Backport Html Writer Security Patches #8979
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: main | |
on: [ push, pull_request ] | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
experimental: | |
- false | |
php-version: | |
- '7.4' | |
- '8.0' | |
- '8.1' | |
- '8.2' | |
- '8.3' | |
- '8.4' | |
include: | |
- php-version: 'nightly' | |
experimental: true | |
name: PHP ${{ matrix.php-version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install locales | |
run: sudo apt-get install -y language-pack-fr language-pack-de | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php-version }} | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Delete composer lock file | |
id: composer-lock | |
if: ${{ matrix.php-version == '8.1' || matrix.php-version == '8.2' || matrix.php-version == '8.3' || matrix.php-version == '8.4' || matrix.php-version == 'nightly'}} | |
run: | | |
rm composer.lock | |
echo "flags=--ignore-platform-reqs" >> $GITHUB_OUTPUT | |
- name: Install dependencies | |
run: composer update --no-progress --prefer-dist --optimize-autoloader ${{ steps.composer-lock.outputs.flags }} | |
- name: Setup problem matchers for PHP | |
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" | |
- name: Setup problem matchers for PHPUnit | |
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |
- name: "Run PHPUnit tests 1 (Experimental: ${{ matrix.experimental }})" | |
env: | |
FAILURE_ACTION: "${{ matrix.experimental == true }}" | |
if: ${{ matrix.php-version == '7.4' || matrix.php-version == '8.0' }} | |
run: vendor/bin/phpunit --verbose || $FAILURE_ACTION | |
- name: "Run PHPUnit tests 2 (Experimental: ${{ matrix.experimental }})" | |
env: | |
FAILURE_ACTION: "${{ matrix.experimental == true }}" | |
if: ${{ matrix.php-version == '8.1' || matrix.php-version == '8.2' || matrix.php-version == '8.3' || matrix.php-version == '8.4' || matrix.php-version == 'nightly'}} | |
run: vendor/bin/phpunit --verbose || $FAILURE_ACTION | |
find-polyfill: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
- name: Find code that might require polyfill | |
run: php ./bin/findpolyfill.php | |
php-cs-fixer: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
tools: cs2pr | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Code style with PHP-CS-Fixer | |
run: ./vendor/bin/php-cs-fixer fix --format=checkstyle | cs2pr | |
phpcs: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
tools: cs2pr | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Code style with PHP_CodeSniffer | |
run: ./vendor/bin/phpcs -q --report=checkstyle | cs2pr | |
versions: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
tools: cs2pr | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Code Version Compatibility check with PHP_CodeSniffer | |
run: ./vendor/bin/phpcs -q --report-width=200 --report=summary,full src/ --standard=PHPCompatibility --runtime-set testVersion 7.4- | |
phpstan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: none | |
tools: cs2pr | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Static analysis with PHPStan | |
run: ./vendor/bin/phpstan analyse | |
coverage: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup PHP, with composer and extensions | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.3 | |
extensions: ctype, dom, gd, iconv, fileinfo, libxml, mbstring, simplexml, xml, xmlreader, xmlwriter, zip, zlib | |
coverage: pcov | |
- name: Get composer cache directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache composer dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: composer install --no-progress --prefer-dist --optimize-autoloader | |
- name: Coverage | |
run: | | |
./vendor/bin/phpunit --coverage-clover coverage-clover.xml | |
composer global require scrutinizer/ocular | |
~/.composer/vendor/bin/ocular code-coverage:upload --format=php-clover coverage-clover.xml | |
release: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref }} # Otherwise our annotated tag is not fetched and we cannot get correct version | |
- name: Get release info | |
run: git tag --format '%(contents:body)' --points-at > release-body.txt | |
- uses: ncipollo/release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
bodyFile: release-body.txt | |
makeLatest: false |