Security update for Core, with self-updated composer

[yaffs-website] / vendor / consolidation / annotated-command / .travis.yml

diff --git a/vendor/consolidation/annotated-command/.travis.yml b/vendor/consolidation/annotated-command/.travis.yml
index 6e24e911e4a9165064dbc89648920ddfde695266..acb8ca6b9ce5de5397be992f976db1e684a7560e 100644 (file)
--- a/vendor/consolidation/annotated-command/.travis.yml
+++ b/vendor/consolidation/annotated-command/.travis.yml
@@ -4,32 +4,84 @@ branches:
   # Only test the master branch and SemVer tags.
   only:
     - master
-    - /^[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+.*$/
+    - '/^[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+.*$/'
 
 matrix:
   include:
+    - php: 7.2
+      env: 'SCENARIO=symfony4 HIGHEST_LOWEST="update"'
     - php: 7.1
-      env: dependencies=highest
-    - php: 7.0
+      env: 'SCENARIO=symfony4'
+    - php: 7.0.11
+      env: 'HIGHEST_LOWEST="update"'
+    - php: 7.0.11
     - php: 5.6
     - php: 5.5
     - php: 5.4
-      env: dependencies=lowest
+      env: 'SCENARIO=symfony2 HIGHEST_LOWEST="update --prefer-lowest'
 
 sudo: false
 
 cache:
   directories:
+    - vendor
     - $HOME/.composer/cache
 
-before_script:
-  - if [ -z "$dependencies" ]; then composer install --prefer-dist; fi;
-  - if [ "$dependencies" = "lowest" ]; then composer update --prefer-dist --prefer-lowest -n; fi;
-  - if [ "$dependencies" = "highest" ]; then composer update --prefer-dist -n; fi;
+install:
+  - 'scenarios/install "${SCENARIO}" "${HIGHEST_LOWEST-install}"'
 
 script:
-  - vendor/bin/phpunit
-  - vendor/bin/phpcs --standard=PSR2 -n src
+  - composer test
 
 after_success:
-  - travis_retry php vendor/bin/coveralls -v
+  - 'travis_retry php vendor/bin/coveralls -v'
+  - |
+    # Only do post-build actions in one environment, and only if there is a GITHUB token.
+    if [ -z "$DO_POST_BUILD_ACTIONS" ] ; then
+      return
+    fi
+    if [ -z "$GITHUB_TOKEN" ]; then
+      echo "No GITHUB_TOKEN defined; exiting."
+      return
+    fi
+    ###
+    # Run composer lock update on cron jobs.
+    # See: https://github.com/danielbachhuber/composer-lock-updater
+    ###
+    if [ "$TRAVIS_EVENT_TYPE" != "cron" ] ; then
+      echo "Not a cron job; exiting."
+      return
+    fi
+    ###
+    # Only run on one job of a master branch build
+    ###
+    if [ "master" != "$TRAVIS_BRANCH" ] ; then
+      echo "composer.lock update only runs on the master branch."
+      return
+    fi
+    ###
+    # Install composer-lock-updater
+    ###
+    export PATH="$HOME/.composer/vendor/bin:$PATH"
+    composer global require danielbachhuber/composer-lock-updater
+    ###
+    # Optional: install Sensio Labs security checker to include security advisories in PR comments
+    ###
+    mkdir -p $HOME/bin
+    wget -O $HOME/bin/security-checker.phar http://get.sensiolabs.org/security-checker.phar
+    chmod +x $HOME/bin/security-checker.phar
+    export PATH="$HOME/bin:$PATH"
+    ###
+    # Install hub for creating GitHub pull requests
+    ###
+    wget -O hub.tgz https://github.com/github/hub/releases/download/v2.2.9/hub-linux-amd64-2.2.9.tgz
+    tar -zxvf hub.tgz
+    export PATH=$PATH:$PWD/hub-linux-amd64-2.2.9/bin/
+    ###
+    # Run composer-lock-updater
+    ###
+    clu
+
+
+
+