newfold-labs · circlecube · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026
diff --git a/.github/workflows/example-codecoverage-cleanup.yml b/.github/workflows/example-codecoverage-cleanup.yml
@@ -0,0 +1,75 @@
+##
+# Example workflow for consumer repos that use reusable-codecoverage.
+#
+# Copy this file into your repo at .github/workflows/ (e.g. codecoverage-cleanup.yml).
+# It triggers cleanup on PR merge, branch delete, and weekly schedule.
+#
+# Prerequisites:
+#   - Your repo uses newfold-labs/workflows reusable-codecoverage and has a gh-pages branch.
+#   - No need to pass repo_token unless you use a different token for gh-pages; GITHUB_TOKEN is used by default.
+#
+# For stricter code scanning (pinned refs), replace @main with a commit SHA from newfold-labs/workflows.
+#
+# This workflow is skipped in the newfold-labs/workflows repo (no gh-pages coverage here); it runs when copied to other repos.
+##
+name: Code Coverage Cleanup (example)
+
+on:
+  pull_request:
+    types: [ closed ]
+  delete:
+  schedule:
+    # Weekly on Sunday at 00:00 UTC
+    - cron: '0 0 * * 0'
+
+# Permissions set per-job to avoid overly broad write at workflow level.
+jobs:
+  get-merged-pr-commits:
+    if: github.repository != 'newfold-labs/workflows' && github.event_name == 'pull_request' && github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    outputs:
+      shas: ${{ steps.shas.outputs.list }}
+    steps:
+      - name: Get PR commit SHAs
+        id: shas
+        run: |
+          list=$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits" --jq '[.[].sha] | @json') || list='[]'
+          [ -n "$list" ] || list='[]'
+          echo "list=${list}" >> "$GITHUB_OUTPUT"
+
+  cleanup-on-merge:
+    needs: get-merged-pr-commits
+    if: github.repository != 'newfold-labs/workflows' && always() && needs.get-merged-pr-commits.result == 'success'
+    permissions:
+      contents: write
+    uses: newfold-labs/workflows/.github/workflows/reusable-codecoverage-cleanup.yml@main
+    with:
+      shas: ${{ needs.get-merged-pr-commits.outputs.shas }}
+      prune_unreachable: false
+      squash_history: false
+    secrets: inherit
+
+  cleanup-on-branch-delete:
+    if: github.repository != 'newfold-labs/workflows' && github.event_name == 'delete' && github.event.ref_type == 'branch'
+    permissions:
+      contents: write
+    uses: newfold-labs/workflows/.github/workflows/reusable-codecoverage-cleanup.yml@main
+    with:
+      shas: ''
+      prune_unreachable: true
+      squash_history: false
+    secrets: inherit
+
+  cleanup-scheduled:
+    if: github.repository != 'newfold-labs/workflows' && github.event_name == 'schedule'
+    permissions:
+      contents: write
+    uses: newfold-labs/workflows/.github/workflows/reusable-codecoverage-cleanup.yml@main
+    with:
+      shas: ''
+      prune_unreachable: true
+      squash_history: true
+    secrets: inherit
diff --git a/.github/workflows/example-codecoverage.yml b/.github/workflows/example-codecoverage.yml
@@ -0,0 +1,37 @@
+##
+# Example workflow for consumer repos that want to run the reusable code coverage workflow.
+#
+# Copy this file into your repo at .github/workflows/ (e.g. codecoverage.yml).
+# Update repository-name to match your repo (used for GitHub Pages coverage URLs).
+#
+# Prerequisites:
+#   - PHP/Composer project with PHPUnit (and optionally Codeception wpunit) tests.
+#   - No need to pass repo_token unless you use a different token for gh-pages; GITHUB_TOKEN is used by default.
+#
+# To clean up stale gh-pages coverage dirs, add example-codecoverage-cleanup.yml as well.
+#
+# This workflow is skipped in the newfold-labs/workflows repo (no PHP/tests here); it runs when copied to other repos.
