From 5296666b6377fa7c59f32a24632c5bccc10a8514 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 12 Jun 2025 17:31:42 +0200 Subject: [PATCH 1/9] Update for new GPG keys The GPG key expires every year - as per the recommendation, so a new key has been generated and uploaded to the openpgp database. --- .github/workflows/verify-release.yml | 11 +++++++++-- README.md | 6 +++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 5e689923f7..a0a6d988aa 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -113,11 +113,16 @@ jobs: GH_TOKEN: ${{ github.token }} GH_FORCE_TTY: true - - name: Download public key + - name: Download public key (May 2024) env: FINGERPRINT: "0x689DAD778FF08760E046228BA978220305CD5C32" run: gpg --keyserver "hkps://keys.openpgp.org" --recv-keys "$FINGERPRINT" + - name: Download public key (June 2025) + env: + FINGERPRINT: "0xD91D86963AF3A29B6520462297B02DD8E5071466" + run: gpg --keyserver "hkps://keys.openpgp.org" --recv-keys "$FINGERPRINT" + - name: Verify signature of the PHAR file run: gpg --verify ${{ steps.source.outputs.FILE }}.asc ${{ steps.source.outputs.FILE }} @@ -200,7 +205,9 @@ jobs: tools: phive - name: Install - run: phive install ${{ matrix.pharfile }} --copy --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 + run: > + phive install ${{ matrix.pharfile }} --copy + --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32,D91D86963AF3A29B6520462297B02DD8E5071466 - name: "DEBUG: List files" run: ls -R diff --git a/README.md b/README.md index eae643680a..6877929bc0 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ php phpcbf.phar -h ``` These Phars are signed with the official Release key for PHPCS with the -fingerprint `689D AD77 8FF0 8760 E046 228B A978 2203 05CD 5C32`. +fingerprint `D91D 8696 3AF3 A29B 6520 4622 97B0 2DD8 E507 1466`. As of PHP_CodeSniffer 3.10.3, the provenance of PHAR files associated with a release can be verified via [GitHub Artifact Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) using the [GitHub CLI tool](https://cli.github.com/) with the following command: `gh attestation verify [phpcs|phpcbf].phar -o PHPCSStandards`. @@ -78,8 +78,8 @@ You will then be able to run PHP_CodeSniffer from the vendor bin directory: ### Phive If you use Phive, you can install PHP_CodeSniffer as a project tool using the following commands: ```bash -phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcs -phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcbf +phive install --trust-gpg-keys D91D86963AF3A29B6520462297B02DD8E5071466 phpcs +phive install --trust-gpg-keys D91D86963AF3A29B6520462297B02DD8E5071466 phpcbf ``` You will then be able to run PHP_CodeSniffer from the `tools` directory: ```bash From deb36e2174c24fc5b2885477573de41052a2f35e Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 12 Jun 2025 19:11:30 +0200 Subject: [PATCH 2/9] Release checklist: improve information about regenerating the GPG key Ran into some issues while trying to do this earlier today. Documenting my findings to prevent the same issues when having to do it again next year. I've also asked a question about key rotation in the PHIVE repo to get clarification on some things: phar-io/phar.io 147. This may result in a new PHIVE documentation page about this being available by next year :crossed_fingers: It is also the reason why I have not explicitly released the `3.13.1` tag yet as the README does not contain information about the updated GPG key yet. By rights the new key should probably also be mentioned in the changelog, but tags should be immutable, so I'm going to leave that for now. Hopefully this change in the release checklist will prevent this snafu for next year. --- .github/release-checklist.