Merge pull request #12 from MGatner/tools

Update Toolkit

.github/workflows/compare.yml

@@ -0,0 +1,29 @@
+# When a PR is opened or a push is made, compare
+# code for backwards compatibility.
+name: RoaveBC
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'src/**'
+
+jobs:
+  compare:
+    name: Compare for Backwards Compatibility
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Run comparison (limited)
+        if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
+        uses: docker://nyholm/roave-bc-check-ga
+
+      - name: Run comparison (authenticated)
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
+        uses: docker://nyholm/roave-bc-check-ga
+        env:
+          COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}

.github/workflows/deduplicate.yml

@@ -0,0 +1,39 @@
+# When a PR is opened or a push is made, check code
+# for duplication with PHP Copy/Paste Detector.
+name: PHPCPD
+
+on:
+  pull_request:
+    branches:
+      - 'develop'
+    paths:
+      - 'app/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/deduplicate.yml'
+  push:
+    branches:
+      - 'develop'
+    paths:
+      - 'app/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/deduplicate.yml'
+
+jobs:
+  build:
+    name: Duplicate Code Detection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.0'
+          tools: phpcpd
+          extensions: dom, mbstring
+
+      - name: Detect code duplication
+        run: phpcpd app/ src/ tests/

.github/workflows/inspect.yml

@@ -34,8 +34,8 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: '8.0'
-          tools: composer, pecl, phive, phpunit
-          extensions: intl, json, mbstring, gd, mysqlnd, xdebug, xml, sqlite3
+          tools: composer, pecl, phive
+          extensions: intl, json, mbstring, xml
         env:
           COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -75,5 +75,5 @@ jobs:
 
       - name: Run architectural inspection
         run: |
-            sudo phive --no-progress install --global qossmic/deptrac --trust-gpg-keys B8F640134AB1782E
-            deptrac analyze --cache-file=build/deptrac.cache
+          sudo phive --no-progress install --global --trust-gpg-keys B8F640134AB1782E,A98E898BB53EB748 qossmic/deptrac
+          deptrac analyze --cache-file=build/deptrac.cache

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          tools: composer, pecl, phpunit
+          tools: composer, infection, pecl, phive, phpunit
           extensions: intl, json, mbstring, gd, mysqlnd, xdebug, xml, sqlite3
           coverage: xdebug
         env:
@@ -64,13 +64,15 @@ jobs:
       - if: matrix.php-versions == '8.0'
         name: Mutate with Infection
         run: |
-          composer global require infection/infection
           git fetch --depth=1 origin $GITHUB_BASE_REF
           infection --threads=2 --skip-initial-tests --coverage=build/phpunit --git-diff-base=origin/$GITHUB_BASE_REF --git-diff-filter=AM --logger-github --ignore-msi-with-no-mutations
 
       - if: matrix.php-versions == '8.0'
         name: Run Coveralls
-        run: vendor/bin/php-coveralls --verbose --coverage_clover=build/phpunit/clover.xml --json_path build/phpunit/coveralls-upload.json
+        continue-on-error: true
+        run: |
+          sudo phive --no-progress install --global --trust-gpg-keys E82B2FB314E9906E php-coveralls
+          php-coveralls --verbose --coverage_clover=build/phpunit/clover.xml --json_path build/phpunit/coveralls-upload.json
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COVERALLS_PARALLEL: true

.github/workflows/unused.yml

@@ -0,0 +1,60 @@
+# When a PR is opened or a push is made, check code
+# for unused packages with Composer Unused.
+name: Unused
+
+on:
+  pull_request:
+    branches:
+      - 'develop'
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/unused.yml'
+  push:
+    branches:
+      - 'develop'
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/unused.yml'
+
+jobs:
+  build:
+    name: Unused Package Detection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.0'
+          tools: composer, composer-unused
+          extensions: intl, json, mbstring, xml
+        env:
+          COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install dependencies (limited)
+        if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
+        run: composer update --no-progress --no-interaction --prefer-dist --optimize-autoloader
+
+      - name: Install dependencies (authenticated)
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
+        run: composer update --no-progress --no-interaction --prefer-dist --optimize-autoloader
+        env:
+          COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}
+
+      - name: Detect unused packages
+        run: composer-unused -vvv --profile --ansi --no-interaction --no-progress --excludePackage=php

