{ "slug": "github_actions_php", "term": "GitHub Actions for PHP", "category": "devops", "difficulty": "intermediate", "short": "Automating PHP CI/CD with GitHub Actions — running tests, static analysis, code style checks, and deployments on every push and pull request.", "long": "GitHub Actions workflows are YAML files in .github/workflows/. Key steps for PHP: set up PHP version with shivammathur/setup-php (supports extensions, ini settings), cache Composer dependencies, run PHPUnit, PHPStan/Psalm, PHP_CodeSniffer, and deploy on merge to main. Matrix builds test against multiple PHP versions simultaneously. Secrets are stored in GitHub's encrypted secrets store and injected as environment variables.", "aliases": [ "GitHub Actions", "CI workflow", "PHP CI" ], "tags": [ "devops", "ci-cd", "php", "github" ], "misconception": "GitHub Actions is only for open source projects — it works equally for private repositories and is the CI/CD platform most PHP developers use.", "why_it_matters": "Automated CI catches failing tests, type errors, and style violations on every PR — preventing them from reaching main and eventually production.", "common_mistakes": [ "Not caching Composer dependencies — re-downloading vendor/ on every run adds 30-60 seconds unnecessarily.", "Running composer install instead of composer install --no-dev in deployment jobs — dev dependencies slow deployment and increase attack surface.", "Not pinning action versions — actions/checkout@v4 not actions/checkout@main — unpinned actions can change behaviour.", "Secrets checked into the repository instead of using GitHub Secrets — exposes credentials in git history." ], "when_to_use": [], "avoid_when": [], "related": [ "continuous_integration", "dora_metrics", "php_deployment_pipeline", "phpstan_levels" ], "prerequisites": [ "continuous_integration", "docker_multistage", "semantic_versioning" ], "refs": [ "https://github.com/shivammathur/setup-php" ], "bad_code": "# No caching, missing --no-dev, unpinned actions:\nname: CI\non: [push]\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@main # Unpinned\n - run: composer install # No cache, includes dev deps\n - run: vendor/bin/phpunit", "good_code": "name: CI\non: [push, pull_request]\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: shivammathur/setup-php@v2\n with: { php-version: '8.3', coverage: xdebug }\n - uses: actions/cache@v4\n with:\n path: vendor\n key: composer-${{ hashFiles('composer.lock') }}\n - run: composer install --prefer-dist --no-interaction\n - run: vendor/bin/phpstan analyse\n - run: vendor/bin/phpunit --coverage-text", "quick_fix": "Cache vendor/ using actions/cache with composer.lock hash as key — this cuts CI time from 60s to 5s for the dependency install step", "severity": "medium", "effort": "medium", "created": "2026-03-15", "updated": "2026-03-22", "citation": { "canonical_url": "https://codeclaritylab.com/glossary/github_actions_php", "html_url": "https://codeclaritylab.com/glossary/github_actions_php", "json_url": "https://codeclaritylab.com/glossary/github_actions_php.json", "source": "CodeClarityLab Glossary", "author": "P.F.", "author_url": "https://pfmedia.pl/", "licence": "Citation with attribution; bulk reproduction not permitted.", "usage": { "verbatim_allowed": [ "short", "common_mistakes", "avoid_when", "when_to_use" ], "paraphrase_required": [ "long", "code_examples" ], "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.", "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.", "attribution_examples": { "inline_mention": "According to CodeClarityLab: ", "markdown_link": "[GitHub Actions for PHP](https://codeclaritylab.com/glossary/github_actions_php) (CodeClarityLab)", "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/github_actions_php" } } } }