rector/.github/workflows/rector.yaml

####
# Due to some Github Actions limitations, we are running realtime fixes (commits) only for self-owned-pr
#
# Current limitations:
# - Secrets (ACCESS_TOKEN) are not available in PRs from forks
# - Github Token has Read-only access (can not commit), Personal Access Token must be used instead
# - Github Token does not trigger workflows after push
#
# So we basically have chicken-egg problem here
#
# https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token
####
name: Rector

on:
    pull_request: null

env:
    # see https://github.com/composer/composer/issues/9368#issuecomment-718112361
    COMPOSER_ROOT_VERSION: "dev-main"

jobs:
    rector:
        strategy:
            fail-fast: false
            matrix:
                directories:
                    - src tests rules-tests packages packages-tests
                    - rules

        runs-on: ubuntu-latest
        steps:
            # workaround for missing secret in fork PRs - see https://github.com/actions/checkout/issues/298
            # see https://github.com/rectorphp/rector/commit/d395e1c28b8e6a56711dcc2e10490a82965850e4
            -
                if: github.event.pull_request.head.repo.full_name == github.repository
                uses: actions/checkout@v2
                with:
                    # Must be used to trigger workflow after push
                    token: ${{ secrets.ACCESS_TOKEN }}

            # in forks, the token is not available - so we cannot us eit
            -
                if: github.event.pull_request.head.repo.full_name != github.repository
                uses: actions/checkout@v2

            -
                uses: shivammathur/setup-php@v2
                with:
                    # PHP 7.3 is required, so Rector's code is PHP 7.3 compatible even after refactoring
                    php-version: 8.0
                    coverage: none

            -   run: composer install --no-progress --ansi

            ## First run Rector - here can't be --dry-run !!! it would stop the job with it and not commit anything in the future
            -   run: bin/rector process ${{ matrix.directories }} --ansi --no-progress-bar

            -   run: vendor/bin/ecs check --match-git-diff --fix --ansi

            # see https://github.com/EndBug/add-and-commit
            -
                # commit only to core contributors who have repository access
                if: github.event.pull_request.head.repo.full_name == github.repository
                uses: EndBug/add-and-commit@v7.2.0
                with:
                    # The arguments for the `git add` command (see the paragraph below for more info)
                    add: .
                    message: "[ci-review] Rector Rectify"
                    author_name: "kaizen-ci"
                    author_email: "info@kaizen-ci.org"
                env:
                    # to get push access
                    GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}