From 5522936e20dd16580f66030d365d9ee242491668 Mon Sep 17 00:00:00 2001
From: Sebastian Meyer <sebastian.meyer@opencultureconsulting.com>
Date: Tue, 21 Nov 2023 22:25:52 +0100
Subject: [PATCH] Add GitHub workflows

---
 .github/dependabot.yml        | 16 ++++++++++++++
 .github/workflows/phpmd.yml   | 40 +++++++++++++++++++++++++++++++++++
 .github/workflows/phpstan.yml | 35 ++++++++++++++++++++++++++++++
 3 files changed, 91 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/phpmd.yml
 create mode 100644 .github/workflows/phpstan.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..33f1a33
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    assignees:
+      - "sebastian-meyer"
+    labels: [ ]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    assignees:
+      - "sebastian-meyer"
+    labels: [ ]
diff --git a/.github/workflows/phpmd.yml b/.github/workflows/phpmd.yml
new file mode 100644
index 0000000..acf3c68
--- /dev/null
+++ b/.github/workflows/phpmd.yml
@@ -0,0 +1,40 @@
+name: PHP Mess Detector
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  PHPMD:
+    name: PHPMD Scanner
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v4
+
+      - name: Setup Environment
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.0"
+          coverage: none
+          tools: phpmd
+
+      - name: Run PHPMD
+        run: phpmd . sarif codesize --reportfile phpmd-results.sarif
+        continue-on-error: true
+
+      - name: Upload Analysis Results
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: phpmd-results.sarif
+          wait-for-processing: true
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
new file mode 100644
index 0000000..a42088b
--- /dev/null
+++ b/.github/workflows/phpstan.yml
@@ -0,0 +1,35 @@
+name: PHP Static Analyzer
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  PHPStan:
+    name: PHPStan Scanner
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v4
+
+      - name: Setup Environment
+        uses: php-actions/composer@v6
+        with:
+          command: update
+          php_version: "8.0"
+
+      - name: Run PHPStan
+        uses: php-actions/phpstan@v3
+        with:
+          path: src/
+          configuration: phpstan.dist.neon