Merge pull request #292 from ergebnis/feature/phar

Enhancement: Compile, sign, and upload composer-normalize.phar on tag
ergebnis · Dec 25, 2019 · b89248f · b89248f
2 parents d91dade + fba8693
commit b89248f
Show file tree

Hide file tree

Showing 14 changed files with 1,541 additions and 25 deletions.
diff --git a/.dependabot/config.yml b/.dependabot/config.yml
@@ -3,6 +3,20 @@
 version: 1
 
 update_configs:
+  - automerged_updates:
+      - match:
+          dependency_type: "development"
+    default_assignees:
+      - "localheinz"
+    default_labels:
+      - "dependency"
+    default_reviewers:
+      - "localheinz"
+    directory: "/phar"
+    package_manager: "php:composer"
+    update_schedule: "live"
+    version_requirement_updates: "increase_versions"
+
   - automerged_updates:
       - match:
           dependency_type: "development"

diff --git a/.gitattributes b/.gitattributes
@@ -1,5 +1,6 @@
 /.dependabot/                   export-ignore
 /.github/                       export-ignore
+/phar/                          export-ignore
 /test/                          export-ignore
 /.editorconfig                  export-ignore
 /.gitattributes                 export-ignore

diff --git a/.github/workflows/continuous-deployment.yml b/.github/workflows/continuous-deployment.yml
@@ -0,0 +1,125 @@
+# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
+
+name: "Continuous Deployment"
+
+on:
+  push:
+    tags:
+      - "**"
+
+env:
+  REQUIRED_PHP_EXTENSIONS: "mbstring"
+
+jobs:
+  release:
+    name: "Release"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "7.4"
+
+        dependencies:
+          - "locked"
+
+    env:
+      COMPOSER_NORMALIZE_PHAR: ".build/phar/composer-normalize.phar"
+      COMPOSER_NORMALIZE_PHAR_SIGNATURE: ".build/phar/composer-normalize.phar.asc"
+      GPG_KEYS: ".build/phar/keys.asc"
+      GPG_KEYS_ENCRYPTED: "phar/keys.asc.gpg"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/[email protected]"
+
+      - name: "Install PHP with extensions"
+        uses: "shivammathur/[email protected]"
+        with:
+          coverage: "none"
+          extensions: "${{ env.REQUIRED_PHP_EXTENSIONS }}"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: "Validate composer.json and composer.lock"
+        run: "composer validate --strict"
+        working-directory: "phar"
+
+      - name: "Cache dependencies installed with composer"
+        uses: "actions/[email protected]"
+        with:
+          path: "~/.composer/cache"
+          key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('**/composer.lock') }}-phar"
+          restore-keys: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-phar"
+
+      - name: "Install locked dependencies required for compiling Phar with composer"
+        run: "composer install --no-interaction --no-progress --no-suggest"
+        working-directory: "phar"
+
+      - name: "Copy files"
+        run: "cp -r resource phar/resource && cp -r src phar/src"
+
+      - name: "Validate configuration for humbug/box"
+        run: "phar/box.phar validate phar/box.json"
+
+      - name: "Compile composer-normalize.phar with humbug/box"
+        run: "phar/box.phar compile --config=phar/box.json"
+
+      - name: "Show info about composer-normalize.phar with humbug/box"
+        run: "phar/box.phar info ${{ env.COMPOSER_NORMALIZE_PHAR }}"
+
+      - name: "Run composer-normalize.phar"
+        run: "${{ env.COMPOSER_NORMALIZE_PHAR }}"
+
+      - name: "Show gpg version"
+        run: "gpg --version"
+
+      - name: "Decrypt keys.asc.gpg with gpg"
+        run: "gpg --batch --output ${{ env.GPG_KEYS }} --passphrase \"${{ secrets.GPG_DECRYPT_PASSPHRASE }}\" --yes --decrypt ${{ env.GPG_KEYS_ENCRYPTED }}"
+
+      - name: "Import keys from keys.asc with gpg"
+        run: "gpg --batch --import ${{ env.GPG_KEYS }}"
+
+      - name: "Sign composer-normalize.phar with gpg"
+        run: "gpg --armor --local-user \"${{ secrets.GPG_LOCAL_USER }}\" --output ${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }} --passphrase \"${{ secrets.GPG_KEY_PASSPHRASE }}\" --pinentry-mode loopback --yes --detach-sig ${{ env.COMPOSER_NORMALIZE_PHAR }}"
+
+      - name: "Verify signature of composer-normalize.phar with gpg"
+        run: "gpg --verify ${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }} ${{ env.COMPOSER_NORMALIZE_PHAR }}"
+
+      - name: "Remove decrypted keys.asc"
+        run: "rm ${{ env.GPG_KEYS }}"
+
+      - name: "Determine tag"
+        id: "determine-tag"
+        run: "echo \"::set-output name=tag::${GITHUB_REF#refs/tags/}\""
+
+      - name: "Create release"
+        id: "create-release"
+        uses: "actions/[email protected]"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          draft: false
+          prerelease: false
+          release_name: "${{ steps.determine-tag.outputs.tag }}"
+          tag_name: "${{ steps.determine-tag.outputs.tag }}"
+
+      - name: "Upload composer-normalize.phar"
+        uses: "actions/[email protected]"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          asset_content_type: "text/plain"
+          asset_name: "composer-normalize.phar"
+          asset_path: "${{ env.COMPOSER_NORMALIZE_PHAR }}"
+          upload_url: "${{ steps.create-release.outputs.upload_url }}"
+
+      - name: "Upload composer-normalize.phar.asc"
+        uses: "actions/[email protected]"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          asset_content_type: "text/plain"
+          asset_name: "composer-normalize.phar.asc"
+          asset_path: "${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }}"
+          upload_url: "${{ steps.create-release.outputs.upload_url }}"
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -1,14 +1,12 @@
 # https://help.github.com/en/categories/automating-your-workflow-with-github-actions
 
