From fca7f9894975088ed57da65b7acf57200c861d89 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Thu, 11 Nov 2021 14:45:21 +0000
Subject: [PATCH] Update toolkit

---
 .github/workflows/compare.yml     | 29 +++++++++++++++
 .github/workflows/deduplicate.yml | 39 ++++++++++++++++++++
 .github/workflows/inspect.yml     |  8 ++---
 .github/workflows/test.yml        |  8 +++--
 .github/workflows/unused.yml      | 60 +++++++++++++++++++++++++++++++
 .gitignore                        |  1 -
 .php-cs-fixer.dist.php            | 21 +++++++++++
 SECURITY.md                       | 26 ++++++++++++++
 admin/pre-commit                  |  2 +-
 composer.json                     | 13 +++++--
 depfile.yaml                      |  3 ++
 phpstan.neon.dist                 |  2 +-
 roave-bc-check.yaml               |  3 ++
 tests/HelperTest.php              |  2 +-
 tests/SettingsTest.php            |  4 +--
 15 files changed, 206 insertions(+), 15 deletions(-)
 create mode 100644 .github/workflows/compare.yml
 create mode 100644 .github/workflows/deduplicate.yml
 create mode 100644 .github/workflows/unused.yml
 create mode 100644 .php-cs-fixer.dist.php
 create mode 100644 SECURITY.md
 create mode 100644 roave-bc-check.yaml

diff --git a/.github/workflows/compare.yml b/.github/workflows/compare.yml
new file mode 100644
index 0000000..c6b5e9b
--- /dev/null
+++ b/.github/workflows/compare.yml
@@ -0,0 +1,29 @@
+# When a PR is opened or a push is made, compare
+# code for backwards compatibility.
+name: RoaveBC
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'src/**'
+
+jobs:
+  compare:
+    name: Compare for Backwards Compatibility
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Run comparison (limited)
+        if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
+        uses: docker://nyholm/roave-bc-check-ga
+
+      - name: Run comparison (authenticated)
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
+        uses: docker://nyholm/roave-bc-check-ga
+        env:
+          COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}
diff --git a/.github/workflows/deduplicate.yml b/.github/workflows/deduplicate.yml
new file mode 100644
index 0000000..827bbbc
--- /dev/null
+++ b/.github/workflows/deduplicate.yml
@@ -0,0 +1,39 @@
+# When a PR is opened or a push is made, check code
+# for duplication with PHP Copy/Paste Detector.
+name: PHPCPD
+
+on:
+  pull_request:
+    branches:
+      - 'develop'
+    paths:
+      - 'app/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/deduplicate.yml'
+  push:
+    branches:
+      - 'develop'
+    paths:
+      - 'app/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/deduplicate.yml'
+
+jobs:
+  build:
+    name: Duplicate Code Detection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.0'
+          tools: phpcpd
+          extensions: dom, mbstring
+
+      - name: Detect code duplication
+        run: phpcpd app/ src/ tests/
diff --git a/.github/workflows/inspect.yml b/.github/workflows/inspect.yml
index e58e531..23440fe 100644
--- a/.github/workflows/inspect.yml
+++ b/.github/workflows/inspect.yml
@@ -34,8 +34,8 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: '8.0'
-          tools: composer, pecl, phive, phpunit
-          extensions: intl, json, mbstring, gd, mysqlnd, xdebug, xml, sqlite3
+          tools: composer, pecl, phive
+          extensions: intl, json, mbstring, xml
         env:
           COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -75,5 +75,5 @@ jobs:
 
       - name: Run architectural inspection
         run: |
-            sudo phive --no-progress install --global qossmic/deptrac --trust-gpg-keys B8F640134AB1782E
-            deptrac analyze --cache-file=build/deptrac.cache
+          sudo phive --no-progress install --global --trust-gpg-keys B8F640134AB1782E,A98E898BB53EB748 qossmic/deptrac
+          deptrac analyze --cache-file=build/deptrac.cache
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 561601d..ce38955 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,7 +28,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          tools: composer, pecl, phpunit
+          tools: composer, infection, pecl, phive, phpunit
           extensions: intl, json, mbstring, gd, mysqlnd, xdebug, xml, sqlite3
           coverage: xdebug
         env:
@@ -64,13 +64,15 @@ jobs:
       - if: matrix.php-versions == '8.0'
         name: Mutate with Infection
         run: |
-          composer global require infection/infection
           git fetch --depth=1 origin $GITHUB_BASE_REF
           infection --threads=2 --skip-initial-tests --coverage=build/phpunit --git-diff-base=origin/$GITHUB_BASE_REF --git-diff-filter=AM --logger-github --ignore-msi-with-no-mutations
 
