From a23e0aafd59148fc1ea58117803ddf9eaac11623 Mon Sep 17 00:00:00 2001 From: olatechpro Date: Mon, 18 May 2026 09:52:34 +0100 Subject: [PATCH 1/2] Add Dependency Security Audit workflow #4 --- .../workflows/dependency-security-audit.yml | 30 +++++++++++++++++++ README.md | 1 + 2 files changed, 31 insertions(+) create mode 100644 .github/workflows/dependency-security-audit.yml diff --git a/.github/workflows/dependency-security-audit.yml b/.github/workflows/dependency-security-audit.yml new file mode 100644 index 0000000..8906664 --- /dev/null +++ b/.github/workflows/dependency-security-audit.yml @@ -0,0 +1,30 @@ +name: Dependency Security Audit + +permissions: + contents: read + +on: + workflow_call: + workflow_dispatch: + +jobs: + audit: + name: Run dependency audit + runs-on: ubuntu-latest + timeout-minutes: 20 + + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + + - name: Set up PHP + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f + with: + php-version: 8.3 + tools: composer:v2 + + - name: Validate Composer configuration + run: composer validate --strict + + - name: Run dependency security audit + run: composer audit --locked \ No newline at end of file diff --git a/README.md b/README.md index b13b708..df49abe 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ Reusable GitHub Actions workflows for PublishPress plugin repositories. - `.github/workflows/unit-tests.yml`: Runs PHPUnit tests. - `.github/workflows/code-standards.yml`: Runs PHP compatibility and lint checks. +- `.github/workflows/dependency-security-audit.yml`: Runs Composer dependency security audits. - `.github/workflows/deploy-free.yml`: Builds and deploys free plugin releases to WordPress.org and uploads release assets to GitHub. - `.github/workflows/deploy-free-assets.yml`: Updates WordPress.org plugin assets/readme. - `.github/workflows/deploy-pro.yml`: Builds pro plugin packages and uploads release assets to GitHub. From f6608fc718de26eaa98a63c17b18feb700b4ba78 Mon Sep 17 00:00:00 2001 From: olatechpro Date: Mon, 18 May 2026 10:03:35 +0100 Subject: [PATCH 2/2] Update the workflow to match existing ones --- .../workflows/dependency-security-audit.yml | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependency-security-audit.yml b/.github/workflows/dependency-security-audit.yml index 8906664..97e3187 100644 --- a/.github/workflows/dependency-security-audit.yml +++ b/.github/workflows/dependency-security-audit.yml @@ -1,30 +1,44 @@ -name: Dependency Security Audit - +name: Audit Composer dependencies permissions: contents: read - on: workflow_call: - workflow_dispatch: + +env: + DEV_SCRIPTS_DIR: ${{ github.workspace }}/vendor/publishpress/dev-workspace/scripts jobs: - audit: - name: Run dependency audit + check: + name: Run the dependency audit runs-on: ubuntu-latest timeout-minutes: 20 - steps: - name: Checkout repository + # actions/checkout@v6.0.2 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up PHP + # shivammathur/setup-php@2.37.0 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f with: php-version: 8.3 + extensions: mbstring,xml,curl,zip,intl,bcmath,gettext,mysqli,phar,gd,iconv,yaml tools: composer:v2 + - name: Create root .env file + run: cp $GITHUB_WORKSPACE/.env.example $GITHUB_WORKSPACE/.env + - name: Validate Composer configuration run: composer validate --strict - - name: Run dependency security audit + - name: Install Composer dependencies + run: composer install --no-interaction --prefer-dist --no-progress + + - name: Show dev-workspace tool versions + run: composer info:version + + - name: Add dev-workspace scripts to PATH + run: echo "$DEV_SCRIPTS_DIR" >> "$GITHUB_PATH" + + - name: Run Composer dependency security audit run: composer audit --locked \ No newline at end of file