ci: stabilize pipeline with PHP matrix, shellcheck, hadolint, and YAML/JSON/compose lint

.github/workflows/ci.yml

@@ -1,4 +1,5 @@
 name: CI
+
 on:
   push:
     branches: [ master, main ]
@@ -17,16 +18,21 @@ jobs:
         php: ['8.1', '8.2', '8.3']
     steps:
       - uses: actions/checkout@v4
-      - uses: shivammathur/setup-php@v2
+
+      - name: Setup PHP ${{ matrix.php }}
+        uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php }}
           coverage: none
+
       - name: Validate composer.json (if present)
         run: |
           if [ -f composer.json ]; then composer validate --no-check-publish; fi
+
       - name: Composer audit (if lock present)
         run: |
           if [ -f composer.lock ]; then composer audit || true; fi
+
       - name: PHP syntax check
         run: |
           set -e
@@ -41,7 +47,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - run: sudo apt-get update && sudo apt-get install -y shellcheck
+
+      - name: Install ShellCheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+
       - name: ShellCheck all scripts
         run: |
           set -e
@@ -56,31 +65,58 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - name: Lint Dockerfile with hadolint
         uses: hadolint/hadolint-action@v3.1.0
         with:
           dockerfile: Dockerfile
+          # Ignore apt pinning and multiple RUNs (acceptable for Ubuntu base & readability)
+          ignore: DL3008,DL3059
+          failure-threshold: error
 
   sanity:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - run: sudo apt-get update && sudo apt-get install -y jq yamllint
+
+      - name: Install linters
+        run: sudo apt-get update && sudo apt-get install -y jq yamllint
+
       - name: Lint JSON
         run: |
           set -e
           mapfile -t jsons < <(git ls-files '*.json' ':!:vendor/**')
           if [ "${#jsons[@]}" -gt 0 ]; then
-            for j in "${jsons[@]}"; do jq -e . "$j" >/dev/null; done
+            for j in "${jsons[@]}"; do
+              echo "Checking $j"
+              jq -e . "$j" >/dev/null
+            done
           else
             echo "No JSON files."
           fi
+
       - name: Lint YAML
         run: |
           set -e
           mapfile -t yamls < <(git ls-files '*.yml' '*.yaml')
           if [ "${#yamls[@]}" -gt 0 ]; then
-            yamllint -d "{extends: default, rules: {line-length: disable}}" "${yamls[@]}"
+            # Relax line-length to avoid noisy failures for README badges, etc.
+            yamllint -d "{extends: default, rules: {line-length: {max: 140}}}" "${yamls[@]}"
           else
             echo "No YAML files."
+          fi
+
+      - name: Validate docker-compose.yml (if present)
+        run: |
+          set -e
+          if [ -f docker-compose.yml ]; then
+            if docker compose version >/dev/null 2>&1; then
+              docker compose -f docker-compose.yml config -q
+            elif command -v docker-compose >/dev/null 2>&1; then
+              docker-compose -f docker-compose.yml config -q
+            else
+              echo "Docker Compose not available; skipping compose validation."
+            fi
+          else
+            echo "No docker-compose.yml found."
           fi

CHANGELOG.md

@@ -12,7 +12,7 @@ chore: set up CI, add compose, tighten ignores, refresh README
   node_modules, resources/, etc. to slim build context.
 - .gitignore: ignore .env, editor/system files, build caches, optional data/.
 - README: update badges (CI, release, license), inline demo creds, add quick
-  links, tighten WebDAV section (Windows HTTPS note + wiki link), and star
+  links, tighten WebDAV section (Windows HTTPS note + wiki link), reduced length and star
   history chart.
 
 ## Changes 10/7/2025 (no new version)