diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 190b4da..c0fbc53 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -15,9 +15,10 @@ jobs: - ubuntu-latest php: - - "8.1" - "8.2" - "8.3" + - "8.4" + - "8.5" steps: - name: Checkout diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml new file mode 100644 index 0000000..26c5802 --- /dev/null +++ b/.github/workflows/continuous-integration.yml @@ -0,0 +1,11 @@ +name: "Continuous Integration" + +on: + pull_request: + push: + branches: + tags: + +jobs: + ci: + uses: laminas/workflow-continuous-integration/.github/workflows/continuous-integration.yml@1.x diff --git a/.github/workflows/cs-tests.yml b/.github/workflows/cs-tests.yml deleted file mode 100644 index e8bbade..0000000 --- a/.github/workflows/cs-tests.yml +++ /dev/null @@ -1,47 +0,0 @@ -on: - - push - -name: Run phpcs checks - -jobs: - mutation: - name: PHP ${{ matrix.php }}-${{ matrix.os }} - - runs-on: ${{ matrix.os }} - - strategy: - matrix: - os: - - ubuntu-latest - - php: - - "8.1" - - "8.2" - - "8.3" - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Install PHP - uses: shivammathur/setup-php@v2 - with: - php-version: "${{ matrix.php }}" - tools: composer:v2, cs2pr - coverage: none - - - name: Determine composer cache directory - run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - - - name: Cache dependencies installed with composer - uses: actions/cache@v3 - with: - path: ${{ env.COMPOSER_CACHE_DIR }} - key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} - restore-keys: | - php${{ matrix.php }}-composer- - - name: Install dependencies with composer - run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi - - - name: Run phpcs checks - run: vendor/bin/phpcs diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 6f7452d..9976515 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,11 +1,11 @@ on: - push -name: Run static analysis +name: Run PHPStan checks jobs: mutation: - name: PHP ${{ matrix.php }}-${{ matrix.os }} + name: PHPStan ${{ matrix.php }}-${{ matrix.os }} runs-on: ${{ matrix.os }} @@ -15,33 +15,36 @@ jobs: - ubuntu-latest php: - - "8.1" - "8.2" - "8.3" + - "8.4" + - "8.5" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install PHP uses: shivammathur/setup-php@v2 with: php-version: "${{ matrix.php }}" + coverage: pcov + ini-values: assert.exception=1, zend.assertions=1, error_reporting=-1, log_errors_max_len=0, display_errors=On tools: composer:v2, cs2pr - coverage: none - name: Determine composer cache directory run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - name: Cache dependencies installed with composer - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ env.COMPOSER_CACHE_DIR }} key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} restore-keys: | php${{ matrix.php }}-composer- + - name: Install dependencies with composer run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi - - name: Run static analysis - run: vendor/bin/psalm --no-cache --output-format=github --show-info=false --threads=4 + - name: Run static analysis with PHPStan + run: vendor/bin/phpstan analyse diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml deleted file mode 100644 index 7f5f333..0000000 --- a/.github/workflows/unit-tests.yml +++ /dev/null @@ -1,48 +0,0 @@ -on: - - push - -name: Run PHPUnit tests - -jobs: - mutation: - name: PHP ${{ matrix.php }}-${{ matrix.os }} - - runs-on: ${{ matrix.os }} - - strategy: - matrix: - os: - - ubuntu-latest - - php: - - "8.1" - - "8.2" - - "8.3" - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Install PHP - uses: shivammathur/setup-php@v2 - with: - php-version: "${{ matrix.php }}" - tools: composer:v2, cs2pr - coverage: none - - - name: Determine composer cache directory - run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV - - - name: Cache dependencies installed with composer - uses: actions/cache@v3 - with: - path: ${{ env.COMPOSER_CACHE_DIR }} - key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} - restore-keys: | - php${{ matrix.php }}-composer- - - - name: Install dependencies with composer - run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi - - - name: Run PHPUnit tests - run: vendor/bin/phpunit --colors=always diff --git a/.laminas-ci.json b/.laminas-ci.json new file mode 100644 index 0000000..29216fa --- /dev/null +++ b/.laminas-ci.json @@ -0,0 +1,3 @@ +{ + "backwardCompatibilityCheck": true +} diff --git a/README.md b/README.md index 3c18126..ee91042 100644 --- a/README.md +++ b/README.md @@ -3,14 +3,13 @@ DotKernel event component extending and customizing [laminas-eventmanager](https://docs.laminas.dev/laminas-eventmanager/) ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-event) -![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-event/3.4.2) +![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-event/3.5.0) [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-event)](https://github.com/dotkernel/dot-event/issues) [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-event)](https://github.com/dotkernel/dot-event/network) [![GitHub stars](https://img.shields.io/github/stars/dotkernel/dot-event)](https://github.com/dotkernel/dot-event/stargazers) [![GitHub license](https://img.shields.io/github/license/dotkernel/dot-event)](https://github.com/dotkernel/dot-event/blob/3.0/LICENSE.md) -[![Build Static](https://github.com/dotkernel/dot-event/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-event/actions/workflows/static-analysis.yml) +[![Build Static](https://github.com/dotkernel/dot-event/actions/workflows/continuous-integration.