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/release-checklist.md b/.github/release-checklist.md index a57baeb50a..c84b469a59 100644 --- a/.github/release-checklist.md +++ b/.github/release-checklist.md @@ -8,6 +8,17 @@ - [ ] Verify that any new functions have type declarations (ClassName/array/callable) whenever possible. - [ ] Verify that the license tags all refer to the _new_ organisation and no longer to Squizlabs. (easily overlooked in new files) - [ ] Verify that `@copyright` tags in new files use `@copyright 20xx PHPCSStandards and contributors`. +- [ ] Check if the GPG key is still valid (not expired). + If it has expired, create a new key before starting the release process. + - Generate a new key following the steps here: . + - Upload the new key following the steps here: . + :warning: the command for exporting the key will export _all_ keys for the email address. This will not work as OpenPGP does not send an email to verify the key if the upload contained multiple keys. + So, first run `gpg --keyid-format LONG --list-keys my@email.com`. + Then run `gpg --export --armor KEY_ID > phpcs.pub` specifically for the new key. + And then upload the file. + - Verify the key via the link received via email. + - Update the key information in the README x 3. + - Update the key info in the verify-release GHA workflow x 2. ### Wiki @@ -77,11 +88,6 @@ Please consider [funding the PHP_CodeSniffer project](https://opencollective.com gpg -u my@email.com --detach-sign --output phpcs-x.x.x.phar.asc phpcs-x.x.x.phar gpg -u my@email.com --detach-sign --output phpcbf-x.x.x.phar.asc phpcbf-x.x.x.phar ``` - - If, for whatever reason, the key is no longer available or has expired: - -> generate a new key following the steps here: . - -> upload the new key following the steps here: . - -> update the key information in the README x 3. - -> update the key info in the verify-release GHA workflow. - [ ] Get the SHA of the files for the phive.xml file ```bash # Linux From ef0b6a62c9566d5914026c796fb04337bc84696e Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 13 Jun 2025 04:01:21 +0200 Subject: [PATCH 3/9] Config: update version nr to next --- src/Config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Config.php b/src/Config.php index 879e7e26a6..e9eeace0b1 100644 --- a/src/Config.php +++ b/src/Config.php @@ -85,7 +85,7 @@ class Config * * @var string */ - const VERSION = '3.13.1'; + const VERSION = '3.13.2'; /** * Package stability; either stable, beta or alpha. From ad9a0b2df4c15f78e2b02808577d986968a7eb74 Mon Sep 17 00:00:00 2001 From: Rodrigo Primo Date: Fri, 13 Jun 2025 12:06:35 -0300 Subject: [PATCH 4/9] Filter/Filter: remove outdated code that is no longer needed This commit removes an if condition to maintain backwards compatibility that is no longer needed. It was added via https://github.com/squizlabs/PHP_CodeSniffer/commit/4982619b53bf7cea6255bc1dac57b89096c046f4 to preserve backwards compatibility back in a time when it was possible to programmatically set ignore patterns using `CodeSniffer::setIgnorePatterns()` (see https://pear.php.net/bugs/bug.php?id=19859). This method was removed a long time ago via https://github.com/PHPCSStandards/PHP_CodeSniffer/commit/f61025c5617a493b655a5f572a3e13749b3a51f8#diff-c36ecedca179eab0b3cd245e872a96ab26fa08e567437e167f4eda1779c15c89L431-L435, and since then, there is no way for users to set the ignore pattern array with numeric indices. --- src/Filters/Filter.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Filters/Filter.php b/src/Filters/Filter.php index 8376d15c3b..12cafa7d0a 100644 --- a/src/Filters/Filter.php +++ b/src/Filters/Filter.php @@ -247,13 +247,6 @@ protected function shouldIgnorePath($path) } foreach ($ignorePatterns as $pattern => $type) { - // Maintains backwards compatibility in case the ignore pattern does - // not have a relative/absolute value. - if (is_int($pattern) === true) { - $pattern = $type; - $type = 'absolute'; - } - $replacements = [ '\\,' => ',', '*' => '.