CI/CD Pipelines for PHP Projects with GitHub Actions

Continuous Integration and Continuous Deployment are not buzzwords — they are essential tools for professional software development. With GitHub Actions, a pipeline can be set up quickly and for free.

The Basic Pipeline¶

A minimal CI pipeline for a Symfony project:

name: CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest

    services:
      mysql:
        image: mariadb:10.11
        env:
          MYSQL_ROOT_PASSWORD: root
          MYSQL_DATABASE: app_test
        ports:
          - 3306:3306

    steps:
      - uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'
          extensions: intl, pdo_mysql
          coverage: xdebug

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress

      - name: Run PHPStan
        run: vendor/bin/phpstan analyse

      - name: Run tests
        run: vendor/bin/phpunit --coverage-text
        env:
          DATABASE_URL: mysql://root:root@127.0.0.1:3306/app_test

Code Quality Checks¶

In addition to tests, the pipeline should also check code quality:

  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'

      - name: Install dependencies
        run: composer install --prefer-dist --no-progress

      - name: PHP CS Fixer
        run: vendor/bin/php-cs-fixer fix --dry-run --diff

      - name: Twig Lint
        run: php bin/console lint:twig templates/

      - name: YAML Lint
        run: php bin/console lint:yaml config/ translations/

Deployment Job¶

After successful testing, deployment can happen automatically:

  deploy:
    needs: [test, lint]
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'

    steps:
      - uses: actions/checkout@v4

      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USER }}
          key: ${{ secrets.DEPLOY_KEY }}
          script: |
            cd /var/www/projekt
            git pull origin main
            composer install --no-dev --optimize-autoloader
            php bin/console cache:clear --env=prod
            php bin/console doctrine:migrations:migrate --no-interaction

Caching for Faster Builds¶

Composer dependencies should be cached to reduce build times:

      - name: Cache Composer packages
        uses: actions/cache@v4
        with:
          path: vendor
          key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
          restore-keys: ${{ runner.os }}-composer-

Security Audits¶

A separate job for security checks rounds out the pipeline:

# In the pipeline
composer audit

# Or with the Symfony CLI
symfony security:check

A well-configured CI/CD pipeline catches errors early and enables fast, secure deployments. The initial effort pays for itself within just a few weeks.