Merge release 2.2.5 into 2.3.x

.env.dist

@@ -6,3 +6,12 @@ SOLIDINVOICE_DEBUG=1
 # MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
 # MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
 ###< symfony/messenger ###
+
+###> sentry/sentry-symfony ###
+SENTRY_DSN=
+SENTRY_SEND_DEFAULT_PII=
+###< sentry/sentry-symfony ###
+
+###> symfony/mailer ###
+MAILER_DSN=
+###< symfony/mailer ###

.github/workflows/automatic-release.yml

@@ -14,7 +14,20 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            archive.ubuntu.com:80
+            auth.docker.io:443
+            github.com:443
+            objects.githubusercontent.com:443
+            packagist.org:443
+            ppa.launchpadcontent.net:443
+            production.cloudflare.docker.com:443
+            registry-1.docker.io:443
+            registry.yarnpkg.com:443
+            security.ubuntu.com:80
+            uploads.github.com:443
 
       - name: Checkout
         uses: "actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744"

.github/workflows/codeql-analysis.yml

@@ -1,10 +1,7 @@
 name: "CodeQL"
 
 on:
-  push:
-    branches: [ 2.2.x ]
   pull_request:
-    branches: [ 2.2.x ]
   schedule:
     - cron: '26 23 * * 2'
 
@@ -29,7 +26,12 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          54.185.253.63:443
 
     - name: Checkout repository
       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
@@ -45,26 +47,43 @@ jobs:
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a
 
-  qodana:
-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-
-    name: Qodana
-    runs-on: ubuntu-latest
-
-    steps:
-
-      - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
-        with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-      - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
-
-      - name: 'Qodana Scan'
-        uses: JetBrains/qodana-action@main
-        env:
-          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+  #qodana:
+  #  permissions:
+  #    actions: read  # for github/codeql-action/init to get workflow details
+  #    contents: read  # for actions/checkout to fetch code
+  #    security-events: write  # for github/codeql-action/autobuild to send a status report
+  #
+  #  name: Qodana
+  #  runs-on: ubuntu-latest
+  #
+  #  steps:
+  #    - name: Harden Runner
+  #      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+  #      with:
+  #        disable-sudo: true
+  #        egress-policy: block
+  #        allowed-endpoints: >
+  #          api.qodana.cloud:443
+  #          github.com:443
+  #          objects.githubusercontent.com:443
+  #          prod.fus.aws.intellij.net:443
+  #          production.cloudflare.docker.com:443
+  #          qc-results-prod.s3.eu-west-1.amazonaws.com:443
+  #          raw.githubusercontent.com:443
+  #          registry-1.docker.io:443
+  #          auth.docker.io:443
+  #          registry.npmjs.org:443
+  #          resources.jetbrains.com:443
+  #          schemastore.org:443
+  #
+  #    - name: Checkout repository
+  #      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+  #
+  #    - name: 'Qodana Scan'
+  #      uses: JetBrains/qodana-action@61b94e7e3a716dcb9e2030cfd79cd46149d56c26
+  #      env:
+  #        QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+  #
+  #    - uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d
+  #      with:
+  #        sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

.github/workflows/cs.yml

@@ -15,7 +15,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            packagist.org:443
+            54.185.253.63:443
 
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
@@ -52,7 +58,14 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            packagist.org:443
+            raw.githubusercontent.com:443
+            repo.packagist.org:443
 
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
@@ -82,7 +95,14 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            registry.yarnpkg.com:443
+            pipelinesghubeus2.actions.githubusercontent.com:443
+            54.185.253.63:443
 
       - name: Checkout Code
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744

.github/workflows/security-checker.yml

@@ -12,7 +12,10 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
 
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
       - uses: symfonycorp/security-checker-action@258311ef7ac571f1310780ef3d79fc5abef642b5

.github/workflows/static-analysis.yml

@@ -16,7 +16,12 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            packagist.org:443
 
       - name: Checkout
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
@@ -48,23 +53,3 @@ jobs:
 
       - name: Run PHPStan
         run: bin/phpstan analyse -c phpstan.test.neon
-
-  qodana:
-    name: Qodana
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
-        with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
-
-      - name: 'Qodana Scan'
-        uses: JetBrains/qodana-action@77f0ff0c702065648df9fd0340a48919dca5a1ff
-
-      - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a
-        with:
-          sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