*', From b128c59545e533a055aad71c3c249a8b98a918a5 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sun, 15 Jun 2025 11:36:01 +0200 Subject: [PATCH 5/9] Licence: update copyright --- licence.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/licence.txt b/licence.txt index 9f95b67713..c7e8000d96 100644 --- a/licence.txt +++ b/licence.txt @@ -1,4 +1,5 @@ Copyright (c) 2012, Squiz Pty Ltd (ABN 77 084 670 600) +Copyright (c) 2023, PHPCSStandards and contributors All rights reserved. Redistribution and use in source and binary forms, with or without From a1c2aaac0a8b7dd23280c034541dd605331b90af Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 16 Jun 2025 23:38:47 +0200 Subject: [PATCH 6/9] Squiz/FunctionDeclarationArgumentSpacing: fix typo in `SpacingAfterSetVis[i]bility` error code The `SpacingAfterVis[i]bility` error code was introduced in v 3.12.0 (March this year) for constructor property promotion. The `SpacingAfterSetVis[i]bility` error code was introduced in v 3.13.1 (few days ago) for constructor property promotion with asym visibility. Both contained the same typo. Now, changing an error code is a breaking change. However, with 3.13.1 only having been released a few days ago, it is my opinion that if released soon as 3.13.2, this is an acceptable bug fix. But then, it would be really weird to not fix the other error code in the same version. Then again, as PHPCS 4.0.0 is around the corner and does allow for breaking changes, let's leave the older typo for 4.0.0, just to be on the safe side. --- CHANGELOG.md | 2 +- .../Functions/FunctionDeclarationArgumentSpacingSniff.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7aadb84344..590ee8bdef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,7 +31,7 @@ _Nothing yet._ - Errors will be reported via a new `AvizKeywordOrder` error code. - Thanks to [Juliette Reinders Folmer][@jrfnl] for the patch. - The Squiz.Functions.FunctionDeclarationArgumentSpacing will now check spacing after a set-visibility modifier keyword. [#1121] - - Errors will be reported via a new `SpacingAfterSetVisbility` error code. + - Errors will be reported via a new `SpacingAfterSetVisibility` error code. - Thanks to [Juliette Reinders Folmer][@jrfnl] for the patch. - The Squiz.Scope.MemberVarScope will now flag missing "read" visibility, when "write" visibility is set, under a separate error code `AsymReadMissing`. [#1122] - Thanks to [Juliette Reinders Folmer][@jrfnl] for the patch. diff --git a/src/Standards/Squiz/Sniffs/Functions/FunctionDeclarationArgumentSpacingSniff.php b/src/Standards/Squiz/Sniffs/Functions/FunctionDeclarationArgumentSpacingSniff.php index 1fd34fccb5..f33d19bc14 100644 --- a/src/Standards/Squiz/Sniffs/Functions/FunctionDeclarationArgumentSpacingSniff.php +++ b/src/Standards/Squiz/Sniffs/Functions/FunctionDeclarationArgumentSpacingSniff.php @@ -360,7 +360,7 @@ public function processBracket($phpcsFile, $openBracket) $spacesAfter, ]; - $fix = $phpcsFile->addFixableError($error, $visibilityToken, 'SpacingAfterSetVisbility', $data); + $fix = $phpcsFile->addFixableError($error, $visibilityToken, 'SpacingAfterSetVisibility', $data); if ($fix === true) { $phpcsFile->fixer->beginChangeset(); $phpcsFile->fixer->addContent($visibilityToken, ' '); From d8ace300eb1c8334de6687e5fec0351e1153d7bf Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 23 May 2025 15:19:16 +0200 Subject: [PATCH 7/9] Various minor fixes / typos ... picked up along the way. --- src/Ruleset.php | 2 +- .../Sniffs/ControlStructures/DisallowYodaConditionsSniff.php | 2 +- tests/Core/Files/File/FindStartOfStatementTest.php | 4 ++-- tests/Core/Ruleset/ExplainTest.php | 2 +- .../Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.inc | 2 +- .../Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.php | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Ruleset.php b/src/Ruleset.php index 8f04c8d7f8..d1ef2a4d75 100644 --- a/src/Ruleset.php +++ b/src/Ruleset.php @@ -332,7 +332,7 @@ public function explain() }//end foreach if (count($this->deprecatedSniffs) > 0) { - echo PHP_EOL.'