Skip to content

Commit

Permalink
Merge pull request #24 from cs278/change-cmd-name
Browse files Browse the repository at this point in the history
Change command name
  • Loading branch information
cs278 authored Feb 3, 2023
2 parents 7ef9fef + 18ef442 commit 6c8f02a
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 13 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,16 @@ jobs:
- '7.3'
- '7.4'
- '8.0'
- '8.1'
- '8.2'
deps:
- highest
- lowest
fail-fast: true
name: PHP ${{ matrix.php }} / ${{ matrix.deps }}
steps:
- uses: actions/checkout@v2
- uses: shivammathur/setup-php@4067ce8b814db5bfc731c8906aa3034f28911e9f
- uses: shivammathur/setup-php@d30ad8b1843ace22e6698ab99bbafaa747b6bd0d
with:
php-version: ${{ matrix.php }}
- name: Cache dependencies
Expand Down Expand Up @@ -66,17 +68,21 @@ jobs:
name: PHP 5.3
steps:
- uses: actions/checkout@v2
- uses: shivammathur/setup-php@4067ce8b814db5bfc731c8906aa3034f28911e9f
- uses: shivammathur/setup-php@d30ad8b1843ace22e6698ab99bbafaa747b6bd0d
with:
php-version: 5.3
tools: composer:2.2
coverage: none
- name: Syntax check
run: |
while read file; do
php -l "$file"
done < <(find src/Legacy -type f -name "*.php")
- name: Integration test
run: |
composer global config allow-plugins.cs278/composer-audit true
composer global config repositories.0 path "$(pwd)"
composer global require --ignore-platform-reqs symfony/yaml '~4.4'
composer global require --ignore-platform-reqs cs278/composer-audit '*@dev'
set +e
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/smokes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ jobs:
os: [ubuntu-latest]
php:
- '7.4'
- '8.0'
- '8.1'
deps:
- highest
- lowest
fail-fast: true
name: PHP ${{ matrix.php }} / ${{ matrix.deps }}
steps:
- uses: actions/checkout@v2
- uses: shivammathur/setup-php@4067ce8b814db5bfc731c8906aa3034f28911e9f
- uses: shivammathur/setup-php@d30ad8b1843ace22e6698ab99bbafaa747b6bd0d
with:
php-version: ${{ matrix.php }}
- name: Cache dependencies
Expand All @@ -39,8 +39,9 @@ jobs:
run: |
export COMPOSER_CACHE_DIR="$(composer global config cache-dir)"
export COMPOSER_HOME="$(mktemp -d)"
composer global config allow-plugins.cs278/composer-audit true
composer global config repositories.0 path "$(pwd)"
composer global require cs278/composer-audit:@dev
cd "$(mktemp -d)"
composer require --no-install cs278/mktemp
composer audit -vvv
composer security-audit -vvv
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ vulnerabilities *without* sending your lock file to an
[external service][security.symfony.com] or using
[closed source software](https://github.com/symfony/cli/issues/37).

Note this command is *distinct* from the `audit` command built into Composer ≥ 2.4.

Installation
------------

Expand Down Expand Up @@ -39,7 +41,7 @@ library) the installed packages, located in `vendor/composer/installed.json`
will be validated instead.

```sh
composer audit
composer security-audit
```

### Audit non development dependencies
Expand All @@ -48,7 +50,7 @@ Only audit your production dependencies from `composer.lock`, this option only
works when there is a `composer.lock` file.

```sh
composer audit --no-dev
composer security-audit --no-dev
```

### Update security advisories database
Expand All @@ -58,7 +60,7 @@ option, without this option being supplied the database will be downloaded if it
does not exist or it’s more than an hour old. For example:

```sh
composer audit --update
composer security-audit --update
```

Configuration
Expand Down Expand Up @@ -119,7 +121,7 @@ composer require symfony/http-foundation 2.0.4
# Require Composer Audit
composer require --dev cs278/composer-audit ^1

composer audit
composer security-audit
Found 9 advisories affecting 1 package(s).

composer://symfony/http-foundation (2.0.4)
Expand Down
8 changes: 7 additions & 1 deletion src/AuditCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,13 @@ final class AuditCommand extends BaseCommand

protected function configure()
{
$this->setName('audit');
$this->setName('security-audit');

// Register alias if there isn't a conflicting command.
if (!\class_exists(\Composer\Command\AuditCommand::class)) {
$this->setAliases(['audit']);
}

$this->setDescription('Check packages for security advisories.');
$this->addOption(
'no-dev',
Expand Down
3 changes: 2 additions & 1 deletion src/Legacy/AuditNotCompatibleCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ final class AuditNotCompatibleCommand extends BaseCommand
protected function configure()
{
// Configuration is copied from AuditCommand so that the command accepts the same inputs.
$this->setName('audit');
$this->setName('security-audit');
$this->setAliases(array('audit'));
$this->setDescription('Check packages for security advisories.');
$this->addOption(
'no-dev',
Expand Down
12 changes: 10 additions & 2 deletions tests/integration/IntegrationTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ public function testRun(int $expectedExit, string $expectedOutput, string $condi
],
'config' => [
'notify-on-install' => false,
'allow-plugins' => [
'cs278/composer-audit' => true,
],
],
'repositories' => [
['type' => 'path', 'url' => getcwd()],
Expand Down Expand Up @@ -128,7 +131,7 @@ public function testRun(int $expectedExit, string $expectedOutput, string $condi
$composer('update')->mustRun();
}

$proc = $composer('audit', ...$args);
$proc = $composer('security-audit', ...$args);

if ($expectedExit === 0) {
$proc->mustRun();
Expand All @@ -140,7 +143,12 @@ public function testRun(int $expectedExit, string $expectedOutput, string $condi
}
}

self::assertEquals($expectedOutput, $proc->getOutput());
// Filter out deprecation notices as there is no way of suppressing these when running Composer.
// https://github.com/composer/composer/blob/50cded331ced9acb4e926be3dda1f74b86af2a3b/bin/composer#L21
$output = \preg_replace('{\nDeprecated: .+?\n}m', '', $proc->getOutput());
$output = \preg_replace('{\nUser Deprecated: .+?\n}m', '', $output);

self::assertEquals($expectedOutput, $output);
self::assertEquals($expectedExit, $proc->getExitCode());
} finally {
(new Filesystem())->remove($workingDir);
Expand Down

0 comments on commit 6c8f02a

Please sign in to comment.