+name: "Continuous Integration"
+
 on:
   pull_request:
   push:
     branches:
       - "master"
-    tags:
-      - "**"
-
-name: "Continuous Integration"
 
 env:
   REQUIRED_PHP_EXTENSIONS: "mbstring"

diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,5 @@
 /.build/
+/phar/resource/
+/phar/src/
+/phar/vendor/
 /vendor/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,11 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
-For a full diff see [`2.0.2...master`][2.0.2...master]
+For a full diff see [`2.1.0...master`][2.1.0...master].
+
+## [`2.1.0`][2.1.0]
+
+For a full diff see [`2.0.2...2.1.0`][2.0.2...2.1.0].
+
+### Added
+
+* Started compiling, signing, and uploading `composer-normalize.phar` and `composer-normalize.phar.asc` to release assets when a tag is pushed ([#292]), by [@localheinz]
 
 ## [`2.0.2`][2.0.2]
 
-For a full diff see [`2.0.1...2.0.2`][2.0.1...2.0.2]
+For a full diff see [`2.0.1...2.0.2`][2.0.1...2.0.2].
 
 ### Fixed
 
@@ -27,7 +35,7 @@ For a full diff see [`2.0.0...2.0.1`][2.0.0...2.0.1]
 
 ## [`2.0.0`][2.0.0]
 
-For a full diff see [`1.3.1...2.0.0`][1.3.1...2.0.0]
+For a full diff see [`1.3.1...2.0.0`][1.3.1...2.0.0].
 
 ## Changed
 
@@ -72,63 +80,63 @@ For a full diff see [`1.3.1...2.0.0`][1.3.1...2.0.0]
 
 ## [`1.3.1`][1.3.1]
 
-For a full diff see [`1.3.0...1.3.1`][1.3.0...1.3.1]
+For a full diff see [`1.3.0...1.3.1`][1.3.0...1.3.1].
 
 ### Fixed
 
 * Started using `localheinz/diff` to avoid issues using `sebastian/diff` ([#207]), by [@localheinz]
 
 ## [`1.3.0`][1.3.0]
 
-For a full diff see [`1.2.0...1.3.0`][1.2.0...1.3.0]
+For a full diff see [`1.2.0...1.3.0`][1.2.0...1.3.0].
 
