Initial import

Author: tvdijen

.gitattributes

@@ -0,0 +1,21 @@
+/.github/ export-ignore
+/.phpunit.cache/ export-ignore
+/resources/specifications/ export-ignore
+/tools/ export-ignore
+/tests/bootstrap.php export-ignore
+/tests/resources/xml export-ignore
+/tests/Utils/ export-ignore
+/tests/Addressing/ export-ignore
+codecov.yml export-ignore
+.editorconfig export-ignore
+.gitattributes export-ignore
+.gitignore export-ignore
+phpstan-baseline.neon export-ignore
+phpstan-baseline-dev.neon export-ignore
+phpstan.neon export-ignore
+phpstan-dev.neon export-ignore
+phpcs.xml export-ignore
+phpunit.xml export-ignore
+.php_cs.dist export-ignore
+.markdownlintignore export-ignore
+.markdownlint.yml export-ignore

.github/dependabot.yml

@@ -0,0 +1,29 @@
+---
+
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
+    schedule:
+      interval: "weekly"
+    groups:
+      all-actions:
+        patterns: ["*"]
+
+  - package-ecosystem: "composer"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      dev-dependencies:
+        dependency-type: "development"

.github/workflows/autolock-conversations.yml

@@ -0,0 +1,25 @@
+---
+
+name: 'Lock Threads'
+
+on:  # yamllint disable-line rule:truthy
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v6
+        with:
+          issue-inactive-days: '90'
+          pr-inactive-days: '90'
+          log-output: true

.github/workflows/documentation.yml

@@ -0,0 +1,35 @@
+---
+
+name: Documentation
+
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches: [master, release-*]
+    paths:
+      - '**.md'
+  pull_request:
+    branches: [master, release-*]
+    paths:
+      - '**.md'
+  workflow_dispatch:
+
+jobs:
+  quality:
+    name: Quality checks
+    runs-on: [ubuntu-latest]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Lint markdown files
+        uses: nosborn/github-action-markdown-cli@v3
+        with:
+          files: .
+          ignore_path: .markdownlintignore
+
+      - name: Perform spell check
+        uses: codespell-project/actions-codespell@v2
+        with:
+          path: '**/*.md'
+          check_filenames: true
+          ignore_words_list: tekst

.github/workflows/php.yml

@@ -0,0 +1,281 @@
+---
+
+name: CI
+
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches: ['**']
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [master, release-*]
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch:
+
+jobs:
+  phplinter:
+    name: 'PHP-Linter'
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version: ['8.3', '8.4', '8.5']
+
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/[email protected]
+    with:
+      php-version: ${{ matrix.php-version }}
+
+  linter:
+    name: 'Linter'
+    strategy:
+      fail-fast: false
+
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/[email protected]
+    with:
+      enable_eslinter: false
+      enable_jsonlinter: true
+      enable_stylelinter: false
+      enable_yamllinter: true
+
+  unit-tests-linux:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [phplinter, linter]
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ['8.3', '8.4', '8.5']
+
+    steps:
+      - name: Setup PHP, with composer and extensions
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, intl, pcre, sodium, spl, xml
+          tools: composer
+          ini-values: error_reporting=E_ALL
+          coverage: pcov
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
+      - uses: actions/checkout@v6
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v5
+        with:
+          path: ${{ env.COMPOSER_CACHE }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Run unit tests with coverage
+        if: ${{ matrix.php-versions == '8.5' }}
+        run: vendor/bin/phpunit
+
+      - name: Run unit tests (no coverage)
+        if: ${{ matrix.php-versions != '8.5' }}
+        run: vendor/bin/phpunit --no-coverage
+
+      - name: Save coverage data
+        if: ${{ matrix.php-versions == '8.5' }}
+        uses: actions/upload-artifact@v6
+        with:
+          name: coverage-data
+          path: ${{ github.workspace }}/build
+
+  unit-tests-windows:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [phplinter, linter]
+    strategy:
+      fail-fast: true
+      matrix:
+        operating-system: [windows-latest]
+        php-versions: ['8.3', '8.4', '8.5']
+
+    steps:
+      - name: Setup PHP, with composer and extensions
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, intl, pcre, sodium, spl, xml
+          tools: composer
+          ini-values: error_reporting=E_ALL
+          coverage: none
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
+      - uses: actions/checkout@v6
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v5
+        with:
+          path: ${{ env.COMPOSER_CACHE }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Run unit tests
+        run: vendor/bin/phpunit --no-coverage
+
+  security:
+    name: Security checks
+    needs: [unit-tests-linux]
+    runs-on: [ubuntu-latest]
+
+    steps:
+      - name: Setup PHP, with composer and extensions
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          # Should be the lowest supported version
+          php-version: '8.3'
+          extensions: ctype, date, dom, intl, pcre, sodium, spl, xml
+          tools: composer
+          coverage: none
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - uses: actions/checkout@v6
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v5
+        with:
+          path: ${{ env.COMPOSER_CACHE }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Security check for locked dependencies
+        run: composer audit
+
+      - name: Update Composer dependencies
+        run: composer update --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Security check for updated dependencies
+        run: composer audit
+
+  quality:
+    name: Quality control
+    needs: [unit-tests-linux]
+    runs-on: [ubuntu-latest]
+
+    steps:
+      - name: Setup PHP, with composer and extensions
+        id: setup-php
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          # Should be the higest supported version, so we can use the newest tools
+          php-version: '8.5'
+          tools: composer, composer-require-checker, composer-unused, phpcs
+          extensions: ctype, date, dom, pcre, spl, xml
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - uses: actions/checkout@v6
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v5
+        with:
+          path: ${{ env.COMPOSER_CACHE }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Check code for hard dependencies missing in composer.json
+        run: composer-require-checker check composer.json
+
+      - name: Check code for unused dependencies in composer.json
+        run: composer-unused
+
+      - name: PHP Code Sniffer
+        run: vendor/bin/phpcs
+
+      - name: PHPStan
+        run: |
+          vendor/bin/phpstan analyze -c phpstan.neon
+
+      - name: PHPStan (testsuite)
+        run: |
+          vendor/bin/phpstan analyze -c phpstan-dev.neon
+
+  coverage:
+    name: Code coverage
+    runs-on: [ubuntu-latest]
+    needs: [unit-tests-linux]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/download-artifact@v7
+        with:
+          name: coverage-data
+          path: ${{ github.workspace }}/build
+
+      - name: Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+          verbose: true
+
+  cleanup:
+    name: Cleanup artifacts
+    needs: [unit-tests-linux, coverage]
+    runs-on: [ubuntu-latest]
+    if: |
+      always() &&
+      needs.coverage.result == 'success' ||
+      (needs.unit-tests-linux.result == 'success' && needs.coverage.result == 'skipped')
+
+    steps:
+      - uses: geekyeggo/delete-artifact@v5
+        with:
+          name: coverage-data