From 08a8679d4ec9f1349701ecfb4fa52ed5184d3f8d Mon Sep 17 00:00:00 2001
From: Florent Morselli <contact@spomky-labs.com>
Date: Wed, 24 May 2023 22:12:58 +0200
Subject: [PATCH] Add scorecards badge and config (#48)

* Add scorecards badge and config
* Typo
* Min puphunit version
---
 .github/dependabot.yml           |  4 +-
 .github/workflows/scorecards.yml | 63 ++++++++++++++++++++++++++++++++
 README.md                        | 10 +++++
 composer.json                    | 12 +++---
 phpstan.neon                     |  5 ---
 phpunit.xml.dist                 | 14 +++----
 rector.php                       |  3 +-
 7 files changed, 91 insertions(+), 20 deletions(-)
 create mode 100644 .github/workflows/scorecards.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ae2faa4..8da8957 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,11 +9,11 @@ updates:
     open-pull-requests-limit: 20
     allow:
       - dependency-type: all
-    labels: [ "Dependencies" ]
+    labels: [ "dependencies" ]
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 20
-    labels: [ "Dependencies" ]
+    labels: [ "dependencies" ]
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
new file mode 100644
index 0000000..31505af
--- /dev/null
+++ b/.github/workflows/scorecards.yml
@@ -0,0 +1,63 @@
+name: Scorecards supply-chain security
+
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '19 5 * * 7'
+  push:
+    branches: [ "4.3.x" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      # Needs for private repositories.
+      contents: read
+      actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v3.5.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@v2.1.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@v3.1.2
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v2.3.3
+        with:
+          sarif_file: results.sarif
diff --git a/README.md b/README.md
index f3ee077..b8cc112 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,16 @@ COSE Support for PHP
 
 **CBOR Object Signing and Encryption (COSE) Support for PHP** is a **PHP library** that will help you to perform cypher operations using Cose Keys.
 
+
+![Build Status](https://github.com/web-auth/cose-lib/workflows/Integrate/badge.svg)
+
+[![Latest Stable Version](https://poser.pugx.org/web-auth/cose-lib/v/stable.png)](https://packagist.org/packages/web-auth/cose-lib)
+[![Total Downloads](https://poser.pugx.org/web-auth/cose-lib/downloads.png)](https://packagist.org/packages/web-auth/cose-lib)
+[![Latest Unstable Version](https://poser.pugx.org/web-auth/cose-lib/v/unstable.png)](https://packagist.org/packages/web-auth/cose-lib)
+[![License](https://poser.pugx.org/web-auth/cose-lib/license.png)](https://packagist.org/packages/web-auth/cose-lib)
+
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/web-auth/cose-lib/badge)](https://api.securityscorecards.dev/projects/github.com/web-auth/cose-lib)
+
 # Installation
 
 Install the library with Composer: `composer require web-auth/cose-lib`.
diff --git a/composer.json b/composer.json
index baab9c3..cfdd5a6 100644
--- a/composer.json
+++ b/composer.json
@@ -29,18 +29,19 @@
         }
     },
     "require-dev": {
-        "infection/infection": "^0.26.12",
+        "infection/infection": "^0.27",
         "phpstan/phpstan": "^1.7",
         "phpstan/phpstan-deprecation-rules": "^1.0",
         "phpstan/phpstan-phpunit": "^1.1",
         "phpstan/phpstan-strict-rules": "^1.2",
-        "phpunit/phpunit": "^10.0",
-        "rector/rector": "^0.15",
+        "phpunit/phpunit": "^10.1",
+        "rector/rector": "^0.16",
         "symplify/easy-coding-standard": "^11.0",
         "symfony/phpunit-bridge": "^6.1",
         "ekino/phpstan-banned-code": "^1.0",
         "php-parallel-lint/php-parallel-lint": "^1.3",
-        "qossmic/deptrac-shim": "^1.0"
+        "qossmic/deptrac-shim": "^1.0",
+        "phpstan/extension-installer": "^1.3"
     },
     "autoload-dev": {
         "psr-4": {
@@ -49,7 +50,8 @@
     },
     "config": {
         "allow-plugins": {
-            "infection/extension-installer": false
+            "infection/extension-installer": true,
+            "phpstan/extension-installer": true
         }
     },
     "suggest": {
diff --git a/phpstan.neon b/phpstan.neon
index dfdf22b..d205ccd 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -5,9 +5,4 @@ parameters:
 
 includes:
     - vendor/phpstan/phpstan/conf/bleedingEdge.neon
-    - vendor/phpstan/phpstan-strict-rules/rules.neon
-    - vendor/phpstan/phpstan-phpunit/extension.neon
-    - vendor/phpstan/phpstan-deprecation-rules/rules.neon
-    - vendor/phpstan/phpstan-phpunit/rules.neon
-    - vendor/ekino/phpstan-banned-code/extension.neon
     - phpstan-baseline.neon
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 5265f29..6561b01 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -1,15 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.0/phpunit.xsd"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.1/phpunit.xsd"
     colors="true"
-    cacheDirectory=".phpunit.cache"
 >
-    <coverage>
-        <include>
-            <directory suffix=".php">src</directory>
-        </include>
-    </coverage>
+    <coverage/>
     <testsuites>
         <testsuite name="all">
             <directory>tests/</directory>
@@ -23,4 +18,9 @@
         <server name="SHELL_VERBOSITY" value="-1"/>
         <env name="SYMFONY_DEPRECATIONS_HELPER" value="weak"/>
     </php>
+    <source>
+        <include>
+            <directory>src</directory>
+        </include>
+    </source>
 </phpunit>
diff --git a/rector.php b/rector.php
index 48ddfe3..32e8313 100644
--- a/rector.php
+++ b/rector.php
@@ -4,6 +4,7 @@
 
 use Rector\Config\RectorConfig;
 use Rector\Core\ValueObject\PhpVersion;
+use Rector\PHPUnit\Set\PHPUnitLevelSetList;
 use Rector\PHPUnit\Set\PHPUnitSetList;
 use Rector\Set\ValueObject\LevelSetList;
 use Rector\Set\ValueObject\SetList;
@@ -20,7 +21,7 @@
     $config->import(SymfonySetList::ANNOTATIONS_TO_ATTRIBUTES);
     $config->import(PHPUnitSetList::PHPUNIT_EXCEPTION);
     $config->import(PHPUnitSetList::PHPUNIT_SPECIFIC_METHOD);
-    $config->import(PHPUnitSetList::PHPUNIT_100);
+    $config->import(PHPUnitLevelSetList::UP_TO_PHPUNIT_100);
     $config->import(PHPUnitSetList::PHPUNIT_YIELD_DATA_PROVIDER);
     $config->paths([__DIR__ . '/src', __DIR__ . '/tests']);
     $config->phpVersion(PhpVersion::PHP_81);