 ### Changed
 
 * Resolve local and fall back to remote schema so that command works offline and behind proxies ([#190]), by [@localheinz]
 
 ## [`1.2.0`][1.2.0]
 
-For a full diff see [`1.1.4...1.2.0`][1.1.4...1.2.0]
+For a full diff see [`1.1.4...1.2.0`][1.1.4...1.2.0].
 
 ### Changed
 
 * Started using the `StrictUnifiedDiffOutputBuilder` when available to create more condensed diffs when using the `--dry-run` option ([#80]), by [@localheinz]
 
 ## [`1.1.4`][1.1.4]
 
-For a full diff see [`1.1.3...1.1.4`][1.1.3...1.1.4]
+For a full diff see [`1.1.3...1.1.4`][1.1.3...1.1.4].
 
 ### Fixed
 
 * Removed requirement for `composer.json` to be writable when using the `--dry-run` option ([#177]), by [@localheinz]
 
 ## [`1.1.3`][1.1.3]
 
-For a full diff see [`1.1.2...1.1.3`][1.1.2...1.1.3]
+For a full diff see [`1.1.2...1.1.3`][1.1.2...1.1.3].
 
 ### Fixed
 
 * Reversed use of red and green for rendering diff when using the `--dry-run` option ([#173]), by [@TravisCarden]
 
 ## [`1.1.2`][1.1.2]
 
-For a full diff see [`1.1.1...1.1.2`][1.1.1...1.1.2]
+For a full diff see [`1.1.1...1.1.2`][1.1.1...1.1.2].
 
 ### Fixed
 
 * Reverted deprecation of the `file` argument of the `NormalizeCommand` as it turns out that the same functionality can _not_ be achieved using the `--working-dir` option ([#166]), by [@localheinz]
 
 ## [`1.1.1`][1.1.1]
 
-For a full diff see [`1.1.0...1.1.1`][1.1.0...1.1.1]
+For a full diff see [`1.1.0...1.1.1`][1.1.0...1.1.1].
 
 ### Removed
 
 * Updated [`localheinz/composer-json-normalizer`](http://github.com/localheinz/composer-json-normalizer), which effectively removed a dependency on [`composer/composer`](https://github.com/composer/composer) ([#157]), by [@localheinz]
 
 ## [`1.1.0`][1.1.0]
 
-For a full diff see [`1.0.0...1.1.0`][1.0.0...1.1.0]
+For a full diff see [`1.0.0...1.1.0`][1.0.0...1.1.0].
 
 ### Deprecated
 
@@ -140,7 +148,7 @@ For a full diff see [`1.0.0...1.1.0`][1.0.0...1.1.0]
 
 ## [`1.0.0`][1.0.0]
 
-For a full diff see [`0.9.0...1.0.0`][0.9.0...1.0.0]
+For a full diff see [`0.9.0...1.0.0`][0.9.0...1.0.0].
 
 ### Added
 
@@ -152,7 +160,7 @@ For a full diff see [`0.9.0...1.0.0`][0.9.0...1.0.0]
 
 ## [`0.9.0`][0.9.0]
 
-For a full diff see [`0.8.0...0.9.0`][0.8.0...0.9.0]
+For a full diff see [`0.8.0...0.9.0`][0.8.0...0.9.0].
 
 ### Changed
 
@@ -164,55 +172,55 @@ For a full diff see [`0.8.0...0.9.0`][0.8.0...0.9.0]
 
 ## [`0.8.0`][0.8.0]
 
-For a full diff see [`0.7.0...0.8.0`][0.7.0...0.8.0]
+For a full diff see [`0.7.0...0.8.0`][0.7.0...0.8.0].
 
 ### Changed
 
 * The `ConfigHashNormalizer` now also sorts the `extra` section ([#60]), by [@localheinz]
 
 ## [`0.7.0`][0.7.0]
 
-For a full diff see [`0.6.0...0.7.0`][0.6.0...0.7.0]
+For a full diff see [`0.6.0...0.7.0`][0.6.0...0.7.0].
 
 ### Changed
 
 * Updated `localheinz/json-normalizer`, which now sniffs the new-line character and uses it for printing instead of using `PHP_EOL` ([#62]), by [@localheinz]
 
 ## [`0.6.0`][0.6.0]
 
-For a full diff see [`0.5.0...0.6.0`][0.5.0...0.6.0]
+For a full diff see [`0.5.0...0.6.0`][0.5.0...0.6.0].
 