.gitignore

@@ -6,4 +6,3 @@ phpunit
 composer.lock
 .DS_Store
 .idea/
-.phpunit.result.cache

.php-cs-fixer.dist.php

@@ -0,0 +1,21 @@
+<?php
+
+use CodeIgniter\CodingStandard\CodeIgniter4;
+use Nexus\CsConfig\Factory;
+use PhpCsFixer\Finder;
+
+$finder = Finder::create()
+    ->files()
+    ->in(__DIR__)
+    ->exclude('build')
+    ->append([__FILE__]);
+
+$overrides = [];
+
+$options = [
+    'finder'    => $finder,
+    'cacheFile' => 'build/.php-cs-fixer.cache',
+];
+
+return Factory::create(new CodeIgniter4(), $overrides, $options)->forProjects();
+

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+The development team and community take all security issues seriously. **Please do not make public any uncovered flaws.**
+
+## Reporting a Vulnerability
+
+Thank you for improving the security of our code! Any assistance in removing security flaws will be acknowledged.
+
+**Please report security flaws by emailing the development team directly: **security@codeigniter.com**.
+
+The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating
+the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the
+progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a primary handler.
+This person will coordinate the fix and release process, involving the following steps:
+
+- Confirm the problem and determine the affected versions.
+- Audit code to find any potential similar problems.
+- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a Pull Request.

admin/pre-commit

@@ -29,7 +29,7 @@ done
 if [ "$FILES" != "" ]
 then
 	echo "Running Code Sniffer..."
-	./vendor/bin/phpcbf --standard=PSR12 --encoding=utf-8 -n -p $FILES
+	composer style
 fi
 
 exit $?

composer.json

@@ -25,7 +25,7 @@
         "mockery/mockery": "^1.0",
         "nexusphp/tachycardia": "^1.0",
         "php-coveralls/php-coveralls": "^2.4",
-        "phpstan/phpstan": "^0.12 || ^1.0",
+        "phpstan/phpstan": "^1.0",
         "phpunit/phpunit": "^9.0",
         "squizlabs/php_codesniffer": "^3.3"
     },
@@ -56,9 +56,18 @@
             "bash -c \"if [ -f admin/setup.sh ]; then bash admin/setup.sh; fi\""
         ],
         "analyze": "phpstan analyze",
+        "ci": [
+            "Composer\\Config::disableProcessTimeout",
+            "@deduplicate",
+            "@analyze",
+            "@test",
+            "@inspect",
+            "@style"
+        ],
+        "deduplicate": "phpcpd app/ src/",
         "inspect": "deptrac analyze --cache-file=build/deptrac.cache",
         "mutate": "infection --threads=2 --skip-initial-tests --coverage=build/phpunit",
-        "style": "phpcbf --standard=PSR12 tests/ src/",
+        "style": "php-cs-fixer fix --verbose --ansi --using-cache=no",
         "test": "phpunit"
     }
 }

depfile.yaml

@@ -108,13 +108,15 @@ ruleset:
     - Entity
     - Service
     - Vendor Config
+    - Vendor Entity
     - Vendor Model
   Service:
     - Config
     - Vendor Config
 
   # Ignore anything in the Vendor layers
   Vendor Model:
+    - Config
     - Service
     - Vendor Config
     - Vendor Controller
@@ -129,6 +131,7 @@ ruleset:
     - Vendor Model
     - Vendor View
   Vendor Config:
+    - Config
     - Service
     - Vendor Config
     - Vendor Controller

phpstan.neon.dist

@@ -6,7 +6,7 @@ parameters:
 		- tests
 	bootstrapFiles:
 		- vendor/codeigniter4/codeigniter4/system/Test/bootstrap.php
-	excludes_analyse:
+	excludePaths:
 		- src/Config/Routes.php
 		- src/Views/*
 	ignoreErrors:

roave-bc-check.yaml

@@ -0,0 +1,3 @@
+parameters:
+    ignoreErrors:
+        - '#\[BC\] SKIPPED: .+ could not be found in the located source#'

tests/HelperTest.php

@@ -64,6 +64,6 @@ public function testSettingValueDotArray()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(false, setting('Foo.bar'));
+        $this->assertFalse(setting('Foo.bar'));
     }
 }

tests/SettingsTest.php

@@ -57,7 +57,7 @@ public function testSetInsertsBoolTrue()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(true, $settings->get('Test.siteName'));
+        $this->assertTrue($settings->get('Test.siteName'));
     }
 
     public function testSetInsertsBoolFalse()
@@ -74,7 +74,7 @@ public function testSetInsertsBoolFalse()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(false, $settings->get('Test.siteName'));
+        $this->assertFalse($settings->get('Test.siteName'));
     }
 
     public function testSetInsertsArray()