Skip to content

Commit

Permalink
Documentation: update for Composer 2.2
Browse files Browse the repository at this point in the history
Using the `dealerdirect/phpcodesniffer-composer-installer` Composer plugin is recommended to register external PHPCS standards with PHPCS.

As of Composer 2.2.0, Composer plugins need to be explicitly allowed to run.

This commit:
* Adds the necessary configuration for that to the `composer.json` for this project.
* Adds the CLI command to set those permissions to the installation instructions for consumer projects.

Includes updating the URL references to the plugin to point to the new home of the plugin. (see [upstream issue WordPress#146](PHPCSStandards/composer-installer#146))

Refs:
* https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution
  • Loading branch information
jrfnl committed Aug 10, 2022
1 parent d724f4f commit b75329f
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 5 deletions.
8 changes: 5 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ _No documentation available about unreleased changes as of yet._
- The `sanitize_hex_color()` and the `sanitize_hex_color_no_hash()` functions to the `escapingFunctions` list used by the `WordPress.Security.EscapeOutput` sniff.

### Changed
- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.6`.
- The recommended version of the suggested [Composer PHPCS plugin] is now `^0.6`.

### Fixed
- `WordPress.PHP.NoSilencedErrors`: depending on the custom properties set, the metrics would be different.
Expand Down Expand Up @@ -152,7 +152,7 @@ The move does not affect the package name for Packagist. This remains the same:
- The error message for the `WordPress.Security.ValidatedSanitizedInput.MissingUnslash` has been reworded.
- The `Sniff::is_comparison()` method now has a new `$include_coalesce` parameter to allow for toggling whether the null coalesce operator should be seen as a comparison operator. Defaults to `true`.
- All sniffs are now also being tested against PHP 7.4 (unstable) for consistent sniff results.
- The recommended version of the suggested DealerDirect PHPCS Composer plugin is now `^0.5.0`.
- The recommended version of the suggested [Composer PHPCS plugin] is now `^0.5.0`.
- Various minor code tweaks and clean up.

### Removed
Expand Down Expand Up @@ -274,7 +274,7 @@ If you are a maintainer of an external standard based on WordPressCS and any of
- Dev: The command to run the unit tests has changed. Please see the updated instructions in the [CONTRIBUTING.md](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/.github/CONTRIBUTING.md) file.
The `bin/pre-commit` example git hook has been updated to match. Additionally a `run-tests` script has been added to the `composer.json` file for your convenience.
To facilitate this, PHPUnit has been added to `require-dev`, even though it is strictly speaking a dependency of PHPCS, not of WPCS.
- Dev: The DealerDirect PHPCS Composer plugin has been added to `require-dev`.
- Dev: The [Composer PHPCS plugin] has been added to `require-dev`.
- Various code tweaks and clean up.
- User facing documentation, including the wiki, as well as inline documentation has been updated for all the changes contained in WordPressCS 2.0 and other recommended best practices for `PHP_CodeSniffer` 3.3.1+.

Expand Down Expand Up @@ -1179,6 +1179,8 @@ See the comparison for full list.

Initial tagged release.

[Composer PHPCS plugin]: https://github.com/PHPCSStandards/composer-installer

[Unreleased]: https://github.com/WordPress/WordPress-Coding-Standards/compare/master...HEAD
[2.3.0]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.2.1...2.3.0
[2.2.1]: https://github.com/WordPress/WordPress-Coding-Standards/compare/2.2.0...2.2.1
Expand Down
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,19 +67,21 @@ The WordPress Coding Standards require:

As of WordPressCS 3.0.0, installation via Composer using the below instructions is the only supported type of installation.

[Composer](http://getcomposer.org/) will automatically install the project dependencies and register the rulesets from WordPressCS and other external standards with PHP_CodeSniffer using the [DealerDirect Composer PHPCS plugin](https://github.com/Dealerdirect/phpcodesniffer-composer-installer/).
[Composer](http://getcomposer.org/) will automatically install the project dependencies and register the rulesets from WordPressCS and other external standards with PHP_CodeSniffer using the [Composer PHPCS plugin](https://github.com/PHPCSStandards/composer-installer).

### Composer Project-based Installation

Run the following from the root of your project:
```bash
composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer require --dev wp-coding-standards/wpcs:"^3.0"
```

### Composer Global Installation

Alternatively, you may want to install this standard globally:
```bash
composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer global require --dev wp-coding-standards/wpcs:"^3.0"
```

Expand Down
7 changes: 6 additions & 1 deletion WPCS 3.0.0 UPGRADE GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ UPGRADE GUIDE NOTES
If you were already using a Composer project based install, upgrade WordPressCS by running:
```bash
composer remove --dev dealerdirect/phpcodesniffer-composer-installer higidi/composer-phpcodesniffer-standards-plugin
composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies
```

Expand All @@ -15,6 +16,7 @@ composer update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies
If you were already using a Composer global install, upgrade WordPressCS by running:
```bash
composer global remove --dev dealerdirect/phpcodesniffer-composer-installer higidi/composer-phpcodesniffer-standards-plugin
composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer global update wp-coding-standards/wpcs:"^3.0.0" --with-dependencies
```

Expand All @@ -30,7 +32,10 @@ We recommend you change over to using a Composer based install instead.

If you have a `<config name="installed_paths" value="/path/to/wpcs" />` directive in your `phpcs.xml[.dist]` ruleset file: please remove it.

The DealerDirect Composer plugin is now included by default and will take of setting the installed paths for Composer based installs.
The [Composer PHPCS plugin] is now included by default and will take of setting the installed paths for Composer based installs.

[Composer PHPCS plugin]: https://github.com/PHPCSStandards/composer-installer


Along the same lines, if you had a Composer `post-install-cmd` (or similar) script which registered the `installed_paths`, please remove it as it will interfere/overwrite the installed paths which the Composer plugin sets.

Expand Down

0 comments on commit b75329f

Please sign in to comment.