       - if: matrix.php-versions == '8.0'
         name: Run Coveralls
-        run: vendor/bin/php-coveralls --verbose --coverage_clover=build/phpunit/clover.xml --json_path build/phpunit/coveralls-upload.json
+        continue-on-error: true
+        run: |
+          sudo phive --no-progress install --global --trust-gpg-keys E82B2FB314E9906E php-coveralls
+          php-coveralls --verbose --coverage_clover=build/phpunit/clover.xml --json_path build/phpunit/coveralls-upload.json
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COVERALLS_PARALLEL: true
diff --git a/.github/workflows/unused.yml b/.github/workflows/unused.yml
new file mode 100644
index 0000000..4d2ee36
--- /dev/null
+++ b/.github/workflows/unused.yml
@@ -0,0 +1,60 @@
+# When a PR is opened or a push is made, check code
+# for unused packages with Composer Unused.
+name: Unused
+
+on:
+  pull_request:
+    branches:
+      - 'develop'
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/unused.yml'
+  push:
+    branches:
+      - 'develop'
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/unused.yml'
+
+jobs:
+  build:
+    name: Unused Package Detection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.0'
+          tools: composer, composer-unused
+          extensions: intl, json, mbstring, xml
+        env:
+          COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install dependencies (limited)
+        if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
+        run: composer update --no-progress --no-interaction --prefer-dist --optimize-autoloader
+
+      - name: Install dependencies (authenticated)
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
+        run: composer update --no-progress --no-interaction --prefer-dist --optimize-autoloader
+        env:
+          COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}
+
+      - name: Detect unused packages
+        run: composer-unused -vvv --profile --ansi --no-interaction --no-progress --excludePackage=php
diff --git a/.gitignore b/.gitignore
index 14bdec5..6f3cfe7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,3 @@ phpunit
 composer.lock
 .DS_Store
 .idea/
-.phpunit.result.cache
diff --git a/.php-cs-fixer.dist.php b/.php-cs-fixer.dist.php
new file mode 100644
index 0000000..3586995
--- /dev/null
+++ b/.php-cs-fixer.dist.php
@@ -0,0 +1,21 @@
+<?php
+
+use CodeIgniter\CodingStandard\CodeIgniter4;
+use Nexus\CsConfig\Factory;
+use PhpCsFixer\Finder;
+
+$finder = Finder::create()
+    ->files()
+    ->in(__DIR__)
+    ->exclude('build')
+    ->append([__FILE__]);
+
+$overrides = [];
+
+$options = [
+    'finder'    => $finder,
+    'cacheFile' => 'build/.php-cs-fixer.cache',
+];
+
+return Factory::create(new CodeIgniter4(), $overrides, $options)->forProjects();
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..81800d9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+The development team and community take all security issues seriously. **Please do not make public any uncovered flaws.**
+
+## Reporting a Vulnerability
+
+Thank you for improving the security of our code! Any assistance in removing security flaws will be acknowledged.
+
+**Please report security flaws by emailing the development team directly: **security@codeigniter.com**.
+
+The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating
+the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the
+progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a primary handler.
+This person will coordinate the fix and release process, involving the following steps:
+
+- Confirm the problem and determine the affected versions.
+- Audit code to find any potential similar problems.
+- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a Pull Request.
diff --git a/admin/pre-commit b/admin/pre-commit
index d52db3c..28177bb 100644
--- a/admin/pre-commit
+++ b/admin/pre-commit
@@ -29,7 +29,7 @@ done
 if [ "$FILES" != "" ]
 then
 	echo "Running Code Sniffer..."
-	./vendor/bin/phpcbf --standard=PSR12 --encoding=utf-8 -n -p $FILES
+	composer style
 fi
 
