{"id":15525380,"url":"https://github.com/ghostwriter/compliance","last_synced_at":"2025-04-11T03:15:09.542Z","repository":{"id":37797233,"uuid":"494582291","full_name":"ghostwriter/compliance","owner":"ghostwriter","description":"[WIP]Compliance Automation for OSS - GitHub Automation Tool - A solution for automated and scheduled execution of workflows via GitHub Action.","archived":false,"fork":false,"pushed_at":"2025-04-11T01:03:26.000Z","size":16521,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"v1","last_synced_at":"2025-04-11T03:15:04.227Z","etag":null,"topics":["automation","compliance","ghostwriter","github-actions","php"],"latest_commit_sha":null,"homepage":"https://ghcr.io/ghostwriter/compliance","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ghostwriter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["ghostwriter"]}},"created_at":"2022-05-20T19:19:04.000Z","updated_at":"2025-04-11T01:03:29.000Z","dependencies_parsed_at":"2023-01-21T13:18:50.420Z","dependency_job_id":"faaf54a7-d95a-4f41-8e20-4c5634abf3bf","html_url":"https://github.com/ghostwriter/compliance","commit_stats":{"total_commits":629,"total_committers":1,"mean_commits":629.0,"dds":0.0,"last_synced_commit":"af1e667126d27218f90ec1a8e3d193c53b95609b"},"previous_names":["ghostwriter/automation"],"tags_count":0,"template":false,"template_full_name":"ghostwriter/wip","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostwriter%2Fcompliance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostwriter%2Fcompliance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostwriter%2Fcompliance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghostwriter%2Fcompliance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ghostwriter","download_url":"https://codeload.github.com/ghostwriter/compliance/tar.gz/refs/heads/v1","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248333594,"owners_count":21086200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","compliance","ghostwriter","github-actions","php"],"created_at":"2024-10-02T10:57:11.605Z","updated_at":"2025-04-11T03:15:09.528Z","avatar_url":"https://github.com/ghostwriter.png","language":"PHP","funding_links":["https://github.com/sponsors/ghostwriter"],"categories":[],"sub_categories":[],"readme":"# Compliance\n\n[![GitHub Sponsors](https://img.shields.io/github/sponsors/ghostwriter?label=Sponsor+@ghostwriter/compliance\u0026logo=GitHub+Sponsors)](https://github.com/sponsors/ghostwriter)\n[![Automation](https://github.com/ghostwriter/compliance/actions/workflows/automation.yml/badge.svg)](https://github.com/ghostwriter/compliance/actions/workflows/automation.yml)\n[![Supported PHP Version](https://badgen.net/packagist/php/ghostwriter/compliance?color=8892bf)](https://www.php.net/supported-versions)\n[![Downloads](https://badgen.net/packagist/dt/ghostwriter/compliance?color=blue)](https://packagist.org/packages/ghostwriter/compliance)\n\n`Automation` - `CI/CD` \u0026 `QA Testing`  Test Automation for `PHP` via `GitHub Actions`.\n\n\u003e [!CAUTION]\n\u003e\n\u003e This project is not finished yet, work in progress.\n\u003e\n\n## Todo\n\n- check the composer scripts section to see if the commands exists,\n  - and report error/warning if not\n  - and skip the job if not\n\n- all tools should have a matching composer script name, i have already hardcoded\n  the composer script for now, but this should be configurable (kebab case)\n  - the command will be `composer automation:composer-require-checker`\n    - or `composer automation:phpunit`\n      - I like the `automation:` prefix, that way if you have a `phpunit` script,\n      - it will not cause a conflict with the `automation:phpunit` script\n\n- I will import the release automation into this project\n- we will import the `composer.json` and `composer.lock` validation into this project\n  - we will use the extensions field from the `composer.json` file to determine which PHP extensions to install\n  - pass the extensions list as an argument to the docker image/workflow via shivammathur/setup-php@v2\n     (looks like this part is already done, but we need to test it.)\n  - i did most of this... but i need to test it.\n  - we have everything we need to extract information from both composer files\n\n\u003e [!INFO]\n\u003e\n\u003e Woot woot!! we did it! we have a working prototype! 🎉\n\u003e\n\n-- we need to import gpg keys from GitHub secrets `GPG_KEY`,`GPG_FINGERPRINT`\n--- to tag the release with a gpg signature\n--- to sign binaries with a gpg signature\n--- to sign the git commit with a gpg signature (automated composer.json update, if all tests pass)\n\n\n- we need to add a command to add these commannds to the users composer.json file,\n for each supported tools they have in their composer.json file [`require` and `require-dev`].