From 220e5354e89c3b30c024f7dba9ae014414c66783 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 17 Feb 2022 23:42:45 +0100 Subject: [PATCH] Documentation: update for Composer 2.2 Using the `dealerdirect/phpcodesniffer-composer-installer` Composer plugin is recommended to register external PHPCS standards with PHPCS. As of Composer 2.2.0, Composer plugins need to be explicitly allowed to run. This commit: * Adds the necessary configuration for that to the `composer.json` for this project. * Adds the CLI command to set those permissions to the installation instructions for consumer projects. Includes updating the URL references to the plugin to point to the new home of the plugin. (see [upstream issue #146](https://github.com/PHPCSStandards/composer-installer/issues/146)) Refs: * https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution --- CHANGELOG.md | 8 +++++--- README.md | 4 +++- WPCS 3.0.0 UPGRADE GUIDE.md | 7 ++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4e3c08345..86e756ae95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ _No documentation available about unreleased changes as of yet._ - The `sanitize_hex_color()` and the `sanitize_hex_color_no_hash()` functions to the `escapingFunctions` list used by the `WordPress.Security.EscapeOutput` sniff. ### Changed -- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.6`. +- The recommended version of the suggested [Composer PHPCS plugin] is now `^0.6`. ### Fixed - `WordPress.PHP.NoSilencedErrors`: depending on the custom properties set, the metrics would be different. @@ -152,7 +152,7 @@ The move does not affect the package name for Packagist. This remains the same: - The error message for the `WordPress.Security.ValidatedSanitizedInput.MissingUnslash` has been reworded. - The `Sniff::is_comparison()` method now has a new `$include_coalesce` parameter to allow for toggling whether the null coalesce operator should be seen as a comparison operator. Defaults to `true`. - All sniffs are now also being tested against PHP 7.4 (unstable) for consistent sniff results. -- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.5.0`. +- The recommended version of the suggested [Composer PHPCS plugin] is now `^0.5.0`. - Various minor code tweaks and clean up. ### Removed @@ -274,7 +274,7 @@ If you are a maintainer of an external standard based on WordPressCS and any of - Dev: The command to run the unit tests has changed. Please see the updated instructions in the [CONTRIBUTING.md](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/.github/CONTRIBUTING.md) file. The `bin/pre-commit` example git hook has been updated to match. Additionally a `run-tests` script has been added to the `composer.json` file for your convenience. To facilitate this, PHPUnit has been added to `require-dev`, even though it is strictly speaking a dependency of PHPCS, not of WPCS. -- Dev: The DealerDirect PHPCS Composer plugin has been added to `require-dev`. +- Dev: The [Composer PHPCS plugin] has been added to `require-dev`. - Various code tweaks and clean up. - User facing documentation, including the wiki, as well as inline documentation has been updated for all the changes contained in WordPressCS 2.0 and other recommended best practices for `PHP_CodeSniffer` 3.3.1+. @@ -1179,6 +1179,8 @@ See the comparison for full list. Initial tagged release. +[Composer PHPCS plugin]: https://github.com/PHPCSStandards/composer-installer + [Unreleased]: https://github.com/WordPress/WordPress-Coding-Standards/compare/master...HEAD [2.3.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.2.1...2.3.0 [2.2.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.2.0...2.2.1 diff --git a/README.md b/README.md index 36f573722e..0e33421cbc 100644 --- a/README.md +++ b/README.md @@ -67,12 +67,13 @@ The WordPress Coding Standards require: As of WordPressCS 3.0.0, installation via Composer using the below instructions is the only supported type of installation. -[Composer](http://getcomposer.org/) will automatically install the project dependencies and register the rulesets from WordPressCS and other external standards with PHP_CodeSniffer using the [DealerDirect Composer PHPCS plugin](https://github.com/Dealerdirect/phpcodesniffer-composer-installer/). +[Composer](http://getcomposer.org/) will automatically install the project dependencies and register the rulesets from WordPressCS and other external standards with PHP_CodeSniffer using the [Composer PHPCS plugin](https://github.com/PHPCSStandards/composer-installer). ### Composer Project-based Installation Run the following from the root of your project: ```bash +composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer require --dev wp-coding-standards/wpcs:"^3.0" ``` @@ -80,6 +81,7 @@ composer require --dev wp-coding-standards/wpcs:"^3.0" Alternatively, you may want to install this standard globally: ```bash +composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer global require --dev wp-coding-standards/wpcs:"^3.0" ``` diff --git a/WPCS 3.0.0 UPGRADE GUIDE.md b/WPCS 3.0.0 UPGRADE GUIDE.md index 8bf0c0eb4c..54230de0b2 100644 --- a/WPCS 3.0.0 UPGRADE GUIDE.md +++ b/WPCS 3.0.0 UPGRADE GUIDE.md @@ -7,6 +7,7 @@ UPGRADE GUIDE NOTES If you were already using a Composer project based install, upgrade WordPressCS by running: ```bash composer remove --dev dealerdirect/phpcodesniffer-composer-installer higidi/composer-phpcodesniffer-standards-plugin +composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies ``` @@ -15,6 +16,7 @@ composer update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies If you were already using a Composer global install, upgrade WordPressCS by running: ```bash composer global remove --dev dealerdirect/phpcodesniffer-composer-installer higidi/composer-phpcodesniffer-standards-plugin +composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer global update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies ``` @@ -30,7 +32,10 @@ We recommend you change over to using a Composer based install instead. If you have a `` directive in your `phpcs.xml[.dist]` ruleset file: please remove it. -The DealerDirect Composer plugin is now included by default and will take of setting the installed paths for Composer based installs. +The [Composer PHPCS plugin] is now included by default and will take of setting the installed paths for Composer based installs. + +[Composer PHPCS plugin]: https://github.com/PHPCSStandards/composer-installer + Along the same lines, if you had a Composer `post-install-cmd` (or similar) script which registered the `installed_paths`, please remove it as it will interfere/overwrite the installed paths which the Composer plugin sets.