Merge pull request #677 from WordPress/develop

Release 2.0.1

.github/release-checklist.md

@@ -3,18 +3,23 @@ Template to use for release PRs from `develop` to `stable`
 
 :warning: **DO NOT MERGE (YET)** :warning:
 
-PR for tracking changes for the x.x.x release. Target release date: **DOW MONTH DAY YEAR**.
+PR for tracking changes for the x.x.x release.
+
+Target release date: **DOW MONTH DAY YEAR**.
+
 - [ ] Check if any dependencies need updating.
-- [ ] Check if the `certificates/cacert.pem` file needs updating.
-- [ ] Update the version constant in `src/Requests.php`.
+- [ ] Update the version constant in `src/Requests.php` - PR #xxx.
 - [ ] Add changelog for the release - PR #xxx
 - [ ] Merge this PR.
 - [ ] Make sure all CI builds are green.
 - [ ] Tag the release against `stable` and push the tag.
-- [ ] Review the automatically created PR with the GH Pages docs update & merge.
-- [ ] Verify that the website regenerated correctly and is in working order.
+- [ ] Review the automatically created PR with the GH Pages docs update.
 - [ ] Create a release from the tag (careful, GH defaults to `develop`!) & copy & paste the changelog to it.
     Make sure to copy the links to the issues and the links to the GH usernames from the bottom of the changelog!
+- [ ] Merge the GH Pages PR.
+    Note: it is important to do this **after** the release as otherwise the information about the latest release
+    in the site will not be updated correctly from the GitHub API.
+- [ ] Verify that the website regenerated correctly and is in working order.
 - [ ] Close the milestone.
 - [ ] Open a new milestone for the next release.
 - [ ] If any open PRs/issues which were milestoned for the release did not make it into the release, update their milestone.

.github/workflows/cs.yml

@@ -32,7 +32,7 @@ jobs:
       # Install dependencies and handle caching in one go.
       # @link https://github.com/marketplace/actions/install-composer-dependencies
       - name: Install Composer dependencies
-        uses: "ramsey/composer-install@v1"
+        uses: "ramsey/composer-install@v2"
 
       # Check the code-style consistency of the PHP files.
       - name: Check PHP code style

.github/workflows/lint.yml

@@ -41,12 +41,12 @@ jobs:
       # @link https://github.com/marketplace/actions/install-composer-dependencies
       - name: Install Composer dependencies - normal
         if: ${{ startsWith( matrix.php, '8' ) == false && matrix.php != 'latest' }}
-        uses: "ramsey/composer-install@v1"
+        uses: "ramsey/composer-install@v2"
 
       # For PHP 8.0 and "nightly", we need to install with ignore platform reqs.
       - name: Install Composer dependencies - with ignore platform
         if: ${{ startsWith( matrix.php, '8' ) || matrix.php == 'latest' }}
-        uses: "ramsey/composer-install@v1"
+        uses: "ramsey/composer-install@v2"
         with:
           composer-options: --ignore-platform-reqs
 

.github/workflows/quicktest.yml

@@ -47,15 +47,7 @@ jobs:
       # Install dependencies and handle caching in one go.
       # @link https://github.com/marketplace/actions/install-composer-dependencies
       - name: Install Composer dependencies - normal
-        if: ${{ startsWith( matrix.php, '8' ) == false && matrix.php != 'latest' }}
-        uses: "ramsey/composer-install@v1"
-
-      # For PHP 8.0 and "nightly", we need to install with ignore platform reqs.
-      - name: Install Composer dependencies - with ignore platform
-        if: ${{ startsWith( matrix.php, '8' ) || matrix.php == 'latest' }}
-        uses: "ramsey/composer-install@v1"
-        with:
-          composer-options: --ignore-platform-reqs
+        uses: "ramsey/composer-install@v2"
 
       - name: Setup Python
         uses: actions/setup-python@v2

.github/workflows/test.yml

@@ -26,21 +26,16 @@ jobs:
       matrix:
         php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.1']
         coverage: [false]
-        experimental: [false]
 
         include:
           # Run code coverage on high/low PHP.
           - php: '5.6'
             coverage: true
-            experimental: false
           - php: '8.0'
             coverage: true
-            experimental: false
 
     name: "Test: PHP ${{ matrix.php }}"
 
-    continue-on-error: ${{ matrix.experimental }}
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -74,15 +69,7 @@ jobs:
       # Install dependencies and handle caching in one go.
       # @link https://github.com/marketplace/actions/install-composer-dependencies
       - name: Install Composer dependencies - normal
-        if: ${{ startsWith( matrix.php, '8' ) == false && matrix.php != 'latest' }}
-        uses: "ramsey/composer-install@v1"
-
-      # For PHP 8.0 and "nightly", we need to install with ignore platform reqs.
-      - name: Install Composer dependencies - with ignore platform
-        if: ${{ startsWith( matrix.php, '8' ) || matrix.php == 'latest' }}
-        uses: "ramsey/composer-install@v1"
-        with:
-          composer-options: --ignore-platform-reqs
+        uses: "ramsey/composer-install@v2"
 