\n - if it does not exist, we will add it to the `scripts` section.\n - if it exists, continue.\n\n```json\n{\n    \"scripts\": {\n        \"automation:composer-require-checker\": [\n            \"composer-require-checker check --config-file=composer-require-checker.json\"\n        ],\n        \"automation:phpunit\": [\n              \"@phpunit --configuration=phpunit.xml --coverage-clover=coverage.xml\"\n        ]\n    }\n}\n```\n  \n## Workflow\n\n```yml\n# .github/workflows/automation.yml\nname: Automation\n\non:\n  pull_request:\n  push:\n    branches:\n      - \"main\"\n      - \"[0-9]+.[0-9]+.x\" # 1.2.x\n      - \"v[0-9]+\" # v1\n  schedule:\n    - cron: \"0 * * * *\" # Runs hourly\n  workflow_dispatch: # Manually Trigger workflow\n\njobs:\n  automation:\n    uses: ghostwriter/compliance/.github/workflows/automation.yml@v1\n    secrets:\n      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}\n      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}\n      INFECTION_DASHBOARD_API_KEY: ${{ secrets.INFECTION_DASHBOARD_API_KEY }}\n```\n\n## Installation\n\nYou can install the package via composer:\n\n``` bash\ncomposer require ghostwriter/compliance --dev\n```\n\n```bash\nAutomation - Automatically configure and execute multiple CI/CD \u0026 QA Tests via GitHub Actions. 1.x-dev\n\nUsage:\n  command [options] [arguments]\n\nOptions:\n  -h, --help            Display help for the given command. When no command is given display help for the list command\n  -q, --quiet           Do not output any message\n  -V, --version         Display this application version\n      --ansi|--no-ansi  Force (or disable --no-ansi) ANSI output\n  -n, --no-interaction  Do not ask any interactive question\n  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug\n\nAvailable commands:\n  help        Display help for a command\n  list        List commands\n  matrix      Generates a job matrix for Github Actions.\n  workflow    Creates a \"automation.yml\" workflow file.\n```\n\n## Usage\n\nGenerates `automation.php` configuration file, if it does not exist,\nand determines the job matrix for GitHub Actions.\n\n```bash\nvendor/bin/automation matrix\n```\n\nGenerate `.github/workflows/automation.yml` workflow file for your project.\n```bash\nvendor/bin/automation workflow\n```\n\n## Docker\n\n``` bash\n# Install from the command line:\n\ndocker pull ghcr.io/ghostwriter/compliance:v1\n\n# Usage from the command line:\n\ndocker run -v $(PWD):/app -w=/app ghcr.io/ghostwriter/compliance workflow\ndocker run -v $(PWD):/app -w=/app ghcr.io/ghostwriter/compliance matrix\n\n# Use as base image in Dockerfile:\n\nFROM ghcr.io/ghostwriter/compliance:v1\n```\n\n## Supported Tools ?!\n\n``` php\n\n\u003c?php\n\ndeclare(strict_types=1);\n\nuse Ghostwriter\\Automation\\Automation;\nuse Ghostwriter\\Automation\\Enum\\ComposerStrategy;\nuse Ghostwriter\\Automation\\Enum\\OperatingSystem;\nuse Ghostwriter\\Automation\\Enum\\PhpVersion;\nuse Ghostwriter\\Automation\\Enum\\Tool;\nuse Ghostwriter\\Automation\\Tool\\Infection;\nuse Ghostwriter\\Automation\\Tool\\PHPUnit;\nuse Ghostwriter\\Automation\\Tool\\Psalm;\n\nreturn Automation::new()\n    -\u003ecomposerStrategies(...ComposerStrategy::cases()) // ComposerStrategy::LATEST, ComposerStrategy::LOCKED, ComposerStrategy::LOWEST\n    -\u003eoperatingSystems(...OperatingSystem::cases()) // OperatingSystem::UBUNTU, OperatingSystem::MACOS, OperatingSystem::WINDOWS\n    -\u003ephpVersions(...PhpVersion::cases()) // PhpVersion::PHP_54 - PhpVersion::PHP_84\n    -\u003etools(...Tool::cases()) // Tool::Infection, Tool::PHPUnit, Tool::Psalm\n    -\u003eskip(OperatingSystem::WINDOWS) // Skip one or more: Composer Strategy, Operating System, PHP Version, or Tool \n;\n```\n\n## Testing\n\n``` bash\ncomposer test\n```\n\n## Changelog\n\nPlease see [CHANGELOG.md](./CHANGELOG.md) for more information what has changed recently.\n\n## Security\n\nIf you discover any security related issues, please email `nathanael.esayeas@protonmail.com` instead of using the issue tracker.\n\n## Sponsors\n\n[[`Become a GitHub Sponsor`](https://github.com/sponsors/ghostwriter)]\n\n## Credits\n\n- [Nathanael Esayeas](https://github.com/ghostwriter)\n- [`composer`](https://github.com/composer)\n- [`mlocati/docker-php-extension-installer`](https://github.com/mlocati/docker-php-extension-installer)\n- [`shivammathur/setup-php`](https://github.com/shivammathur/setup-php)\n- [`symfony`](https://github.com/symfony)\n- [All Contributors](https://github.com/ghostwriter/compliance/contributors)\n\n## License\n\nThe BSD-4-Clause. Please see [License File](./LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghostwriter%2Fcompliance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fghostwriter%2Fcompliance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghostwriter%2Fcompliance/lists"}