* Sniffs marked with an asterix are deprecated.'.PHP_EOL; + echo PHP_EOL.'* Sniffs marked with an asterisk are deprecated.'.PHP_EOL; } }//end explain() diff --git a/src/Standards/Generic/Sniffs/ControlStructures/DisallowYodaConditionsSniff.php b/src/Standards/Generic/Sniffs/ControlStructures/DisallowYodaConditionsSniff.php index 666b1916e7..17e81850cb 100644 --- a/src/Standards/Generic/Sniffs/ControlStructures/DisallowYodaConditionsSniff.php +++ b/src/Standards/Generic/Sniffs/ControlStructures/DisallowYodaConditionsSniff.php @@ -92,7 +92,7 @@ public function process(File $phpcsFile, $stackPtr) return; } - // If it is not an array check what is inside. + // If it is not an array, check what is inside. $found = $phpcsFile->findPrevious( T_VARIABLE, ($previousIndex - 1), diff --git a/tests/Core/Files/File/FindStartOfStatementTest.php b/tests/Core/Files/File/FindStartOfStatementTest.php index 3506cc137a..4e0916dd00 100644 --- a/tests/Core/Files/File/FindStartOfStatementTest.php +++ b/tests/Core/Files/File/FindStartOfStatementTest.php @@ -1,6 +1,6 @@ * @author Juliette Reinders Folmer @@ -15,7 +15,7 @@ use PHP_CodeSniffer\Util\Tokens; /** - * Tests for the \PHP_CodeSniffer\Files\File:findStartOfStatement method. + * Tests for the \PHP_CodeSniffer\Files\File::findStartOfStatement method. * * @covers \PHP_CodeSniffer\Files\File::findStartOfStatement */ diff --git a/tests/Core/Ruleset/ExplainTest.php b/tests/Core/Ruleset/ExplainTest.php index 3e52cef685..38c74be31f 100644 --- a/tests/Core/Ruleset/ExplainTest.php +++ b/tests/Core/Ruleset/ExplainTest.php @@ -200,7 +200,7 @@ public function testExplainWithDeprecatedSniffs() $expected .= ' TestStandard.SetProperty.PropertyTypeHandling'.PHP_EOL; $expected .= ' TestStandard.ValidSniffs.RegisterEmptyArray'.PHP_EOL.PHP_EOL; - $expected .= '* Sniffs marked with an asterix are deprecated.'.PHP_EOL; + $expected .= '* Sniffs marked with an asterisk are deprecated.'.PHP_EOL; $this->expectOutputString($expected); diff --git a/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.inc b/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.inc index 8df21a6c35..5a0debcd02 100644 --- a/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.inc +++ b/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.inc @@ -58,7 +58,7 @@ switch (true) { case CONSTANT: /* testCaseWithConstantAndIdenticalIsNotEnumCase */ case CONSTANT === 1: - /* testCaseWithAssigmentToConstantIsNotEnumCase */ + /* testCaseWithAssignmentToConstantIsNotEnumCase */ case CONSTANT = 1: /* testIsNotEnumCaseIsCaseInsensitive */ cAsE CONSTANT: diff --git a/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.php b/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.php index 51382d3c5d..ca70a34c13 100644 --- a/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.php +++ b/tests/Core/Tokenizers/Tokenizer/RecurseScopeMapCaseKeywordConditionsTest.php @@ -163,7 +163,7 @@ public static function dataNotEnumCases() 'testCloserMarker' => '/* testCaseConstantCloserMarker */', ], 'switch case with constant, assignment' => [ - 'testMarker' => '/* testCaseWithAssigmentToConstantIsNotEnumCase */', + 'testMarker' => '/* testCaseWithAssignmentToConstantIsNotEnumCase */', 'expectedTokens' => [ 'scope_opener' => T_COLON, 'scope_closer' => T_CLOSE_CURLY_BRACKET, From 7af44a32f832aafaf3640c72e08ef87266d3be08 Mon Sep 17 00:00:00 2001 From: Rodrigo Primo Date: Tue, 17 Jun 2025 18:09:04 -0300 Subject: [PATCH 8/9] Squiz/SelfMemberReference: update XML doc (#1108) - Improve sniff description explicitly mentioning