+##
+name: Code Coverage (example)
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  codecoverage:
+    if: github.repository != 'newfold-labs/workflows'
+    uses: newfold-labs/workflows/.github/workflows/reusable-codecoverage.yml@f0b26152e4ea40cd40429e06b1f30aa8879e7392
+    with:
+      php-versions: '["7.4", "8.0", "8.1", "8.2", "8.3", "8.4"]'
+      coverage-php-version: '7.4'
+      repository-name: 'your-repo-name'
+      minimum-coverage: 25
+      mysql-version: '5.7'
+    secrets: inherit
diff --git a/.github/workflows/reusable-codecoverage-cleanup.yml b/.github/workflows/reusable-codecoverage-cleanup.yml
@@ -0,0 +1,115 @@
+##
+# Reusable workflow to clean up stale code coverage directories on gh-pages and optionally squash branch history.
+#
+# Removes gh-pages/<sha>/ directories (one per commit that had coverage runs). Never touches gh-pages/phpunit/.
+#
+# Example usage (from a consumer repo that uses reusable-codecoverage):
+#   On PR merge: call with shas = all PR commit SHAs.
+#   On branch delete or schedule: call with prune_unreachable: true and optionally squash_history: true.
+#
+#   uses: newfold-labs/workflows/.github/workflows/reusable-codecoverage-cleanup.yml@main
+#   with:
+#     shas: '["abc123","def456"]'   # optional
+#     prune_unreachable: true       # optional
+#     squash_history: false         # optional
+##
+name: Reusable Code Coverage Cleanup
+
+on:
+  workflow_call:
+    inputs:
+      shas:
+        description: JSON array of commit SHAs whose gh-pages dirs to remove (e.g. all commits from a merged PR)
+        type: string
+        required: false
+      prune_unreachable:
+        description: If true, remove gh-pages/<sha>/ dirs for commits not reachable from any ref
+        type: boolean
+        default: false
+      squash_history:
+        description: If true, after cleanup replace gh-pages with a single orphan commit and force-push
+        type: boolean
+        default: false
+    secrets:
+      repo_token:
+        description: GitHub token for pushing to gh-pages (defaults to GITHUB_TOKEN if not set)
+        required: false
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository (all refs for reachability check)
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      # Credentials left default so the later git push step can authenticate to origin.
+      - name: Checkout gh-pages branch
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          ref: gh-pages
+          path: gh-pages
+
+      - name: Remove specific SHA directories
+        if: inputs.shas != ''
+        run: |
+          # Only remove dirs matching 40-char hex (safe)
+          for sha in $(echo '${{ inputs.shas }}' | jq -r '.[]'); do
+            if [ -n "$sha" ] && [ "${#sha}" -eq 40 ] && [[ "$sha" =~ ^[0-9a-f]{40}$ ]]; then
+              if [ -d "gh-pages/$sha" ]; then
+                rm -rf "gh-pages/$sha"
+                echo "Removed gh-pages/$sha"
+              fi
+            fi
+          done
+
+      - name: Prune unreachable SHA directories
+        if: inputs.prune_unreachable
+        run: |
+          for dir in gh-pages/*/; do
+            [ -d "$dir" ] || continue
+            name=$(basename "$dir")
+            if [ "${#name}" -eq 40 ] && [[ "$name" =~ ^[0-9a-f]{40}$ ]]; then
+              if ! git branch -a --contains "$name" 2>/dev/null | grep -q .; then
+                rm -rf "gh-pages/$name"
+                echo "Pruned unreachable gh-pages/$name"
+              fi
+            fi
+          done
+
+      - name: Commit and push cleanup (no squash)
+        if: inputs.squash_history != true
+        working-directory: gh-pages
+        env:
+          GITHUB_TOKEN: ${{ secrets.repo_token || secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          if git diff --staged --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+          git commit -m "chore: remove stale code coverage directories"
+          git push origin gh-pages
+
+      - name: Squash gh-pages to single commit and force-push
+        if: inputs.squash_history
+        working-directory: gh-pages
+        env:
+          GITHUB_TOKEN: ${{ secrets.repo_token || secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          # Orphan commit keeps current tree (including any dir removals done above)
+          git checkout --orphan temp
+          git add -A
+          git commit -m "chore: code coverage (squashed)"
+          git branch -D gh-pages
+          git branch -m gh-pages
+          git push --force origin gh-pages