From 53a1cb5fe9510032c227a71b5c2160dee9e5b015 Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Wed, 22 May 2024 21:28:45 +0200 Subject: [PATCH] Removed PHAR builds support This also removes all tooling around PHAR builds. While PHARs have some use for some community members, PHARs: * do not come with a runtime/environment * are inherently unsafe, because (even if signed) you are relying on packages downloaded and installed by maintainer who created the `.phar` file * do not match your system requirements, which may be misaligned with bundled libraries, since you are relying on the maintainer's ( @Roave / @ocramius ) selected set of dependencies There are various ways to install PHP tools that are way better than PHAR, and that are to be endorsed instead. ## `nix` flake See https://nixos.wiki/wiki/flakes Nix flakes are completely immutable, stable, fully reproducible, customizable, and come with a full supply chain traceability of all dependencies. For maximum stability in your builds, use a nix flake. Patches are welcome to turn this package into a nix flake in itself. ## `composer.json`, `composer.lock` and `composer install` If you have an environment, and you want to install this package into it, generate a `composer.json` and `composer.lock` at a specific location: ```sh cd path/to/tools composer require roave/backward-compatibility-check git add composer.json git add composer.lock git commit -m "Managing own locked version of \`roave/backward-compatibility-check\`" ``` You can then `composer install` from that directory at any time, and run `./path/to/tools/vendor/bin/roave-backward-compatibility-check`. `composer install` will verify that your environment is suited for installation. ## use a `Dockerfile` This approach comes with the same downsides of `.phar` files, but: * tooling to scan for vulnerabilities inside docker images exist, and is very much growing * a docker image comes with the runtime to execute `roave/backward-compatibility-check`, and you can even run the full test suite before baking the image and calling it "compatible" --- .gitattributes | 1 - .github/workflows/release-phar.yml | 35 --- .gitignore | 1 - box.json.dist | 17 -- flake.lock | 409 ----------------------------- flake.nix | 68 ----- 6 files changed, 531 deletions(-) delete mode 100644 .github/workflows/release-phar.yml delete mode 100644 box.json.dist delete mode 100644 flake.lock delete mode 100644 flake.nix diff --git a/.gitattributes b/.gitattributes index 4881f0e8..cbd5d00d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,7 +4,6 @@ /.github/ export-ignore /.gitignore export-ignore /box.json.dist export-ignore -/build-phar.sh export-ignore /infection.json.dist export-ignore /phpcs.xml.dist export-ignore /phpunit.xml.dist export-ignore diff --git a/.github/workflows/release-phar.yml b/.github/workflows/release-phar.yml deleted file mode 100644 index e574c49b..00000000 --- a/.github/workflows/release-phar.yml +++ /dev/null @@ -1,35 +0,0 @@ -# https://help.github.com/en/categories/automating-your-workflow-with-github-actions - -name: "Release PHAR" - -on: - release: - types: - - published - -jobs: - release-phar: - name: "Release PHAR" - - runs-on: ${{ matrix.operating-system }} - - strategy: - matrix: - operating-system: - - "ubuntu-latest" - - steps: - - name: "Checkout" - uses: "actions/checkout@v4" - - - uses: DeterminateSystems/nix-installer-action@v11 - - - name: "Build PHAR" - run: | - "nix run .#build-phar-script" - - - name: "Upload PHAR" - uses: fnkr/github-action-ghr@v1.3 - env: - GHR_PATH: dist/ - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 579f1a00..3b592d78 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ /vendor /infection-log.txt /box.json -/box.phar /dist phpstan.neon phpunit.xml diff --git a/box.json.dist b/box.json.dist deleted file mode 100644 index 425ea7e1..00000000 --- a/box.json.dist +++ /dev/null @@ -1,17 +0,0 @@ -{ - "alias": "roave-backward-compatibility-check", - "banner": false, - "check-requirements": false, - "compactors": [ - "KevinGH\\Box\\Compactor\\Json", - "KevinGH\\Box\\Compactor\\Php" - ], - "compression": "GZ", - "main": "bin/roave-backward-compatibility-check.php", - "output": "dist/roave-backward-compatibility-check.phar", - "files-bin": [ - "LICENSE", - "vendor/composer/composer/LICENSE" - ], - "timestamp": "1970-01-01" -} diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 7a5fb216..00000000 --- a/flake.lock +++ /dev/null @@ -1,409 +0,0 @@ -{ - "nodes": { - "flake-compat": { - "locked": { - "lastModified": 1688025799, - "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" - }, - "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "nix-phps": { - "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1716105002, - "narHash": "sha256-y8HOmG51bN3Qzv28l4OeSg9JmbQ2kGMTBp1fTUurxb8=", - "owner": "fossar", - "repo": "nix-phps", - "rev": "2c7984153d765ebc38c50e966bcaf4644c04c3b5", - "type": "github" - }, - "original": { - "owner": "fossar", - "repo": "nix-phps", - "type": "github" - } - }, - "nix-shell": { - "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nix-phps": "nix-phps", - "nixpkgs": "nixpkgs_2", - "php-src-nix": "php-src-nix", - "systems": "systems_3" - }, - "locked": { - "lastModified": 