       - name: Setup problem matcher to provide annotations for PHPUnit
         run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
@@ -147,7 +134,7 @@ jobs:
 
       - name: Send coverage report to Codecov
         if: ${{ success() && matrix.coverage == true }}
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v2
         with:
           files: ./clover.xml
           fail_ci_if_error: true

.github/workflows/update-cacert.yml

@@ -0,0 +1,99 @@
+name: Certificates
+
+on:
+  # Run every day at 4:20.
+  schedule:
+    - cron: '20 4 * * *'
+  # Run on every push to `stable` and `develop`.
+  # Not using path selection here as it appears only the files in the last commit from the push are looked at.
+  push:
+    branches:
+      - 'stable'
+      - 'develop'
+  # And whenever this workflow is updated or a PR attempts to update the certificate files.
+  pull_request:
+    paths:
+      - '.github/workflows/update-cacert.yml'
+      - 'certificates/cacert.pem'
+      - 'certificates/cacert.pem.sha256'
+  # Also allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  certificate-check:
+    name: "Check for updated certificate bundle"
+    # Don't run the cron job on forks.
+    if: ${{ github.event_name != 'schedule' || github.repository == 'WordPress/Requests' }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Determine branches to use
+        id: branches
+        env:
+          HEAD_REF: ${{ github.head_ref }}
+        run: |
+          if [[ "${{ github.event_name }}" == 'schedule' ]]; then
+            echo "::set-output name=BASE::develop"
+          elif [[ "${{ github.event_name }}" == 'push' ]]; then
+            # Pull requests should always go to develop, even when triggered via stable.
+            echo "::set-output name=BASE::develop"
+          else # = PR or manual run.
+            echo "::set-output name=BASE::$HEAD_REF"
+          fi
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Restore etags cache for certificate files
+        uses: actions/cache@v2
+        with:
+          path: certificates/etag-*.txt
+          key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }}
+          restore-keys: |
+            curl-etag-
+
+      - name: Get current certificate bundle if changed
+        working-directory: ./certificates
+        run: curl --etag-compare etag-cert.txt --etag-save etag-cert.txt --remote-name https://curl.se/ca/cacert.pem
+
+      - name: Get current SHA256 checksum file for the bundle if changed
+        working-directory: ./certificates
+        run: curl --etag-compare etag-sha.txt --etag-save etag-sha.txt --remote-name https://curl.se/ca/cacert.pem.sha256
+
+      - name: Verify the checksum of the downloaded bundle
+        working-directory: ./certificates
+        run: sha256sum --check cacert.pem.sha256
+
+      - name: "Debug info: Show git status"
+        run: git status -vv --untracked=all
+
+      # http://man7.org/linux/man-pages/man1/date.1.html
+      - name: "Get date"
+        id: get-date
+        run: echo "::set-output name=DATE::$(/bin/date -u "+%F")"
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          base: ${{ steps.branches.outputs.BASE }}
+          branch: "feature/auto-update-cacert"
+          delete-branch: true
+          commit-message: ":lock_with_ink_pen: Update certificate bundle"
+          title: ":lock_with_ink_pen: Update certificate bundle"
+          body: |
+            Updated certificate bundle as of ${{ steps.get-date.outputs.DATE }}.
+
+            Source: https://curl.se/docs/caextract.html
+
+            This PR is auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request) using the `.github/workflows/update-cacert.yml` workflow.
+          labels: |
+            Type: enhancement
+          reviewers: |
+            jrfnl
+            schlessera

.github/workflows/update-website.yml

@@ -4,9 +4,11 @@ on:
   # Trigger the workflow whenever a new tag is created.
   push:
     tags:
-      - '2**'
+      - '**'
   # And whenever this workflow or one of the associated scripts is updated.
   pull_request:
+    branches-ignore:
+      - 'stable'
     paths:
       - '.github/workflows/update-website.yml'
       - 'build/ghpages/**'
@@ -33,9 +35,11 @@ jobs:
       # to have access to the latest version of the workflow/scripts.
       - name: Determine branch to use
         id: base_branch
+        env:
+          REF: ${{ github.ref }}
         run: |
           if [ "${{ github.event_name }}" == "pull_request" ]; then
-            echo '::set-output name=BRANCH::${{ github.ref }}'
+            echo "::set-output name=BRANCH::$REF"
           else
             echo '::set-output name=BRANCH::stable'
           fi
@@ -86,16 +90,19 @@ jobs:
       # always be based on the latest release.
       - name: Determine PR title prefix, body and more
         id: get_pr_info
+        env:
+          REF_NAME: ${{ github.ref_name }}
+          TAG_NAME: ${{ github.event.release.tag_name }}
         run: |
           if [ "${{ github.event_name }}" == "pull_request" ]; then
-            echo '::set-output name=REF::${{ github.ref_name }}'
+            echo "::set-output name=REF::$REF_NAME"
             echo '::set-output name=PR_TITLE_PREFIX::[TEST | DO NOT MERGE] '
             echo '::set-output name=PR_BODY::Test run for the website update after changes to the automated scripts.'
             echo '::set-output name=DRAFT::true'
           else
-            echo '::set-output name=REF::${{ github.event.release.tag_name }}'
+            echo "::set-output name=REF::$TAG_NAME"
             echo '::set-output name=PR_TITLE_PREFIX::'
-            echo '::set-output name=PR_BODY::Website update after the release of Requests ${{ github.event.release.tag_name }}.'
+            echo "::set-output name=PR_BODY::Website update after the release of Requests $TAG_NAME."
             echo '::set-output name=DRAFT::false'
           fi
 
