From ed55e3e374f07d70c2b41ade2d7d0dba2b475b30 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:06:27 +0200 Subject: [PATCH 01/10] Fixed gh actions --- .github/workflows/code-style.yml | 21 ++++++++++----------- .github/workflows/release.yml | 22 ++++++++++++++-------- .github/workflows/tests.yml | 9 +++++++-- 3 files changed, 31 insertions(+), 21 deletions(-) diff --git a/.github/workflows/code-style.yml b/.github/workflows/code-style.yml index 99e2fce..ddcd027 100644 --- a/.github/workflows/code-style.yml +++ b/.github/workflows/code-style.yml @@ -1,12 +1,16 @@ name: Code Style on: [pull_request] + +permissions: + code-quality: write + jobs: phpcs: name: phpcs runs-on: ubuntu-latest steps: - name: Check out code into the workspace - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Install php uses: shivammathur/setup-php@v2 @@ -16,29 +20,24 @@ jobs: - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi - - name: PHPCS check - uses: chekalsky/phpcs-action@v1 - with: - phpcs_bin_path: './vendor/bin/phpcs' - enable_warnings: true + - name: Run phpcs + run: phpcs -q --report=checkstyle src phpstan: name: phpstan runs-on: ubuntu-latest steps: - name: Check out code into the workspace - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Install php uses: shivammathur/setup-php@v2 with: php-version: "7.4" + tools: phpstan - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi - - name: Require phpstan - run: composer require --dev phpstan/phpstan:"~2.1.56" --no-interaction - - name: Run phpstan - run: php ./vendor/phpstan/phpstan/phpstan.phar analyse --no-progress \ No newline at end of file + run: phpstan analyse --no-progress \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e0bbb05..a57e86a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,20 +7,27 @@ on: name: Create release +permissions: + packages: write + contents: write + jobs: build: name: Create release runs-on: ubuntu-latest + steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v6 with: ref: ${{ github.head_ref }} - name: Replace version constant run: | - sed -i "s/VERSION\s*=\s*[^;]*/VERSION = '${{ github.event.inputs.version }}'/g" ./src/Fpdi.php ./src/Tcpdf/Fpdi.php ./src/Tfpdf/Fpdi.php + sed -i "s/VERSION\s*=\s*[^;]*/VERSION = '${NEW_VERSION}'/g" ./src/Fpdi.php ./src/Tcpdf/Fpdi.php ./src/Tfpdf/Fpdi.php + env: + NEW_VERSION: ${{ github.event.inputs.version }} - name: Commit and push version constant update - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@v7 with: commit_message: Updated version constant push_options: --force @@ -31,11 +38,10 @@ jobs: run: echo "::set-output name=sha::$(git rev-parse HEAD)" - name: Create Release id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: softprops/action-gh-release@v3 with: - commitish: ${{ steps.actual_commit_sha.outputs.sha }} + token: ${{ secrets.GITHUB_TOKEN }} + target_commitish: ${{ steps.actual_commit_sha.outputs.sha }} tag_name: v${{ github.event.inputs.version }} - release_name: FPDI ${{ github.event.inputs.version }} + name: FPDI ${{ github.event.inputs.version }} draft: true \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 13e76c0..5057d2a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,8 @@ name: Tests on: [pull_request] + +permissions: {} + jobs: tests: name: Run PHP Unit tests @@ -9,7 +12,7 @@ jobs: php: ['7.2', '7.3'] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick @@ -18,6 +21,7 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: "${{ matrix.php }}" + coverage: none - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi @@ -34,7 +38,7 @@ jobs: php: ['7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5'] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick @@ -43,6 +47,7 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: "${{ matrix.php }}" + coverage: none - name: Upgrade phpunit run: composer require --dev --with-all-dependencies "phpunit/phpunit=^9.0" From 0499317ad710bd79906e1245c3ac5b51f9d52ffa Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:12:02 +0200 Subject: [PATCH 02/10] Disabled zizmor unpinned-uses rule --- .github/workflows/code-style.yml | 6 ++++-- .github/workflows/release.yml | 8 +++++--- .github/zizmor.yml | 5 +++++ 3 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 .github/zizmor.yml diff --git a/.github/workflows/code-style.yml b/.github/workflows/code-style.yml index ddcd027..7f892bd 100644 --- a/.github/workflows/code-style.yml +++ b/.github/workflows/code-style.yml @@ -1,13 +1,15 @@ name: Code Style on: [pull_request] -permissions: - code-quality: write +permissions: {} jobs: phpcs: name: phpcs runs-on: ubuntu-latest + permissions: + code-quality: write + steps: - name: Check out code into the workspace uses: actions/checkout@v6 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a57e86a..fc28a0e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,15 +7,17 @@ on: name: Create release -permissions: - packages: write - contents: write +permissions: {} jobs: build: name: Create release runs-on: ubuntu-latest + permissions: + packages: write + contents: write + steps: - name: Checkout code uses: actions/checkout@v6 diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..c05455d --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + *: any \ No newline at end of file From 4dd9a92ea235f98f75fa90f3dc547e06c58bdf3c Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:14:25 +0200 Subject: [PATCH 03/10] Fixed phpcs path --- .github/workflows/code-style.