disable-line rule:line-length
	run: echo "VERSION=$(php "$FILE_NAME" --version \| grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"

	- name: "Website unversioned: Fail the build if the PHAR is not the correct version"
	if: ${{ steps.version_web_plain.outputs.VERSION != steps.version.outputs.TAG }}
	run: exit 1

	- name: "Website unversioned: Clean the environment"
	run: rm -vrf


	# #########################################
	# Verify versioned downloads from the website.
	# #########################################
	- name: "Website versioned: Verify PHAR file is available and download"
	run: curl --remote-name https://phars.phpcodesniffer.com/phars/${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar

	- name: "Website versioned: Verify signature file is available and download"
	run: curl --remote-name https://phars.phpcodesniffer.com/phars/${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar.asc

	- name: "Website versioned: Verify attestation of the PHAR file"
	run: gh attestation verify ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar -o PHPCSStandards
	env:
	GH_TOKEN: ${{ github.token }}

	- name: "Website versioned: Verify signature of the PHAR file"
	run: >
	gpg --verify ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar.asc
	${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar

	- name: "Website versioned: Verify the PHAR is nominally functional"
	run: php ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar -e --standard=PSR12

	- name: "Website versioned: Grab the version"
	id: version_web_versioned
	env:
	FILE_NAME: ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar
	# yamllint disable-line rule:line-length
	run: echo "VERSION=$(php "$FILE_NAME" --version \| grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"

	- name: "Website versioned: Fail the build if the PHAR is not the correct version"
	if: ${{ steps.version_web_versioned.outputs.VERSION != steps.version.outputs.TAG }}
	run: exit 1

	- name: "Website versioned: Clean the environment"
	run: rm -vrf


	# #########################################
	# Verify install via PHIVE.
	# #########################################
	- name: "Phive: Install"
	run: phive install ${{ matrix.pharfile }}

	- name: "Phive: Verify attestation of the PHAR file"
	run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
	working-directory: ./tools
	env:
	GH_TOKEN: ${{ github.token }}

	- name: "Phive: Verify the PHAR is nominally functional"
	run: php ./tools/${{ matrix.pharfile }}.phar -e --standard=PSR12

	- name: "Phive: Grab the version"
	id: version_phive
	env:
	FILE_NAME: ./tools/${{ matrix.pharfile }}.phar
	# yamllint disable-line rule:line-length
	run: echo "VERSION=$(php "$FILE_NAME" --version \| grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"

	- name: "Phive: Fail the build if the PHAR is not the correct version"
	if: ${{ steps.version_phive.outputs.VERSION != steps.version.outputs.TAG }}
	run: exit 1

	- name: "Phive: Clean the environment"
	run: rm -vrf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

More fixes #3

Workflow file

More fixes #3

Jobs

Run details

Workflow file for this run