@@ -122,9 +129,11 @@ jobs:
 
       # The commit should contain all changes in the API directory, both tracked and untracked!
       - name: Commit the API docs separately
+        env:
+          ACTOR: ${{ github.actor }}
         run: |
           git config user.name 'GitHub Action'
-          git config user.email '${{ github.actor }}@users.noreply.github.com'
+          git config user.email "$ACTOR@users.noreply.github.com"
           git add -A ./api-2.x/
           git commit --allow-empty --message="GH Pages: update API docs for Requests ${{ steps.get_pr_info.outputs.REF }}"
 
@@ -160,10 +169,21 @@ jobs:
           body: |
             ${{ steps.get_pr_info.outputs.PR_BODY }}
 
-            This PR is auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request).
+            This PR is auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request) using the `.github/workflows/update-website.yml` workflow.
           labels: |
             Type: documentation
-          reviewer: |
+          reviewers: |
             jrfnl
             schlessera
           draft: ${{ steps.get_pr_info.outputs.DRAFT }}
+
+      # Test that the site builds correctly.
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          # Use the version as per https://pages.github.com/versions/.
+          ruby-version: 2.7.3
+          bundler-cache: true
+
+      - name: Test building the GH Pages site
+        run: bundle exec jekyll build

.gitignore

@@ -18,3 +18,6 @@ phpcs.xml
 phpdoc.xml
 build/ghpages/.phpdoc
 build/ghpages/artifacts
+
+# Ignore temporary files for certificate downloads.
+certificates/etag-*.txt

.phpcs.xml.dist

@@ -92,15 +92,9 @@
 			 Miscellaneous other exclusions.
 			 ========================================================================== -->
 
-		<!-- This repo complies with PSR 0 for filename conventions. -->
+		<!-- This repo complies with PSR 4 for filename conventions. -->
 		<exclude name="WordPress.Files.FileName"/>
 
-		<!-- This code base consistently has the second keyword of multi-part control structures
-			 on a new line.
-			 Once WPCS 3.0.0 comes out, the style used in this repo can be enforced via the
-			 Universal.ControlStructures.IfElseDeclaration sniff from PHPCSExtra. -->
-		<exclude name="Squiz.ControlStructures.ControlSignature.SpaceAfterCloseBrace"/>
-
 		<!-- WPCS demands long arrays. We'll be using short arrays from now on. -->
 		<exclude name="Generic.Arrays.DisallowShortArraySyntax"/>
 
@@ -141,8 +135,6 @@
 
 	<!-- Include replacement sniffs which enforce the opposite of WPCS for several excluded sniffs. -->
 	<rule ref="Squiz.WhiteSpace.ControlStructureSpacing">
-		<!-- Note: These two violations should potentially be addressed at a later point in time. -->
-		<exclude name="Squiz.WhiteSpace.ControlStructureSpacing.NoLineAfterClose"/>
 		<exclude name="Squiz.WhiteSpace.ControlStructureSpacing.LineAfterClose"/>
 	</rule>
 
@@ -222,28 +214,10 @@
 	#############################################################################
 	-->
 
-	<!-- ==========================================================================
-		 Package code
-		 ========================================================================== -->
-
-	<!-- Don't rename existing classes to prevent a BC break. -->
-	<rule ref="PEAR.NamingConventions.ValidClassName.Invalid">
-		<exclude-pattern>*/library/Deprecated\.php$</exclude-pattern>
-	</rule>
-
-	<rule ref="Generic.Files.OneObjectStructurePerFile.MultipleFound">
-		<exclude-pattern>*/library/Deprecated\.php$</exclude-pattern>
-	</rule>
-
 	<!-- ==========================================================================
 		 Example code
 		 ========================================================================== -->
 
-	<!-- Using short arrays in example code is fine. -->
-	<rule ref="Generic.Arrays.DisallowShortArraySyntax.Found">
-		<exclude-pattern>/examples/cookie_jar\.php$</exclude-pattern>
-	</rule>
-
 	<!-- Using var_dump() in example code is fine. -->
 	<rule ref="WordPress.PHP.DevelopmentFunctions.error_log_var_dump">
 		<exclude-pattern>/examples/[^/]+\.php$</exclude-pattern>