From e3245cd24716ae139db3d6eccd29e816c6feb648 Mon Sep 17 00:00:00 2001 From: James Titcumb Date: Mon, 20 Oct 2025 19:46:17 +0100 Subject: [PATCH 1/4] Use PHP 8.5.0RC2 --- .github/workflows/continuous-integration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 512273e4..2c50e67b 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -59,7 +59,7 @@ jobs: - '8.2.29' - '8.3.25' - '8.4.12' - - '8.5.0beta2' + - '8.5.0RC2' steps: - name: "Purge built-in PHP version" run: | @@ -101,7 +101,7 @@ jobs: run: echo "php_src_download_url=https://www.php.net/distributions/php-${{ matrix.php-versions }}.tar.gz" >> $GITHUB_ENV - name: "Set php-src download URL (8.5 pre-release)" if: ${{ startsWith(matrix.php-versions, '8.5.') }} - run: echo "php_src_download_url=https://downloads.php.net/~daniels/php-${{ matrix.php-versions }}.tar.gz" >> $GITHUB_ENV + run: echo "php_src_download_url=https://downloads.php.net/~edorian/php-${{ matrix.php-versions }}.tar.gz" >> $GITHUB_ENV - name: "Install PHP ${{ matrix.php-versions }}" run: | mkdir -p /tmp/php From 86dfe9a85e163e2da6ef12b6bc747f957757ac0a Mon Sep 17 00:00:00 2001 From: James Titcumb Date: Mon, 20 Oct 2025 19:55:05 +0100 Subject: [PATCH 2/4] Updated dependencies and fix new phpstan violations --- composer.json | 6 +- composer.lock | 65 +++++++++----------- phpstan-baseline.neon | 6 -- src/ComposerIntegration/MinimalHelperSet.php | 2 +- src/SelfManage/Verify/Attestation.php | 1 - 5 files changed, 34 insertions(+), 46 deletions(-) diff --git a/composer.json b/composer.json index 31a4bbc0..ac9e3da0 100644 --- a/composer.json +++ b/composer.json @@ -38,14 +38,14 @@ "symfony/event-dispatcher": "^6.4.25", "symfony/process": "^6.4.26", "thephpf/attestation": "^0.0.2", - "webmozart/assert": "^1.11" + "webmozart/assert": "^1.12" }, "require-dev": { "ext-openssl": "*", - "behat/behat": "^3.24.1", + "behat/behat": "^3.25.0", "bnf/phpstan-psr-container": "^1.1", "doctrine/coding-standard": "^14.0.0", - "phpstan/phpstan": "^2.1.29", + "phpstan/phpstan": "^2.1.31", "phpunit/phpunit": "^10.5.58" }, "replace": { diff --git a/composer.lock b/composer.lock index d35da684..15618c34 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "cbd07fdbcecacd53f2688db8f1a855cd", + "content-hash": "f8803ea4e33a255b7a715a4a0398ea78", "packages": [ { "name": "composer/ca-bundle", @@ -790,16 +790,16 @@ }, { "name": "justinrainbow/json-schema", - "version": "6.5.2", + "version": "6.6.0", "source": { "type": "git", "url": "https://github.com/jsonrainbow/json-schema.git", - "reference": "ac0d369c09653cf7af561f6d91a705bc617a87b8" + "reference": "68ba7677532803cc0c5900dd5a4d730537f2b2f3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/jsonrainbow/json-schema/zipball/ac0d369c09653cf7af561f6d91a705bc617a87b8", - "reference": "ac0d369c09653cf7af561f6d91a705bc617a87b8", + "url": "https://api.github.com/repos/jsonrainbow/json-schema/zipball/68ba7677532803cc0c5900dd5a4d730537f2b2f3", + "reference": "68ba7677532803cc0c5900dd5a4d730537f2b2f3", "shasum": "" }, "require": { @@ -859,9 +859,9 @@ ], "support": { "issues": "https://github.com/jsonrainbow/json-schema/issues", - "source": "https://github.com/jsonrainbow/json-schema/tree/6.5.2" + "source": "https://github.com/jsonrainbow/json-schema/tree/6.6.0" }, - "time": "2025-09-09T09:42:27+00:00" + "time": "2025-10-10T11:34:09+00:00" }, { "name": "marc-mabe/php-enum", @@ -2484,28 +2484,28 @@ }, { "name": "webmozart/assert", - "version": "1.11.0", + "version": "1.12.0", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991" + "reference": "541057574806f942c94662b817a50f63f7345360" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991", - "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360", + "reference": "541057574806f942c94662b817a50f63f7345360", "shasum": "" }, "require": { "ext-ctype": "*", + "ext-date": "*", + "ext-filter": "*", "php": "^7.2 || ^8.0" }, - "conflict": { - "phpstan/phpstan": "<0.12.20", - "vimeo/psalm": "<4.6.1 || 4.6.2" - }, - "require-dev": { - "phpunit/phpunit": "^8.5.13" + "suggest": { + "ext-intl": "", + "ext-simplexml": "", + "ext-spl": "" }, "type": "library", "extra": { @@ -2536,24 +2536,24 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/1.11.0" + "source": "https://github.com/webmozarts/assert/tree/1.12.0" }, - "time": "2022-06-03T18:03:27+00:00" + "time": "2025-10-20T12:43:39+00:00" } ], "packages-dev": [ { "name": "behat/behat", - "version": "v3.24.1", + "version": "v3.25.0", "source": { "type": "git", "url": "https://github.com/Behat/Behat.git", - "reference": "1b67565a55283b6c0d050a0e4c4e44025c791a67" + "reference": "bc7f149dde1cd0da82616e6b280e1c9be2ee53e1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Behat/Behat/zipball/1b67565a55283b6c0d050a0e4c4e44025c791a67", - "reference": "1b67565a55283b6c0d050a0e4c4e44025c791a67", + "url": "https://api.github.com/repos/Behat/Behat/zipball/bc7f149dde1cd0da82616e6b280e1c9be2ee53e1", + "reference": "bc7f149dde1cd0da82616e6b280e1c9be2ee53e1", "shasum": "" }, "require": { @@ -2575,7 +2575,7 @@ "friendsofphp/php-cs-fixer": "^3.68", "phpstan/phpstan": "^2.0", "phpunit/phpunit": "^9.6", - "rector/rector": "2.1.4", + "rector/rector": "2.1.7", "sebastian/diff": "^4.0", "symfony/filesystem": "^5.4 || ^6.4 || ^7.0", "symfony/polyfill-php84": "^1.31", @@ -2632,9 +2632,9 @@ ], "support": { "issues": "https://github.com/Behat/Behat/issues", - "source": "https://github.com/Behat/Behat/tree/v3.24.1" + "source": "https://github.com/Behat/Behat/tree/v3.25.0" }, - "time": "2025-09-15T09:09:06+00:00" + "time": "2025-10-03T20:14:49+00:00" }, { "name": "behat/gherkin", @@ -3199,16 +3199,11 @@ }, { "name": "phpstan/phpstan", - "version": "2.1.29", - "source": { - "type": "git", - "url": "https://github.com/phpstan/phpstan-phar-composer-source.git", - "reference": "git" - }, + "version": "2.1.31", "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/d618573eed4a1b6b75e37b2e0b65ac65c885d88e", - "reference": "d618573eed4a1b6b75e37b2e0b65ac65c885d88e", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/ead89849d879fe203ce9292c6ef5e7e76f867b96", + "reference": "ead89849d879fe203ce9292c6ef5e7e76f867b96", "shasum": "" }, "require": { @@ -3253,7 +3248,7 @@ "type": "github" } ], - "time": "2025-09-25T06:58:18+00:00" + "time": "2025-10-10T14:14:11+00:00" }, { "name": "phpunit/php-code-coverage", diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 48afd727..4fde25ac 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -96,12 +96,6 @@ parameters: count: 1 path: src/ComposerIntegration/Listeners/RemoveUnrelatedInstallOperations.php - - - message: '#^Offset ''question'' on array\{question\: Symfony\\Component\\Console\\Helper\\QuestionHelper\} on left side of \?\? always exists and is not nullable\.$#' - identifier: nullCoalesce.offset - count: 1 - path: src/ComposerIntegration/MinimalHelperSet.php - - message: '#^Parameter \#3 \$package of class Php\\Pie\\ComposerIntegration\\PieComposerInstaller constructor expects Composer\\Package\\BasePackage&Composer\\Package\\RootPackageInterface, Composer\\Package\\RootPackageInterface given\.$#' identifier: argument.type diff --git a/src/ComposerIntegration/MinimalHelperSet.php b/src/ComposerIntegration/MinimalHelperSet.php index cda39161..fc44cb8c 100644 --- a/src/ComposerIntegration/MinimalHelperSet.php +++ b/src/ComposerIntegration/MinimalHelperSet.php @@ -11,7 +11,7 @@ /** @internal This is not public API for PIE, so should not be depended upon unless you accept the risk of BC breaks */ class MinimalHelperSet extends HelperSet { - /** @param array{question: QuestionHelper} $helpers */ + /** @param array{question?: QuestionHelper|mixed} $helpers */ public function __construct(array $helpers) { Assert::isInstanceOf( diff --git a/src/SelfManage/Verify/Attestation.php b/src/SelfManage/Verify/Attestation.php index a040148d..6664cc6a 100644 --- a/src/SelfManage/Verify/Attestation.php +++ b/src/SelfManage/Verify/Attestation.php @@ -56,7 +56,6 @@ public static function fromAttestationBundleWithDsseEnvelope(array $attestation) $decoratedCertificate = "-----BEGIN CERTIFICATE-----\n" . wordwrap($attestation['bundle']['verificationMaterial']['certificate']['rawBytes'], 67, "\n", true) . "\n" . "-----END CERTIFICATE-----\n"; - Assert::stringNotEmpty($decoratedCertificate); $decodedPayload = base64_decode($attestation['bundle']['dsseEnvelope']['payload']); Assert::stringNotEmpty($decodedPayload); From 45fd767087e97df9cdb1fec22b5cf08b693482fd Mon Sep 17 00:00:00 2001 From: James Titcumb Date: Mon, 20 Oct 2025 19:55:25 +0100 Subject: [PATCH 3/4] Add some missing internal annotations --- src/ComposerIntegration/BundledPhpExtensionsRepository.php | 1 + .../InstallForPhpProject/DetermineExtensionsRequired.php | 1 + src/SelfManage/Update/Channel.php | 1 + src/SelfManage/Update/FetchPieRelease.php | 1 - 4 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ComposerIntegration/BundledPhpExtensionsRepository.php b/src/ComposerIntegration/BundledPhpExtensionsRepository.php index bfeae8b1..7c977505 100644 --- a/src/ComposerIntegration/BundledPhpExtensionsRepository.php +++ b/src/ComposerIntegration/BundledPhpExtensionsRepository.php @@ -27,6 +27,7 @@ use function realpath; use function sprintf; +/** @internal This is not public API for PIE, so should not be depended upon unless you accept the risk of BC breaks */ class BundledPhpExtensionsRepository extends ArrayRepository { /** diff --git a/src/Installing/InstallForPhpProject/DetermineExtensionsRequired.php b/src/Installing/InstallForPhpProject/DetermineExtensionsRequired.php index 7e14a611..60619b64 100644 --- a/src/Installing/InstallForPhpProject/DetermineExtensionsRequired.php +++ b/src/Installing/InstallForPhpProject/DetermineExtensionsRequired.php @@ -17,6 +17,7 @@ use function strlen; use function substr; +/** @internal This is not public API for PIE, so should not be depended upon unless you accept the risk of BC breaks */ class DetermineExtensionsRequired { public static function linkFilter(Link $link): bool diff --git a/src/SelfManage/Update/Channel.php b/src/SelfManage/Update/Channel.php index 8447f0b1..57108b7b 100644 --- a/src/SelfManage/Update/Channel.php +++ b/src/SelfManage/Update/Channel.php @@ -4,6 +4,7 @@ namespace Php\Pie\SelfManage\Update; +/** @internal This is not public API for PIE, so should not be depended upon unless you accept the risk of BC breaks */ enum Channel: string { case Stable = 'stable'; diff --git a/src/SelfManage/Update/FetchPieRelease.php b/src/SelfManage/Update/FetchPieRelease.php index 57852bbc..938e99dc 100644 --- a/src/SelfManage/Update/FetchPieRelease.php +++ b/src/SelfManage/Update/FetchPieRelease.php @@ -9,7 +9,6 @@ /** @internal This is not public API for PIE, so should not be depended upon unless you accept the risk of BC breaks */ interface FetchPieRelease { - /** @throws PiePharMissingFromLatestRelease */ public function latestReleaseMetadata(Channel $updateChannel): ReleaseMetadata; /** Download the given pie.phar and return the filename (should be a temp file) */ From 5abb9701781a03d66d5f57224c75ba2751f9fec3 Mon Sep 17 00:00:00 2001 From: James Titcumb Date: Mon, 20 Oct 2025 21:52:54 +0100 Subject: [PATCH 4/4] Use PHP site JSON format to determine download URLs Ref: https://github.com/beberlei/hdrhistogram-php/blob/04d3329726cfee440665f4641552867f34f43c57/.github/actions/install-php/action.yml#L38-L46 --- .github/workflows/continuous-integration.yml | 21 ++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 2c50e67b..0b8e919d 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -55,11 +55,11 @@ jobs: operating-system: - ubuntu-latest php-versions: - - '8.1.33' - - '8.2.29' - - '8.3.25' - - '8.4.12' - - '8.5.0RC2' + - '8.1' + - '8.2' + - '8.3' + - '8.4' + - '8.5' steps: - name: "Purge built-in PHP version" run: | @@ -98,10 +98,15 @@ jobs: libbz2-dev \ libzip-dev - name: "Set php-src download URL" - run: echo "php_src_download_url=https://www.php.net/distributions/php-${{ matrix.php-versions }}.tar.gz" >> $GITHUB_ENV + if: ${{ !startsWith(matrix.php-versions, '8.5') }} + run: | + DIST_URL=`curl -fsSL "https://www.php.net/releases/index.php?json&max=1&version=${{ matrix.php-versions }}" | jq -r '.[].source[]|select(.filename|endswith(".gz")).filename'` + echo "php_src_download_url=https://www.php.net/distributions/$DIST_URL" >> $GITHUB_ENV - name: "Set php-src download URL (8.5 pre-release)" - if: ${{ startsWith(matrix.php-versions, '8.5.') }} - run: echo "php_src_download_url=https://downloads.php.net/~edorian/php-${{ matrix.php-versions }}.tar.gz" >> $GITHUB_ENV + if: ${{ startsWith(matrix.php-versions, '8.5') }} + run: | + RC_URL=`curl -fsSL "https://www.php.net/release-candidates.php?format=json" | jq -r '.releases[]|select(.version|startswith("${{ matrix.php-versions }}")).files.gz.path'` + echo "php_src_download_url=$RC_URL" >> $GITHUB_ENV - name: "Install PHP ${{ matrix.php-versions }}" run: | mkdir -p /tmp/php