 ### Added
 
 * Added a `file` argument to the `NormalizeCommand`, so the path to `composer.json` can be specified now, ([#51]), by [@localheinz]
 
 ## [`0.5.0`][0.5.0]
 
-For a full diff see [`0.4.0...0.5.0`][0.4.0...0.5.0]
+For a full diff see [`0.4.0...0.5.0`][0.4.0...0.5.0].
 
 ### Changed
 
 * Updated `localheinz/json-normalizer`, which significantly improves the `SchemaNormalizer` employed to do the major normalization of `composer.json` ([#42]), by [@localheinz]
 
 ## [`0.4.0`][0.4.0]
 
-For a full diff see [`0.3.0...0.4.0`][0.3.0...0.4.0]
+For a full diff see [`0.3.0...0.4.0`][0.3.0...0.4.0].
 
 ### Added
 
 * Added `--dry-run` option, which allows usage in Continuous Integration systems, as it renders a diff and exits with a non-zero exit code ([#38]), by [@localheinz]
 
 ## [`0.3.0`][0.3.0]
 
-For a full diff see [`0.2.0...0.3.0`][0.2.0...0.3.0]
+For a full diff see [`0.2.0...0.3.0`][0.2.0...0.3.0].
 
 ### Fixed
 
 * Dropped support for PHP 7.0, which allows proper handling of empty PSR-4 namespace prefixes ([#30]), by [@localheinz]
 
 ## [`0.2.0`][0.2.0]
 
-For a full diff see [`0.1.0...0.2.0`][0.1.0...0.2.0]
+For a full diff see [`0.1.0...0.2.0`][0.1.0...0.2.0].
 
 ### Added
 
@@ -257,6 +265,7 @@ For a full diff see [`81bc3a8...0.1.0`][81bc3a8...0.1.0].
 [2.0.0]: https://github.com/ergebnis/composer-normalize/releases/tag/2.0.0
 [2.0.1]: https://github.com/ergebnis/composer-normalize/releases/tag/2.0.1
 [2.0.2]: https://github.com/ergebnis/composer-normalize/releases/tag/2.0.2
+[2.1.0]: https://github.com/ergebnis/composer-normalize/releases/tag/2.1.0
 
 [81bc3a8...0.1.0]: https://github.com/ergebnis/composer-normalize/compare/81bc3a8...0.1.0
 [0.1.0...0.2.0]: https://github.com/ergebnis/composer-normalize/compare/0.1.0...0.2.0
@@ -279,7 +288,8 @@ For a full diff see [`81bc3a8...0.1.0`][81bc3a8...0.1.0].
 [1.3.1...2.0.0]: https://github.com/ergebnis/composer-normalize/compare/1.3.1...2.0.0
 [2.0.0...2.0.1]: https://github.com/ergebnis/composer-normalize/compare/2.0.0...2.0.1
 [2.0.1...2.0.2]: https://github.com/ergebnis/composer-normalize/compare/2.0.1...2.0.2
-[2.0.2...master]: https://github.com/ergebnis/composer-normalize/compare/2.0.2...master
+[2.0.2...2.1.0]: https://github.com/ergebnis/composer-normalize/compare/2.0.2...2.1.0
+[2.1.0...master]: https://github.com/ergebnis/composer-normalize/compare/2.1.0...master
 
 [#1]: https://github.com/ergebnis/composer-normalize/pull/1
 [#2]: https://github.com/ergebnis/composer-normalize/pull/2
@@ -316,6 +326,7 @@ For a full diff see [`81bc3a8...0.1.0`][81bc3a8...0.1.0].
 [#270]: https://github.com/ergebnis/composer-normalize/pull/270
 [#273]: https://github.com/ergebnis/composer-normalize/pull/273
 [#280]: https://github.com/ergebnis/composer-normalize/pull/280
+[#292]: https://github.com/ergebnis/composer-normalize/pull/292
 
 [@ergebnis]: https://github.com/ergebnis
 [@localheinz]: https://github.com/localheinz