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-event/actions/workflows/continuous-integration.yml) [![codecov](https://codecov.io/gh/dotkernel/dot-event/graph/badge.svg?token=C00YQLVZ7Y)](https://codecov.io/gh/dotkernel/dot-event) - -[![SymfonyInsight](https://insight.symfony.com/projects/5c4a19db-4114-4f92-a838-ea72ec4b9a5a/big.svg)](https://insight.symfony.com/projects/5c4a19db-4114-4f92-a838-ea72ec4b9a5a) +[![PHPStan](https://github.com/dotkernel/dot-event/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-event/actions/workflows/static-analysis.yml) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2ce06d0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,36 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | PHP Version | +|---------|--------------------|-----------------------------------------------------------------------------------------------------------| +| 3.x | :white_check_mark: | ![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-event/3.5.0) | +| <= 2.x | :x: | | + +## Reporting Potential Security Issues + +If you have encountered a potential security vulnerability in this project, +please report it to us at . We will work with you to +verify the vulnerability and patch it. + +When reporting issues, please provide the following information: + +- Component(s) affected +- A description indicating how to reproduce the issue +- A summary of the security vulnerability and impact + +We request that you contact us via the email address above and give the +project contributors a chance to resolve the vulnerability and issue a new +release prior to any public exposure; this helps protect the project's +users and provides them with a chance to upgrade and/or update to +protect their applications. + +## Policy + +If we verify a reported security vulnerability, our policy is: + +- We will patch the current release branch, as well as the immediate prior minor + release branch. + +- After patching the release branches, we will immediately issue new security + fix releases for each patched release branch. diff --git a/composer.json b/composer.json index 8cdd51b..4779c85 100644 --- a/composer.json +++ b/composer.json @@ -17,15 +17,16 @@ } ], "require": { - "php": "~8.1.0 || ~8.2.0 || ~8.3.0", - "psr/http-message": "^1.0 || ^2.0", + "php": "~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0", + "laminas/laminas-eventmanager": "^3.4", "laminas/laminas-servicemanager": "^3.10", - "laminas/laminas-eventmanager": "^3.4" + "psr/http-message": "^1.0 || ^2.0" }, "require-dev": { - "phpunit/phpunit": "^10.2", - "laminas/laminas-coding-standard": "^2.5", - "vimeo/psalm": "^5.13" + "laminas/laminas-coding-standard": "^3.0", + "phpstan/phpstan": "^2.1", + "phpstan/phpstan-phpunit": "^2.0", + "phpunit/phpunit": "^10.2" }, "autoload": { "psr-4": { @@ -40,13 +41,13 @@ "scripts": { "check": [ "@cs-check", - "@test" + "@test", + "@static-analysis" ], "cs-check": "phpcs", "cs-fix": "phpcbf", - "test": "phpunit --colors=always", - "test-coverage": "phpunit --colors=always --coverage-clover clover.xml", - "static-analysis": "psalm --shepherd --stats" + "static-analysis": "phpstan analyse --memory-limit 1G", + "test": "phpunit --colors=always" }, "config": { "allow-plugins": { diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 0000000..349be25 --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,8 @@ +includes: + - vendor/phpstan/phpstan-phpunit/extension.neon +parameters: + level: 5 + paths: + - src + - test + treatPhpDocTypesAsCertain: false diff --git a/psalm.xml b/psalm.xml deleted file mode 100644 index 7272b57..0000000 --- a/psalm.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - diff --git a/test/EventTest.php b/test/EventTest.php index 2068259..1b977da 100644 --- a/test/EventTest.php +++ b/test/EventTest.php @@ -12,7 +12,7 @@ class EventTest extends TestCase public function testEventCreation(): void { $event = new Event('testEvent', $this); - $this->assertInstanceOf(Event::class, $event); + $this->assertContainsOnlyInstancesOf(Event::class, [$event]); } public function testEventPropagation(): void diff --git a/test/Factory/EventManagerFactoryTest.php b/test/Factory/EventManagerFactoryTest.php index 190bf97..69d88e3 100644 --- a/test/Factory/EventManagerFactoryTest.php +++ b/test/Factory/EventManagerFactoryTest.php @@ -42,7 +42,7 @@ public function testInvokeWithSharedEventManager(): void ->willReturn($sharedEventManager); $factory = new EventManagerFactory(); $eventManager = $factory->__invoke($container); - $this->assertInstanceOf(EventManager::class, $eventManager); + $this->assertContainsOnlyInstancesOf(EventManager::class, [$eventManager]); } public function testInvokeWithoutSharedEventManager(): void @@ -54,6 +54,6 @@ public function testInvokeWithoutSharedEventManager(): void ->willReturn(false); $factory = $this->eventManagerFactory; $eventManager = $factory->__invoke($container); - $this->assertInstanceOf(EventManager::class, $eventManager); + $this->assertContainsOnlyInstancesOf(EventManager::class, [$eventManager]); } }