1716217953, - "narHash": "sha256-RO8+2+tIXmdR6mO+IWhTpKUC7fYTN1MzHB3NwDj40iM=", - "owner": "loophp", - "repo": "nix-shell", - "rev": "8b9b590b756af7756e456a06466605de5dc8c62c", - "type": "github" - }, - "original": { - "owner": "loophp", - "repo": "nix-shell", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1716062047, - "narHash": "sha256-OhysviwHQz4p2HZL4g7XGMLoUbWMjkMr/ogaR3VUYNA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02923630b89aa1ab36ef8e422501a6f4fd4b2016", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - } - }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - } - }, - "nixpkgs-lib_3": { - "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1716128955, - "narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1716062047, - "narHash": "sha256-OhysviwHQz4p2HZL4g7XGMLoUbWMjkMr/ogaR3VUYNA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02923630b89aa1ab36ef8e422501a6f4fd4b2016", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1716293225, - "narHash": "sha256-pU9ViBVE3XYb70xZx+jK6SEVphvt7xMTbm6yDIF4xPs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3eaeaeb6b1e08a016380c279f8846e0bd8808916", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "php-src-81": { - "flake": false, - "locked": { - "lastModified": 1713708715, - "narHash": "sha256-tNjHhPiFWzl1disPB40gawaT1M4utCbWhQQvvSHK5Fk=", - "owner": "php", - "repo": "php-src", - "rev": "469ad32581292693dd3338a486f40ab7cbec33f9", - "type": "github" - }, - "original": { - "owner": "php", - "ref": "PHP-8.1", - "repo": "php-src", - "type": "github" - } - }, - "php-src-82": { - "flake": false, - "locked": { - "lastModified": 1715944122, - "narHash": "sha256-MUlS02DA/0I3tyWfBcvmqyjEuneeQeLXE7IowhUGBkE=", - "owner": "php", - "repo": "php-src", - "rev": "a59868aef8e00ae4eadb752e28166237769e2541", - "type": "github" - }, - "original": { - "owner": "php", - "ref": "PHP-8.2", - "repo": "php-src", - "type": "github" - } - }, - "php-src-83": { - "flake": false, - "locked": { - "lastModified": 1715955256, - "narHash": "sha256-ief7IiAUz/uaLURAxuvpcA1pf1RQwwrnQ6fh9Ywb/Fo=", - "owner": "php", - "repo": "php-src", - "rev": "a89d22cc0cbd0f9c137ca9033fc65f2bd04aff2d", - "type": "github" - }, - "original": { - "owner": "php", - "ref": "PHP-8.3", - "repo": "php-src", - "type": "github" - } - }, - "php-src-master": { - "flake": false, - "locked": { - "lastModified": 1716049700, - "narHash": "sha256-XUMuTFUcDNOWxLpJ2EmOZGyIfU6JT1/fnU259QkVRiU=", - "owner": "php", - "repo": "php-src", - "rev": "52767343b2c104e8f47cd1c2c4531ab2faf47fc9", - "type": "github" - }, - "original": { - "owner": "php", - "ref": "master", - "repo": "php-src", - "type": "github" - } - }, - "php-src-nix": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_3", - "php-src-81": "php-src-81", - "php-src-82": "php-src-82", - "php-src-83": "php-src-83", - "php-src-master": "php-src-master", - "systems": "systems_2" - }, - "locked": { - "lastModified": 1716153270, - "narHash": "sha256-bpHW4UHirwDY7UQBRtymPXJY6mAWW5t+Iur/S3hl81Y=", - "owner": "loophp", - "repo": "php-src-nix", - "rev": "635880ecb504ef1525d7d05d4b7e414345c3416e", - "type": "github" - }, - "original": { - "owner": "loophp", - "repo": "php-src-nix", - "type": "github" - } - }, - "root": { - "inputs": { - "flake-parts": "flake-parts", - "nix-shell": "nix-shell", - "nixpkgs": "nixpkgs_4", - "systems": "systems_4" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 7847a71d..00000000 --- a/flake.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - description = "PHP development environments"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nix-shell.url = "github:loophp/nix-shell"; - systems.url = "github:nix-systems/default"; - }; - - outputs = inputs@{ self, flake-parts, systems, ... }: flake-parts.lib.mkFlake { inherit inputs; } { - systems = import systems; - - perSystem = { config, self', inputs', pkgs, system, lib, ... }: - let - # This function creates a PHP interpreter with the proper required - # extensions by reading the composer.json and infering the extensions to - # enable. - php = pkgs.api.buildPhpFromComposer { - src = ./.; - php = pkgs.php82; - }; - in - { - _module.args.pkgs = import self.inputs.nixpkgs { - inherit system; - overlays = [ - inputs.nix-shell.overlays.default - ]; - }; - - apps = { - build-phar = { - type = "app"; - program = lib.getExe self'.packages.build-phar-script; - }; - }; - - devShells.default = pkgs.mkShellNoCC { - name = "php-devshell"; - buildInputs = [ - php - php.packages.box - php.packages.composer - self'.packages.build-phar-script - ]; - }; - - packages = { - build-phar-script = pkgs.writeShellApplication { - name = "build-phar-script"; - - runtimeInputs = [ - php - php.packages.box - php.packages.composer - ]; - - text = '' - rm -rf vendor - composer validate --strict - composer install --no-dev - box compile --no-interaction - ''; - }; - }; - }; - }; -}