merge branch 4.x

.changes/4.0.0-rc.1.md

@@ -0,0 +1,42 @@
+
+## 4.0.0-rc.1 - 2024-09-04
+
+**Road to stable version 4.0**
+
+After almost one year since the latest 3.5.1 release, we’re getting closer to BOX Manifest 4.0 !
+
+This new major version is based on Pipeline Pattern implemented with excellent package <https://github.com/thephpleague/pipeline>
+
+Read this good article <https://medium.com/@bonnotguillaume/software-architecture-the-pipeline-design-pattern-from-zero-to-hero-b5c43d8a4e60>,
+if you are unconfortable with this design pattern.
+
+An effort was made to write a better and enhanced documentation. Read it carefully at <https://llaville.github.io/box-manifest/4.0/>
+
+All features are already included into this first release candidate.
+So, if you want to improve this package before final stable version 4.0, please carefully test this version and report any issues found in the [bug reporting system](https://github.com/llaville/box-manifest/issues).
+
+### Added
+
+- Shortcut `-b` for `--bootstrap` option
+- Shortcut `-r` for `--resource` option
+- New `make` command (to replace legacy commands)
+- New `inspect` command to show PHAR manifest list and details
+- Install `bamarni/composer-bin-plugin` to handle dev tools without conflicts
+- Introduces new ManifestFactory methods: `toSbomJson` and `toSbomXml`
+
+### Changed
+
+- Removed usage of deprecated `Fidry/Console` elements
+- Rename `--format` option to `--output-format`, and change origin of constants and visibility
+- Upgrade `cyclonedx/cyclonedx-library` constraint to use major version 3
+- Use latest SBOM specification version (1.6) as default
+- Consider serialNumber as optional and do not stop SBOM generation if an appropriate source of randomness cannot be found
+- Default build strategy has evolved to produce a new decorated console table format
+- Version of BOX Manifest used to generate stub (from template) is now identified
+- Introduces auto-detection by new filenames (see `Bartlett\BoxManifest\Composer\DefaultStrategy::getCallable` for details)
+
+### Fixed
+
+- [#11](https://github.com/llaville/box-manifest/issues/11) : No longer require `phar.readonly` to be off for using PHPUnit
+
+**Full Changelog**: [3.5.1...4.0.0-rc.1](https://github.com/llaville/box-manifest/compare/3.5.1...4.0.0-rc.1)

.changes/header.tpl.md

@@ -1,5 +1,5 @@
 <!-- markdownlint-disable MD013 MD024 MD036 -->
-# Changes in 3.x
+# Changes in 4.x
 
 All notable changes to this project will be documented in this file.
 

.changie.yaml

@@ -1,3 +1,4 @@
+---
 changesDir: .changes
 unreleasedDir: unreleased
 headerPath: header.tpl.md

.editorconfig

@@ -9,7 +9,7 @@ indent_size = 4
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
-insert_final_newline = true
+#insert_final_newline = true
 
 [*.bat]
 end_of_line = crlf

.github/linters/phpstan.neon.dist

@@ -1,4 +1,5 @@
 parameters:
-    level: 6
+    level: 8
     paths:
         - ../../src/
+    treatPhpDocTypesAsCertain: false

.github/workflows/docker.yml

@@ -1,74 +1,74 @@
+---
 name: Docker
 # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio
 
 on:
-  workflow_dispatch:
-    # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
-    inputs:
-      tag:
-        description: "The Docker Image Tag"
-        required: false
-        default: "latest"
-        type: string
-  workflow_run:
-    # https://stackoverflow.com/questions/58457140/dependencies-between-workflows-on-github-actions
-    workflows:
-      - "Release"
-    branches:
-      - master
-    types:
-      - completed
+    workflow_dispatch:
+        # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
+        inputs:
+            tag:
+                description: "The Docker Image Tag"
+                required: false
+                default: "latest"
+                type: string
+    workflow_run:
+        # https://stackoverflow.com/questions/58457140/dependencies-between-workflows-on-github-actions
+        workflows:
+            - "Release"
+        branches:
+            - master
+        types:
+            - completed
 
 jobs:
-  build:
-    env:
-      DOCKER_LATEST_TAG: ${{ github.event.inputs.tag || 'latest' }}
+    build:
+        env:
+            DOCKER_LATEST_TAG: ${{ github.event.inputs.tag || 'latest' }}
 
-    runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
 
-    steps:
-      - # https://github.com/actions/checkout
-        name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
-          fetch-depth: 0
+        steps:
+            - # https://github.com/actions/checkout
+                name: Checkout code
+                uses: actions/checkout@v4
+                with:
+                    token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+                    fetch-depth: 0
 
