Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/shivammathur/setup-php/llms.txt

Use this file to discover all available pages before exploring further.

The tools input accepts a comma-separated list of tools to install globally. This is useful for CI-only tools that you do not want to commit to your composer.json.

Basic usage

- name: Setup PHP with tools
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: php-cs-fixer, phpunit

Supported tools

The following tools can be installed by name:
ToolDescription
backward-compatibility-checkRoave backward compatibility checker
behatBDD test framework
blackfireBlackfire profiler CLI
blackfire-playerBlackfire scenario player
boxPHAR builder
castorTask runner
churnComplexity/churn analysis
codeceptionFull-stack testing framework
composerPHP dependency manager
composer-dependency-analyserDependency analyser
composer-normalizeNormalize composer.json
composer-prefetcherPrefetch Composer packages (v1 only)
composer-require-checkerCheck undeclared dependencies
composer-unusedFind unused Composer packages
cs2prAnnotate pull requests from checkstyle
deployerDeployment tool
ecsEasy Coding Standard
flexSymfony Flex Composer plugin
grpc_php_plugingRPC PHP plugin
infectionMutation testing
magoPHP toolchain
name-collision-detectorDetect class name collisions
parallel-lintParallel PHP syntax linter
peclPEAR Extension Community Library
phanStatic analyzer
phingBuild tool
phinxDatabase migrations
phivePHAR installation and verification
php-configPHP build configuration helper
php-cs-fixerPHP Coding Standards Fixer
php-scoperPrefix PHP namespaces
phpcbfPHP Code Beautifier and Fixer
phpcpdCopy-paste detector
phpcsPHP CodeSniffer
phpdoc / phpDocumentorDocumentation generator
phpizePHP extension build helper
phplintPHP linter
phpmdPHP Mess Detector
phpspecBDD spec testing
phpstanStatic analysis tool
phpunitUnit testing framework
phpunit-bridgeSymfony PHPUnit Bridge
phpunit-polyfillsPHPUnit polyfills
piePHP extension installer
pintLaravel Pint code style fixer
prestissimoParallel Composer downloads (v1 only)
protocProtocol Buffers compiler
psalmStatic analysis tool
rectorAutomated refactoring
symfony / symfony-cliSymfony CLI
vapor / vapor-cliLaravel Vapor CLI
wp / wp-cliWP-CLI

Tool version specification

Specify a version by appending :version to the tool name: 
- name: Setup PHP with specific tool versions
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: phpunit:10, phpstan:1.10
The version format accepts:
  • Semvertool:1.2.3 or tool:1.2.3-beta1
  • Major onlytool:1 or tool:1.x (installs latest patch in that major)
  • Major.minortool:1.2 or tool:1.2.x (installs latest patch in that minor)

Composer version options

The latest stable Composer is installed by default. You can pin a specific version: 
- name: Setup PHP with Composer v1
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: composer:v1
prestissimo and composer-prefetcher are skipped unless composer:v1 is also specified. It is recommended to drop prestissimo and use Composer v2 instead.

Installing arbitrary Composer packages

Any package on Packagist can be installed globally by specifying it as vendor/package. This format accepts the same version constraints as Composer: 
- name: Setup PHP with a Packagist package
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: vimeo/psalm

Skipping Composer installation

If you do not use Composer in your workflow, specify tools: none to skip its installation: 
- name: Setup PHP without Composer
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: none

Default tools on Linux and macOS

pear, pecl, phpize, and php-config are installed by default for all supported PHP versions on Linux and macOS. You do not need to list them in the tools input.

Composer environment variables

Setup-php sets the following Composer environment variables automatically:
VariableDefaultDescription
COMPOSER_NO_INTERACTION1Disables interactive prompts. You do not need to pass --no-interaction to Composer commands.
COMPOSER_PROCESS_TIMEOUT0Removes the process timeout (unlimited).
COMPOSER_NO_AUDIT1Disables the automatic security audit on install. Add a separate composer audit step if you want vulnerability checks.
Override any of these in your workflow’s env block: 
- name: Setup PHP with custom Composer timeout
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
  env:
    COMPOSER_PROCESS_TIMEOUT: 300

Allowing Composer plugins

Composer blocks all plugins by default. Tools installed via the tools input are automatically added to the allow list. If your dependencies include Composer plugins, allow them with COMPOSER_ALLOW_PLUGINS: 
- name: Setup PHP and allow Composer plugins
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
  env:
    COMPOSER_ALLOW_PLUGINS: composer/installers, composer/satis

Fail-fast behavior

By default (except for composer itself), tools that cannot be set up leave an error message in the logs without interrupting the workflow. Set fail-fast to make the workflow fail instead: 
- name: Setup PHP with fail-fast
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    tools: deployer
  env:
    fail-fast: true
Use the tools input for tools that are only needed in CI. This keeps your composer.json tidy and avoids pulling dev-dependencies into production builds. You can run composer install --no-dev and still have all the tools you need via the tools input.