setup-php VS security-checker

I found shivammathur/setup-php did a better job on supporting old PHP versions, and you don't have to worry about the composer & extension compatibility, it handles those for you.

this is a good base https://github.com/shivammathur/setup-php

Setup PHP (GitHub Action)

There is also an RSS feed you can subscribe for setup-php releases https://github.com/shivammathur/setup-php/releases.atom

name: Symfony 5 Tests on: push: branches: - main - dev pull_request: jobs: symfony: name: Symfony 5.0 (PHP ${{ matrix.php-versions }}) # https://hub.docker.com/_/ubuntu/ runs-on: ubuntu-latest strategy: fail-fast: true matrix: php-versions: ['7.4'] steps: # https://github.com/actions/checkout (official) - name: Checkout uses: actions/checkout@v2 # https://github.com/shivammathur/setup-php (community) - name: Setup PHP, extensions and composer with shivammathur/setup-php uses: shivammathur/setup-php@verbose with: php-version: ${{ matrix.php-versions }} extensions: mbstring, xml, ctype, iconv, intl, pdo_sqlite, dom, filter, gd, iconv, json, mbstring, pdo # Composer - name: Get composer cache directory id: composer-cache run: echo "::set-output name=dir::$(composer config cache-files-dir)" # https://help.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows - name: Cache composer dependencies uses: actions/cache@v1 with: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --no-suggest --prefer-dist --optimize-autoloader # https://github.com/sensiolabs/security-checker - name: Security check installed dependencies uses: symfonycorp/security-checker-action@v2 # https://github.com/chekalsky/phpcs-action (community) - name: Check PSR12 code style (PHP_CodeSniffer) uses: chekalsky/[email protected] with: enable_warnings: true installed_paths: '${{ github.workspace }}/vendor/squizlabs/php_codesniffer' phpcs_bin_path: './vendor/bin/phpcs src --ignore="Migrations/"' # https://github.com/phpmd/phpmd # - name: Analyses PHP Code (PHP Mess Detector) # run: vendor/bin/phpmd src,tests text .phpmd-ruleset.xml # https://github.com/phpstan/phpstan - name: Analyse PHP Code (PHPStan) run: vendor/bin/phpstan analyse src - name: Cache node_modules uses: actions/cache@v1 id: yarn-cache-node-modules with: path: node_modules key: ${{ runner.os }}-yarn-cache-node-modules-${{ hashFiles('**/yarn.lock') }} restore-keys: | ${{ runner.os }}-yarn-cache-node-modules- - name: Yarn install if: steps.yarn-cache-node-modules.outputs.cache-hit != 'true' run: yarn install - name: Yarn build run: yarn run encore production - name: Archive production artifacts uses: actions/upload-artifact@v1 with: name: build path: public/build # Symfony - name: Check the Symfony console run: | php bin/console -V php bin/console about # Tests - name: Run unit and functional tests run: | php bin/phpunit --stop-on-failure # - name: Run Behat/Mink tests # run: | # php vendor/bin/behat