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-style.yml b/.github/workflows/code-style.yml index 7f892bd..8a9a6a3 100644 --- a/.github/workflows/code-style.yml +++ b/.github/workflows/code-style.yml @@ -23,7 +23,7 @@ jobs: run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi - name: Run phpcs - run: phpcs -q --report=checkstyle src + run: ./vendor/bin/phpcs -q --report=checkstyle src phpstan: name: phpstan From 68a0382922a4189f11026f247977d13fe74a735c Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:15:58 +0200 Subject: [PATCH 04/10] Update zizmor.yml --- .github/zizmor.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/zizmor.yml b/.github/zizmor.yml index c05455d..2fe494c 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1,5 +1,3 @@ rules: unpinned-uses: - config: - policies: - *: any \ No newline at end of file + disable: true From e113fc078dee9f1338da2b2f0ef31a614926e60b Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:34:10 +0200 Subject: [PATCH 05/10] Update release.yml --- .github/workflows/release.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc28a0e..7126882 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,27 +23,23 @@ jobs: uses: actions/checkout@v6 with: ref: ${{ github.head_ref }} + - name: Replace version constant run: | sed -i "s/VERSION\s*=\s*[^;]*/VERSION = '${NEW_VERSION}'/g" ./src/Fpdi.php ./src/Tcpdf/Fpdi.php ./src/Tfpdf/Fpdi.php env: NEW_VERSION: ${{ github.event.inputs.version }} + - name: Commit and push version constant update uses: stefanzweifel/git-auto-commit-action@v7 with: commit_message: Updated version constant push_options: --force - - name: Declare actual commit sha - id: actual_commit_sha - shell: bash - run: echo "::set-output name=sha::$(git rev-parse HEAD)" - name: Create Release id: create_release - uses: softprops/action-gh-release@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - target_commitish: ${{ steps.actual_commit_sha.outputs.sha }} - tag_name: v${{ github.event.inputs.version }} - name: FPDI ${{ github.event.inputs.version }} - draft: true \ No newline at end of file + run: | + gh release create --draft --title "FPDI ${title}" "v${tag}" + env: + NEW_VERSION: ${{ github.event.inputs.version }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e438d10cb370431df9f5255472e9ce7da6e67b31 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:41:01 +0200 Subject: [PATCH 06/10] Updated actions --- .github/workflows/code-style.yml | 4 ++++ .github/workflows/tests.yml | 4 ++++ .github/workflows/zizmor.yml | 8 +++----- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/code-style.yml b/.github/workflows/code-style.yml index 8a9a6a3..67bf8a4 100644 --- a/.github/workflows/code-style.yml +++ b/.github/workflows/code-style.yml @@ -13,6 +13,8 @@ jobs: steps: - name: Check out code into the workspace uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install php uses: shivammathur/setup-php@v2 @@ -31,6 +33,8 @@ jobs: steps: - name: Check out code into the workspace uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install php uses: shivammathur/setup-php@v2 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5057d2a..0ba773f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,6 +13,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick @@ -39,6 +41,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index accf070..6b5e164 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -2,7 +2,7 @@ name: GitHub Actions Security Analysis with zizmor 🌈 on: push: - branches: ["main"] + branches: ["master"] pull_request: branches: ["**"] @@ -14,13 +14,11 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. - contents: read # Only needed for private repos. Needed to clone the repo. - actions: read # Only needed for private repos. Needed for upload-sarif to read workflow run info. steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@6 with: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 \ No newline at end of file + uses: zizmorcore/zizmor-action@0.5 \ No newline at end of file From 336893540ba72c0364ef248f31e466c7f60ba637 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:41:59 +0200 Subject: [PATCH 07/10] Update zizmor.yml --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 6b5e164..f5d07ff 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,4 +21,4 @@ jobs: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@0.5 \ No newline at end of file + uses: zizmorcore/zizmor-action@latest \ No newline at end of file From 51edb7899c1dc3441294183534502c1a38c5bde2 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:42:48 +0200 Subject: [PATCH 08/10] Update zizmor.yml --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index f5d07ff..a2ddcd2 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -16,7 +16,7 @@ jobs: security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. steps: - name: Checkout repository - uses: actions/checkout@6 + uses: actions/checkout@v6 with: persist-credentials: false From de3a7c4d3e82604b5d55218652dd1966298a6122 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:43:29 +0200 Subject: [PATCH 09/10] Update zizmor.yml --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index a2ddcd2..4d4b0ea 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,4 +21,4 @@ jobs: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@latest \ No newline at end of file + uses: zizmorcore/zizmor-action@v0.5 \ No newline at end of file From c62f222854b98f73f5cee95508c40401699c0a24 Mon Sep 17 00:00:00 2001 From: Maximilian Kresse <545671+MaximilianKresse@users.noreply.github.com> Date: Wed, 10 Jun 2026 10:44:13 +0200 Subject: [PATCH 10/10] Update zizmor.yml --- .github/workflows/zizmor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 4d4b0ea..284c4a9 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,4 +21,4 @@ jobs: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@v0.5 \ No newline at end of file + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 \ No newline at end of file