where the spaces are checked and adding context as to when the `self` keyword is verified. - Fix the code examples for checking `self` case and spaces around the double colon to ensure they trigger the sniff (the sniff checks if the call is made within a class). - Improve the titles of the code examples related to spacing around double colons. - Remove unnecessary methods from the code examples related to using `self` instead of the class name when referencing a static member. --- .../Classes/SelfMemberReferenceStandard.xml | 60 ++++++++++++------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/src/Standards/Squiz/Docs/Classes/SelfMemberReferenceStandard.xml b/src/Standards/Squiz/Docs/Classes/SelfMemberReferenceStandard.xml index 4f982fa4ec..c4e2e52c99 100644 --- a/src/Standards/Squiz/Docs/Classes/SelfMemberReferenceStandard.xml +++ b/src/Standards/Squiz/Docs/Classes/SelfMemberReferenceStandard.xml @@ -1,44 +1,66 @@ self::foo(); +class Bar { + public function baz() { + self::foo(); + } +} ]]> SELF::foo(); +class Bar { + public function baz() { + SELF::foo(); + } +} ]]> + + + - + ::foo(); +class Bar { + public function baz() { + self::foo(); + } +} ]]> - + :: foo(); +class Bar { + public function baz() { + self :: foo(); + } +} ]]> + + + self::bar(); } } @@ -46,14 +68,10 @@ class Foo Foo -{ - public static function bar() - { - } +class Foo { + public function bar() {} - public static function baz() - { + public function baz() { Foo::bar(); } } From 5e1bf44a4ff58c5a8d6a20b16ad6e8de2b77fd17 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 12 Jun 2025 16:49:58 +0200 Subject: [PATCH 9/9] Changelog for the 3.13.2 release --- CHANGELOG.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 590ee8bdef..70065bef86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,23 @@ The file documents changes to the PHP_CodeSniffer project. _Nothing yet._ -## [3.13.1] - 2025-06-12 +## [3.13.2] - 2025-06-18 + +### Changed +- The documentation for the following sniffs has been improved: + - Squiz.Classes.SelfMemberReference + - Thanks to [Rodrigo Primo][@rodrigoprimo] for the patch. +- Various housekeeping, including improvements to the tests and documentation. + - Thanks to [Rodrigo Primo][@rodrigoprimo] and [Juliette Reinders Folmer][@jrfnl] for their contributions. + +### Fixed +- Fixed bug [#1135] : Squiz.Functions.FunctionDeclarationArgumentSpacing: typo in new error code `SpacingAfterSetVis\[i\]bility`. + - Thanks to [Juliette Reinders Folmer][@jrfnl] for the patch. + +[#1135]: https://github.com/PHPCSStandards/PHP_CodeSniffer/pull/1135 + + +## [3.13.1] - 2025-06-13 ### Added - Added support for PHP 8.4 properties with asymmetric visibility to File::getMemberProperties() through a new `set_scope` array index in the return value. [#1116] @@ -45,6 +61,7 @@ _Nothing yet._ ### Other - The latest PHP_CodeSniffer XSD file is now available via the following permalink: . [#1094] Older XSD files can be referenced via permalinks based on their minor: `https://schema.phpcodesniffer.com/#.#/phpcs.xsd`. +- The GPG signature for the PHAR files has been rotated. The new fingerprint is: D91D86963AF3A29B6520462297B02DD8E5071466. [#1094]: https://github.com/PHPCSStandards/PHP_CodeSniffer/issues/1094 [#1116]: https://github.com/PHPCSStandards/PHP_CodeSniffer/pull/1116 @@ -7634,6 +7651,7 @@ Additionally, thanks to [Alexander Turek][@derrabus] for consulting on the repo --> [Unreleased]: https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/master...HEAD +[3.13.2]: https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.13.1...3.13.2 [3.13.1]: https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.13.0...3.13.1 [3.13.0]: https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.12.2...3.13.0 [3.12.2]: https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.12.1...3.12.2