Skip to content

Commit 74f83ab

Browse files
committed
Merge branch 'master' of github.com:/PhpGt/Routing
2 parents f9acf4e + ed24415 commit 74f83ab

File tree

3 files changed

+496
-409
lines changed

3 files changed

+496
-409
lines changed

.github/workflows/ci.yml

Lines changed: 70 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -7,52 +7,52 @@ jobs:
77
runs-on: ubuntu-latest
88
strategy:
99
matrix:
10-
php: [ 8.0, 8.1, 8.2 ]
10+
php: [ 8.1, 8.2, 8.3, 8.4 ]
1111

1212
steps:
13-
- uses: actions/checkout@v3
13+
- uses: actions/checkout@v4
1414

1515
- name: Cache Composer dependencies
16-
uses: actions/cache@v3
16+
uses: actions/cache@v4
1717
with:
1818
path: /tmp/composer-cache
19-
key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
19+
key: ${{ runner.os }}-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
2020

2121
- name: Composer install
2222
uses: php-actions/composer@v6
2323
with:
2424
php_version: ${{ matrix.php }}
2525

2626
- name: Archive build
27-
run: mkdir /tmp/github-actions/ && tar -cvf /tmp/github-actions/build.tar ./
27+
run: mkdir /tmp/github-actions/ && tar --exclude=".git" -cvf /tmp/github-actions/build.tar ./
2828

2929
- name: Upload build archive for test runners
30-
uses: actions/upload-artifact@v3
30+
uses: actions/upload-artifact@v4
3131
with:
32-
name: build-artifact
32+
name: build-artifact-${{ matrix.php }}
3333
path: /tmp/github-actions
3434

3535
phpunit:
3636
runs-on: ubuntu-latest
3737
needs: [ composer ]
3838
strategy:
3939
matrix:
40-
php: [ 8.0, 8.1, 8.2 ]
40+
php: [ 8.1, 8.2, 8.3, 8.4 ]
4141

4242
outputs:
4343
coverage: ${{ steps.store-coverage.outputs.coverage_text }}
4444

4545
steps:
46-
- uses: actions/download-artifact@v3
46+
- uses: actions/download-artifact@v4
4747
with:
48-
name: build-artifact
48+
name: build-artifact-${{ matrix.php }}
4949
path: /tmp/github-actions
5050

5151
- name: Extract build archive
5252
run: tar -xvf /tmp/github-actions/build.tar ./
5353

5454
- name: PHP Unit tests
55-
uses: php-actions/phpunit@v3
55+
uses: php-actions/phpunit@v4
5656
env:
5757
XDEBUG_MODE: cover
5858
with:
@@ -62,40 +62,43 @@ jobs:
6262
coverage_clover: _coverage/clover.xml
6363

6464
- name: Store coverage data
65-
uses: actions/upload-artifact@v3
65+
uses: actions/upload-artifact@v4
6666
with:
67-
name: code-coverage
67+
name: code-coverage-${{ matrix.php }}-${{ github.run_number }}
6868
path: _coverage
6969

7070
coverage:
7171
runs-on: ubuntu-latest
7272
needs: [ phpunit ]
73+
strategy:
74+
matrix:
75+
php: [ 8.1, 8.2, 8.3, 8.4 ]
7376

7477
steps:
75-
- uses: actions/checkout@v3
78+
- uses: actions/checkout@v4
7679

77-
- uses: actions/download-artifact@v3
80+
- uses: actions/download-artifact@v4
7881
with:
79-
name: code-coverage
82+
name: code-coverage-${{ matrix.php }}-${{ github.run_number }}
8083
path: _coverage
8184

8285
- name: Output coverage
8386
run: cat "_coverage/coverage.txt"
8487

8588
- name: Upload to Codecov
86-
uses: codecov/codecov-action@v3
89+
uses: codecov/codecov-action@v5
8790

8891
phpstan:
8992
runs-on: ubuntu-latest
9093
needs: [ composer ]
9194
strategy:
9295
matrix:
93-
php: [ 8.0, 8.1, 8.2 ]
96+
php: [ 8.1, 8.2, 8.3, 8.4 ]
9497

9598
steps:
96-
- uses: actions/download-artifact@v3
99+
- uses: actions/download-artifact@v4
97100
with:
98-
name: build-artifact
101+
name: build-artifact-${{ matrix.php }}
99102
path: /tmp/github-actions
100103

101104
- name: Extract build archive
@@ -107,53 +110,52 @@ jobs:
107110
php_version: ${{ matrix.php }}
108111
path: src/
109112