.github/workflows/unit-tests.yml

@@ -48,7 +48,20 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            chromedriver.storage.googleapis.com:443
+            codecov.io:443
+            coveralls.io:443
+            github.com:443
+            objects.githubusercontent.com:443
+            packagist.org:443
+            registry.yarnpkg.com:443
+            repo.packagist.org:443
+            storage.googleapis.com:443
+            uploader.codecov.io:443
+            54.185.253.63:443
 
       - name: Checkout
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
@@ -86,6 +99,10 @@ jobs:
       - name: Install dependencies
         run: composer install --ansi --no-interaction --no-scripts --no-progress --prefer-dist
 
+      - name: Downgrade dbrekelmans/bdi on PHP < 8.1
+        if: matrix.php < '8.1'
+        run: composer require --ansi --no-interaction --no-progress --prefer-dist dbrekelmans/bdi:1.0.4
+
       - name: Detect browser drivers
         run: bin/bdi detect drivers
 
@@ -99,7 +116,7 @@ jobs:
 
       - name: Run test suite
         run: |
-          mkdir -p build/logs
+         mkdir -p build/logs
           if [ "$COVERAGE" = '1' ]; then
             bin/phpunit --coverage-clover build/logs/clover.xml
           else

.gitignore

@@ -20,7 +20,7 @@ composer.phar
 !public/fonts/.gitkeep
 !public/img/.gitkeep
 !var/db/.gitkeep
-config/env.php
+config/env/env.php
 .idea
 node_modules
 .rules

bin/phpunit

@@ -115,9 +115,8 @@ if (PHP_VERSION_ID < 80000) {
         (function_exists('stream_get_wrappers') && in_array('phpvfscomposer', stream_get_wrappers(), true))
         || (function_exists('stream_wrapper_register') && stream_wrapper_register('phpvfscomposer', 'Composer\BinProxyWrapper'))
     ) {
-        include("phpvfscomposer://" . __DIR__ . '/..'.'/vendor/phpunit/phpunit/phpunit');
-        exit(0);
+        return include("phpvfscomposer://" . __DIR__ . '/..'.'/vendor/phpunit/phpunit/phpunit');
     }
 }
 
-include __DIR__ . '/..'.'/vendor/phpunit/phpunit/phpunit';
+return include __DIR__ . '/..'.'/vendor/phpunit/phpunit/phpunit';

composer.json

@@ -62,6 +62,7 @@
         "ramsey/uuid": "^4.0",
         "ramsey/uuid-doctrine": "^2.0",
         "sensio/framework-extra-bundle": "^6.2",
+        "sentry/sentry-symfony": "^4.8",
         "solidworx/form-handler-bundle": "^1.0",
         "solidworx/toggler": "dev-master",
         "stof/doctrine-extensions-bundle": "^1.3",
@@ -92,7 +93,11 @@
         "symfony/mime": "^5.4",
         "symfony/monolog-bundle": "^3.7",
         "symfony/options-resolver": "^5.4",
-        "symfony/polyfill": "^1.26",
+        "symfony/polyfill-mbstring": "^1.28",
+        "symfony/polyfill-php80": "^1.28",
+        "symfony/polyfill-php81": "^1.28",
+        "symfony/polyfill-php82": "^1.28",
+        "symfony/polyfill-php83": "^1.28",
         "symfony/postmark-mailer": "^5.4",
         "symfony/property-access": "^5.4",
         "symfony/property-info": "^5.4",
@@ -147,6 +152,13 @@
         "symplify/easy-coding-standard": "^11.1",
         "zenstruck/foundry": "^1.23"
     },
+    "replace": {
+        "symfony/polyfill-php70": "*",
+        "symfony/polyfill-php71": "*",
+        "symfony/polyfill-php72": "*",
+        "symfony/polyfill-php73": "*",
+        "symfony/polyfill-php74": "*"
+    },
     "autoload": {
         "psr-4": {
             "SolidInvoice\\": "src/"
@@ -157,7 +169,8 @@
             "ergebnis/composer-normalize": true,
             "phpstan/extension-installer": true,
             "symfony/flex": true,
-            "symfony/runtime": true
+            "symfony/runtime": true,
+            "php-http/discovery": true
         },
         "bin-dir": "bin",
         "platform": {