Migrate to GH actions, add phpstan

composer · Dec 9, 2020 · 96a3750 · 96a3750
1 parent 8a7ecad
commit 96a3750
Show file tree

Hide file tree

Showing 8 changed files with 225 additions and 42 deletions.
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -0,0 +1,60 @@
+name: "Continuous Integration"
+
+on:
+  - push
+  - pull_request
+
+env:
+  COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist"
+  SYMFONY_PHPUNIT_REMOVE_RETURN_TYPEHINT: "1"
+
+jobs:
+  tests:
+    name: "CI"
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php-version:
+          - "5.3"
+          - "5.4"
+          - "5.5"
+          - "5.6"
+          - "7.0"
+          - "7.1"
+          - "7.2"
+          - "7.3"
+          - "7.4"
+          - "8.0"
+          - "8.1"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composercache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composercache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: "Install latest dependencies"
+        run: |
+          # Remove PHPStan as it requires a newer PHP
+          composer remove phpstan/phpstan --dev --no-update
+          composer update ${{ env.COMPOSER_FLAGS }}
+
+      - name: "Run tests"
+        run: "vendor/bin/simple-phpunit --verbose"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,30 @@
+name: "PHP Lint"
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  tests:
+    name: "Lint"
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php-version:
+          - "5.3"
+          - "8.0"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Lint PHP files"
+        run: "find src/ -type f -name '*.php' -print0 | xargs -0 -L1 -P4 -- php -l -f"
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
@@ -0,0 +1,51 @@
+name: "PHPStan"
+
+on:
+  - push
+  - pull_request
+
+env:
+  COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist"
+  SYMFONY_PHPUNIT_VERSION: ""
+
+jobs:
+  tests:
+    name: "PHPStan"
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php-version:
+          # pinned to 7.4 because we need PHPUnit 7.5 which does not support PHP 8
+          - "7.4"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composercache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composercache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: "Install latest dependencies"
+        run: "composer update ${{ env.COMPOSER_FLAGS }}"
+
+      - name: Run PHPStan
+        # Locked to phpunit 7.5 here as newer ones have void return types which break inheritance
+        run: |
+          composer require --dev phpunit/phpunit:^7.5.20 --with-all-dependencies ${{ env.COMPOSER_FLAGS }}
+          vendor/bin/phpstan analyse
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ composer.lock
 .php_cs.cache
 build/
 report/
+.phpunit.result.cache
diff --git a/composer.json b/composer.json
@@ -27,7 +27,8 @@
         "php": "^5.3.2 || ^7.0 || ^8.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^4.8.35 || ^5.7 || 6.5 - 8",
+        "symfony/phpunit-bridge": "^4.2 || ^5",
+        "phpstan/phpstan": "^0.12.55",
         "psr/log": "^1.0",
         "symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0"
     },
@@ -43,12 +44,11 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.x-dev"
+            "dev-main": "1.x-dev"
         }
     },
-    "config": {
-        "platform": {
-            "php": "5.3.9"
-        }
+    "scripts": {
+        "test": "SYMFONY_PHPUNIT_REMOVE_RETURN_TYPEHINT=1 vendor/bin/simple-phpunit",
+        "phpstan": "vendor/bin/phpstan analyse"
     }
 }
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -0,0 +1,5 @@
+parameters:
+    level: 8
+    paths:
+        - src
+        - tests
diff --git a/src/CaBundle.php b/src/CaBundle.php
@@ -20,8 +20,11 @@
  */
 class CaBundle
 {
+    /** @var string|null */
     private static $caPath;
+    /** @var array<string, bool> */
     private static $caFileValidity = array();
+    /** @var bool|null */
     private static $useOpensslParse;
 
     /**
@@ -68,7 +71,6 @@ public static function getSystemCaRootBundlePath(LoggerInterface $logger = null)
         }
         $caBundlePaths = array();
 