-      - # https://github.com/shivammathur/setup-php
-        name: Setup PHP runtime
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: 8.1
+            - # https://github.com/shivammathur/setup-php
+                name: Setup PHP runtime
+                uses: shivammathur/setup-php@v2
+                with:
+                    php-version: 8.2
 
-      - # https://github.com/ramsey/composer-install
-        name: Install Composer dependencies
-        uses: ramsey/composer-install@v2
-        with:
-          composer-options: "--prefer-dist"
+            - # https://github.com/ramsey/composer-install
+                name: Install Composer dependencies
+                uses: ramsey/composer-install@v2
+                with:
+                    composer-options: "--prefer-dist"
 
-      - # https://github.com/docker/setup-qemu-action
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+            - # https://github.com/docker/setup-qemu-action
+                name: Set up QEMU
+                uses: docker/setup-qemu-action@v3
 
-      - # https://github.com/docker/setup-buildx-action
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+            - # https://github.com/docker/setup-buildx-action
+                name: Set up Docker Buildx
+                uses: docker/setup-buildx-action@v3
 
-      - # https://github.com/docker/login-action
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+            - # https://github.com/docker/login-action
+                name: Login to DockerHub
+                uses: docker/login-action@v3
+                with:
+                    registry: ghcr.io
+                    username: ${{ github.actor }}
+                    password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - # https://github.com/docker/build-push-action
-        name: Build and push Docker images
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          tags: |
-            ghcr.io/llaville/box-manifest:${{ env.DOCKER_LATEST_TAG }}
-            ghcr.io/llaville/box-manifest:v3.5
-            ghcr.io/llaville/box-manifest:v3
+            - # https://github.com/docker/build-push-action
+                name: Build and push Docker images
+                uses: docker/build-push-action@v6
+                with:
+                    context: .
+                    push: true
+                    tags: |
+                        ghcr.io/llaville/box-manifest:${{ env.DOCKER_LATEST_TAG }}
+                        ghcr.io/llaville/box-manifest:v4

.github/workflows/gh-pages.yml

@@ -14,5 +14,6 @@ jobs:
     deploy:
         uses: llaville/.github/.github/workflows/gh-pages.yml@master
         with:
-            destination-dir: 3.x
-            php-version: "8.1"
+            destination-dir: "4.0"
+            force-orphan: false
+            php-version: "8.2"

.github/workflows/release.yml

@@ -22,20 +22,20 @@ jobs:
                 os:
                     - ubuntu-22.04
                 php:
-                    - 8.1
+                    - 8.2
 
         steps:
-            -   # Git Checkout
+            -   # https://github.com/actions/checkout
                 name: Checkout
-                uses: actions/checkout@v3
+                uses: actions/checkout@v4
 
-            -   # Setup PHP runtime
+            -   # https://github.com/shivammathur/setup-php
                 name: Setup PHP runtime
                 uses: shivammathur/setup-php@v2
                 with:
                     php-version: ${{ matrix.php }}
 
-            -   # Install Composer dependencies
+            -   # https://github.com/ramsey/composer-install
                 name: Install Composer dependencies
                 uses: ramsey/composer-install@v2
                 with:
@@ -44,19 +44,14 @@ jobs:
             -   # Build the current release with artifacts (php archive)
                 name: Build Release Artifact
                 run: |
-                    bin/box-manifest manifest:build --ansi -vv -c box.json --output-file=sbom.xml
-                    bin/box-manifest manifest:build --ansi -vv -c box.json --output-file=sbom.json
-                    bin/box-manifest manifest:build --ansi -vv -c box.json --output-file=manifest.txt --format ansi
-                    bin/box-manifest manifest:build --ansi -vv -c box.json --output-file=console.txt --format console
-                    bin/box-manifest manifest:stub  --ansi -vv -c box.json --output-file=stub.php --resource console.txt --resource manifest.txt --resource sbom.xml --resource sbom.json
-                    bin/box-manifest box:compile    --ansi -vv -c box.json.dist
+                    bin/box-manifest make build stub configure compile -r console-table.txt -r plain.txt -r sbom.json --output-stub stub.php --output-conf box.json.dist -vvv --ansi
 
-            -   # Create a new Release (from a tag)
+            -   # https://github.com/softprops/action-gh-release
                 name: Create Release from current tag
                 if: github.ref_type == 'tag'
-                uses: softprops/action-gh-release@v1
+                uses: softprops/action-gh-release@v2
                 with:  # https://github.com/softprops/action-gh-release#-customizing
-                    prerelease: false
+                    prerelease: true
                     draft: true
                     body_path: ${{ github.workspace }}/.changes/${{ github.ref_name }}.md
                     # https://github.com/softprops/action-gh-release#%EF%B8%8F-uploading-release-assets

