Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This also removes all tooling around PHAR builds. While PHARs have some use for some community members, PHARs: * do not come with a runtime/environment * are inherently unsafe, because (even if signed) you are relying on packages downloaded and installed by maintainer who created the `.phar` file * do not match your system requirements, which may be misaligned with bundled libraries, since you are relying on the maintainer's ( @Roave / @Ocramius ) selected set of dependencies There are various ways to install PHP tools that are way better than PHAR, and that are to be endorsed instead. ## `nix` flake See https://nixos.wiki/wiki/flakes Nix flakes are completely immutable, stable, fully reproducible, customizable, and come with a full supply chain traceability of all dependencies. For maximum stability in your builds, use a nix flake. Patches are welcome to turn this package into a nix flake in itself. ## `composer.json`, `composer.lock` and `composer install` If you have an environment, and you want to install this package into it, generate a `composer.json` and `composer.lock` at a specific location: ```sh cd path/to/tools composer require roave/backward-compatibility-check git add composer.json git add composer.lock git commit -m "Managing own locked version of \`roave/backward-compatibility-check\`" ``` You can then `composer install` from that directory at any time, and run `./path/to/tools/vendor/bin/roave-backward-compatibility-check`. `composer install` will verify that your environment is suited for installation. ## use a `Dockerfile` This approach comes with the same downsides of `.phar` files, but: * tooling to scan for vulnerabilities inside docker images exist, and is very much growing * a docker image comes with the runtime to execute `roave/backward-compatibility-check`, and you can even run the full test suite before baking the image and calling it "compatible"
- Loading branch information