 exit $?
diff --git a/composer.json b/composer.json
index 5405ff1..7154ab5 100644
--- a/composer.json
+++ b/composer.json
@@ -25,7 +25,7 @@
         "mockery/mockery": "^1.0",
         "nexusphp/tachycardia": "^1.0",
         "php-coveralls/php-coveralls": "^2.4",
-        "phpstan/phpstan": "^0.12 || ^1.0",
+        "phpstan/phpstan": "^1.0",
         "phpunit/phpunit": "^9.0",
         "squizlabs/php_codesniffer": "^3.3"
     },
@@ -56,9 +56,18 @@
             "bash -c \"if [ -f admin/setup.sh ]; then bash admin/setup.sh; fi\""
         ],
         "analyze": "phpstan analyze",
+        "ci": [
+            "Composer\\Config::disableProcessTimeout",
+            "@deduplicate",
+            "@analyze",
+            "@test",
+            "@inspect",
+            "@style"
+        ],
+        "deduplicate": "phpcpd app/ src/",
         "inspect": "deptrac analyze --cache-file=build/deptrac.cache",
         "mutate": "infection --threads=2 --skip-initial-tests --coverage=build/phpunit",
-        "style": "phpcbf --standard=PSR12 tests/ src/",
+        "style": "php-cs-fixer fix --verbose --ansi --using-cache=no",
         "test": "phpunit"
     }
 }
diff --git a/depfile.yaml b/depfile.yaml
index e039a7c..23e144a 100644
--- a/depfile.yaml
+++ b/depfile.yaml
@@ -108,6 +108,7 @@ ruleset:
     - Entity
     - Service
     - Vendor Config
+    - Vendor Entity
     - Vendor Model
   Service:
     - Config
@@ -115,6 +116,7 @@ ruleset:
 
   # Ignore anything in the Vendor layers
   Vendor Model:
+    - Config
     - Service
     - Vendor Config
     - Vendor Controller
@@ -129,6 +131,7 @@ ruleset:
     - Vendor Model
     - Vendor View
   Vendor Config:
+    - Config
     - Service
     - Vendor Config
     - Vendor Controller
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
index e2db4ba..4d2089e 100644
--- a/phpstan.neon.dist
+++ b/phpstan.neon.dist
@@ -6,7 +6,7 @@ parameters:
 		- tests
 	bootstrapFiles:
 		- vendor/codeigniter4/codeigniter4/system/Test/bootstrap.php
-	excludes_analyse:
+	excludePaths:
 		- src/Config/Routes.php
 		- src/Views/*
 	ignoreErrors:
diff --git a/roave-bc-check.yaml b/roave-bc-check.yaml
new file mode 100644
index 0000000..6773bb8
--- /dev/null
+++ b/roave-bc-check.yaml
@@ -0,0 +1,3 @@
+parameters:
+    ignoreErrors:
+        - '#\[BC\] SKIPPED: .+ could not be found in the located source#'
diff --git a/tests/HelperTest.php b/tests/HelperTest.php
index 237b204..22077ac 100644
--- a/tests/HelperTest.php
+++ b/tests/HelperTest.php
@@ -64,6 +64,6 @@ public function testSettingValueDotArray()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(false, setting('Foo.bar'));
+        $this->assertFalse(setting('Foo.bar'));
     }
 }
diff --git a/tests/SettingsTest.php b/tests/SettingsTest.php
index 3e10401..9cc506d 100644
--- a/tests/SettingsTest.php
+++ b/tests/SettingsTest.php
@@ -57,7 +57,7 @@ public function testSetInsertsBoolTrue()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(true, $settings->get('Test.siteName'));
+        $this->assertTrue($settings->get('Test.siteName'));
     }
 
     public function testSetInsertsBoolFalse()
@@ -74,7 +74,7 @@ public function testSetInsertsBoolFalse()
             'type'  => 'boolean',
         ]);
 
-        $this->assertSame(false, $settings->get('Test.siteName'));
+        $this->assertFalse($settings->get('Test.siteName'));
     }
 
     public function testSetInsertsArray()