.github/workflows/unit-tests.yml

@@ -17,7 +17,7 @@ jobs:
         uses: llaville/.github/.github/workflows/mega-linter.yml@master
         with:
             repository: ${{ github.repository }}
-            php-version: "8.1"
+            php-version: "8.2"
 
     unit_tests:
         needs: lint_files
@@ -30,33 +30,32 @@ jobs:
             fail-fast: false
             matrix:
                 os:
-                    - ubuntu-20.04
+                    - ubuntu-22.04
                 php:
-                    - 8.1
                     - 8.2
+                    - 8.3
 
         steps:
-            -   # Git Checkout
+            -   # https://github.com/actions/checkout
                 name: Checkout Code
-                uses: actions/checkout@v3
+                uses: actions/checkout@v4
                 with:
                     token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
                     fetch-depth: 0
 
-            -   # Setup PHP runtime
+            -   # https://github.com/shivammathur/setup-php
                 name: Setup PHP runtime
                 uses: shivammathur/setup-php@v2
                 with:
                     php-version: ${{ matrix.php }}
                     ini-values: phar.readonly=0
-                    tools: phpunit
 
-            -   # Install Composer dependencies
+            -   # https://github.com/ramsey/composer-install
                 name: Install Composer dependencies
-                uses: ramsey/composer-install@v2
+                uses: ramsey/composer-install@v3
                 with:
                     composer-options: "--prefer-dist"
 
-            -   # PHPUnit
-                name: PHPUnit
-                run: phpunit --testdox --do-not-cache-result tests/unit
+            -   # https://github.com/sebastianbergmann/phpunit/tree/10.5
+                name: PHPUnit 10
+                run: composer tests:unit

.gitignore

@@ -8,16 +8,29 @@ vendor/
 ###### BOX ######
 .requirement-checker/
 
+###### BOX Manifest ######
+.box.manifests.bin
+console-table.txt
+console-style.txt
+manifest.txt
+plain.txt
+sbom.json
+sbom.xml
+sbom.cdx.json
+sbom.cdx.xml
+custom.bin
+stub.php
+
 ###### PHPLint ######
 .phplint-cache
 .phplint.cache/
 
 ###### PHPUnit ######
 .phpunit.result.cache
 .phpunit.cache
+phpunit.xml
 
 ###### Mega-Linter ######
-report/
 megalinter-reports/
 
 ######################################

.mega-linter.yml

@@ -1,3 +1,4 @@
+---
 PRINT_ALPACA: false
 SHOW_ELAPSED_TIME: true
 EXCLUDED_DIRECTORIES: [".git", ".changes"]
@@ -31,12 +32,10 @@ PHP_PHPLINT_ARGUMENTS: "--no-cache"
 PHP_PHPCS_CLI_LINT_MODE: project
 PHP_PHPCS_CONFIG_FILE: ".phpcs.xml.dist"
 PHP_PHPCS_ARGUMENTS: "-n"
-YAML_PRETTIER_FILTER_REGEX_EXCLUDE: "(\\.github|mkdocs\\.yml|\\.mega-linter\\.yml|\\.changie\\.yaml)"  # As it cannot be added in .gitignore for ML actionlint linter
-YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: "(\\.github|mkdocs\\.yml)"  # As it cannot be added in .gitignore for ML actionlint linter
+YAML_PRETTIER_FILTER_REGEX_EXCLUDE: "(\\.github|mkdocs\\.yml|mkdocs\\.local\\.yml|\\.mega-linter\\.yml|\\.changie\\.yaml)"  # As it cannot be added in .gitignore for ML actionlint linter
+YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: "(\\.github|mkdocs\\.yml|mkdocs\\.local\\.yml)"  # As it cannot be added in .gitignore for ML actionlint linter
 CONFIG_REPORTER: false
 UPDATED_SOURCES_REPORTER: false
-#TEXT_REPORTER: true # cannot be set to true, and should use default value (true), otherwise TAP REPORTER is also generated. See https://github.com/nvuillam/mega-linter/issues/744
 CONSOLE_REPORTER: true
 LOG_LEVEL: INFO
 PRINT_ALL_FILES: false
-PARALLEL: false  # to avoid issue with MegaLinter v6.20.x (see https://github.com/oxsecurity/megalinter/issues/2425)