110-
# TODO: Uncomment these once phpms and phpcs are happy https://github.com/PhpGt/Routing/pull/53
111-
# phpmd:
112-
# runs-on: ubuntu-latest
113-
# needs: [ composer ]
114-
# strategy:
115-
# matrix:
116-
# php: [ 8.0, 8.1, 8.2 ]
117-
#
118-
# steps:
119-
# - uses: actions/download-artifact@v3
120-
# with:
121-
# name: build-artifact
122-
# path: /tmp/github-actions
123-
#
124-
# - name: Extract build archive
125-
# run: tar -xvf /tmp/github-actions/build.tar ./
126-
#
127-
# - name: PHP Mess Detector
128-
# uses: php-actions/phpmd@v1
129-
# with:
130-
# php_version: ${{ matrix.php }}
131-
# path: src/
132-
# output: text
133-
# ruleset: phpmd.xml
134-
#
135-
# phpcs:
136-
# runs-on: ubuntu-latest
137-
# needs: [ composer ]
138-
# strategy:
139-
# matrix:
140-
# php: [ 8.0, 8.1, 8.2 ]
141-
#
142-
# steps:
143-
# - uses: actions/download-artifact@v3
144-
# with:
145-
# name: build-artifact
146-
# path: /tmp/github-actions
147-
#
148-
# - name: Extract build archive
149-
# run: tar -xvf /tmp/github-actions/build.tar ./
150-
#
151-
# - name: PHP Code Sniffer
152-
# uses: php-actions/phpcs@v1
153-
# with:
154-
# php_version: ${{ matrix.php }}
155-
# path: src/
156-
# standard: phpcs.xml
113+
phpmd:
114+
runs-on: ubuntu-latest
115+
needs: [ composer ]
116+
strategy:
117+
matrix:
118+
php: [ 8.1, 8.2, 8.3, 8.4 ]
119+
120+
steps:
121+
- uses: actions/download-artifact@v4
122+
with:
123+
name: build-artifact-${{ matrix.php }}
124+
path: /tmp/github-actions
125+
126+
- name: Extract build archive
127+
run: tar -xvf /tmp/github-actions/build.tar ./
128+
129+
- name: PHP Mess Detector
130+
uses: php-actions/phpmd@v1
131+
with:
132+
php_version: ${{ matrix.php }}
133+
path: src/
134+
output: text
135+
ruleset: phpmd.xml
136+
137+
phpcs:
138+
runs-on: ubuntu-latest
139+
needs: [ composer ]
140+
strategy:
141+
matrix:
142+
php: [ 8.1, 8.2, 8.3, 8.4 ]
143+
144+
steps:
145+
- uses: actions/download-artifact@v4
146+
with:
147+
name: build-artifact-${{ matrix.php }}
148+
path: /tmp/github-actions
149+
150+
- name: Extract build archive
151+
run: tar -xvf /tmp/github-actions/build.tar ./
152+
153+
- name: PHP Code Sniffer
154+
uses: php-actions/phpcs@v1
155+
with:
156+
php_version: ${{ matrix.php }}
157+
path: src/
158+
standard: phpcs.xml
157159

158160
remove_old_artifacts:
159161
runs-on: ubuntu-latest
@@ -163,7 +165,7 @@ jobs:
163165
env:
164166
GH_TOKEN: ${{ github.token }}
165167
run: |
166-
gh api "/repos/${{ github.repository }}/actions/artifacts?name=build-artifact" | jq ".artifacts[] | select(.name == \"build-artifact\") | .id" > artifact-id-list.txt
168+
gh api "/repos/${{ github.repository }}/actions/artifacts" | jq ".artifacts[] | select(.name | startswith(\"build-artifact\")) | .id" > artifact-id-list.txt
167169
while read id
168170
do
169171
echo -n "Deleting artifact ID $id ... "

SECURITY.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
All MAJOR versions of this package will receive security updates for **two years after the next major version is released**. For example, if version 4.0.0 is released, version 3.x will continue receiving security updates for two years from that date.
6+
7+
Versions outside this window are considered end-of-life and will no longer receive updates, even for critical vulnerabilities.
8+
9+
## Reporting a Vulnerability
10+
11+
If you discover a security issue, please report it using GitHub's [**"Report a vulnerability"** feature](../../security/advisories/new) under the **Security** tab of this repository.
12+
13+
When reporting, please include the following information to help us investigate quickly and thoroughly:
14+
15+
- A clear description of the vulnerability and what part of the code it affects.
16+
- Steps to reproduce the issue, ideally including:
17+
- The affected version
18+
- A code snippet or minimal test case
19+
- The expected vs. actual behavior
20+
- If applicable, an explanation of potential impact or severity.
21+
- Any suggested mitigations or patches (optional, but appreciated).
22+
23+
Please do not disclose the vulnerability publicly until we've had a chance to investigate and publish a fix.
24+
25+
We appreciate responsible disclosure and are committed to resolving issues promptly.

0 commit comments

Comments
 (0)