-
         // If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that.
         // This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
         $caBundlePaths[] = self::getEnvVariable('SSL_CERT_FILE');
@@ -102,11 +104,11 @@ public static function getSystemCaRootBundlePath(LoggerInterface $logger = null)
         $caBundlePaths = array_merge($caBundlePaths, $otherLocations);
 
         foreach ($caBundlePaths as $caBundle) {
-            if (self::caFileUsable($caBundle, $logger)) {
+            if ($caBundle && self::caFileUsable($caBundle, $logger)) {
                 return self::$caPath = $caBundle;
             }
 
-            if (self::caDirUsable($caBundle)) {
+            if ($caBundle && self::caDirUsable($caBundle)) {
                 return self::$caPath = $caBundle;
             }
         }
@@ -128,8 +130,13 @@ public static function getBundledCaBundlePath()
         // cURL does not understand 'phar://' paths
         // see https://github.com/composer/ca-bundle/issues/10
         if (0 === strpos($caBundleFile, 'phar://')) {
+            $tempCaBundleFile = tempnam(sys_get_temp_dir(), 'openssl-ca-bundle-');
+            if (false === $tempCaBundleFile) {
+                throw new \RuntimeException('Could not create a temporary file to store the bundled CA file');
+            }
+
             file_put_contents(
-                $tempCaBundleFile = tempnam(sys_get_temp_dir(), 'openssl-ca-bundle-'),
+                $tempCaBundleFile,
                 file_get_contents($caBundleFile)
             );
 
@@ -173,9 +180,16 @@ public static function validateCaFile($filename, LoggerInterface $logger = null)
             }
 
             $isValid = !empty($contents);
-        } else {
+        } elseif (is_string($contents) && strlen($contents) > 0) {
             $contents = preg_replace("/^(\\-+(?:BEGIN|END))\\s+TRUSTED\\s+(CERTIFICATE\\-+)\$/m", '$1 $2', $contents);
-            $isValid = (bool) openssl_x509_parse($contents);
+            if (null === $contents) {
+                // regex extraction failed
+                $isValid = false;
+            } else {
+                $isValid = (bool) openssl_x509_parse($contents);
+            }
+        } else {
+            $isValid = false;
         }
 
         if ($logger) {
@@ -210,7 +224,7 @@ public static function isOpensslParseSafe()
         if (
                (PHP_VERSION_ID < 50400 && PHP_VERSION_ID >= 50328)
             || (PHP_VERSION_ID < 50500 && PHP_VERSION_ID >= 50423)
-            || (PHP_VERSION_ID < 50600 && PHP_VERSION_ID >= 50507)
+            || PHP_VERSION_ID >= 50507
         ) {
             // This version of PHP has the fix for CVE-2013-6420 applied.
             return self::$useOpensslParse = true;
@@ -277,7 +291,8 @@ public static function isOpensslParseSafe()
         $errorOutput = trim($process->getErrorOutput());
 
         if (
-            count($output) === 3
+            is_array($output)
+            && count($output) === 3
             && $output[0] === sprintf('string(%d) "%s"', strlen(PHP_VERSION), PHP_VERSION)
             && $output[1] === 'string(27) "[email protected]"'
             && $output[2] === 'int(-1)'
@@ -292,6 +307,7 @@ public static function isOpensslParseSafe()
 
     /**
      * Resets the static caches
+     * @return void
      */
     public static function reset()
     {
@@ -300,6 +316,10 @@ public static function reset()
         self::$useOpensslParse = null;
     }
 
+    /**
+     * @param  string $name
+     * @return string|false
+     */
     private static function getEnvVariable($name)
     {
         if (isset($_SERVER[$name])) {
@@ -313,11 +333,19 @@ private static function getEnvVariable($name)
         return false;
     }
 
+    /**
+     * @param  string|false $certFile
+     * @return bool
+     */
     private static function caFileUsable($certFile, LoggerInterface $logger = null)
     {
         return $certFile && @is_file($certFile) && @is_readable($certFile) && static::validateCaFile($certFile, $logger);
     }
 
+    /**
+     * @param  string|false $certDir
+     * @return bool
+     */
     private static function caDirUsable($certDir)
     {
         return $certDir && @is_dir($certDir) && @is_readable($certDir) && glob($certDir . '/*');
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,4 @@ composer.lock @@
     .php_cs.cache
     build/
     report/
+    .phpunit.result.cache