Skip to content

Add GitHub Actions CI for 5.x.x and fix curl_close deprecation on PHP 8+#900

Merged
DannyvdSluijs merged 7 commits into5.x.xfrom
5.x.x-php85-ci
Mar 24, 2026
Merged

Add GitHub Actions CI for 5.x.x and fix curl_close deprecation on PHP 8+#900
DannyvdSluijs merged 7 commits into5.x.xfrom
5.x.x-php85-ci

Conversation

@DannyvdSluijs
Copy link
Copy Markdown
Collaborator

@DannyvdSluijs DannyvdSluijs commented Mar 23, 2026
edited
Loading

This PR re-implements changes from #864, solving #863

🤖 This is a minimal backport addressing PHP 8+ compatibility for the 5.x.x branch.

Changes

  • Add CI pipeline: GitHub Actions workflow targeting PHP 7.1, 7.2, 7.3 and 7.4
  • Fix curl_close deprecation: Wrap curl_close($ch) in a PHP_VERSION_ID < 80000 check — curl_close() is a no-op and deprecated since PHP 8.0
  • .gitattributes: Add /.github export-ignore so the workflow files are excluded from archives

Fixes #863

DannyvdSluijs and others added 5 commits March 23, 2026 22:17
@DannyvdSluijs
Add GitHub Actions CI for 5.x.x and fix curl_close deprecation on PHP 8+
c792b14 
- Add .github/workflows/continuous-integration.yml with PHP 7.1, 7.2, 7.3, 7.4
- Add /.github export-ignore to .gitattributes
- Wrap curl_close() in PHP version check to suppress deprecation on PHP >= 8.0

Fixes #798
Fixes #863

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs
Ignore CVE-2026-24765 in composer audit
02f8d47 
PHPUnit ^4.8.35 is affected by CVE-2026-24765 but cannot be updated
on the 5.x.x branch due to PHP version constraints. As this is a
dev-only dependency used in CI, we whitelist the CVE.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs
Fix composer audit ignore: use advisory ID PKSA-z3gr-8qht-p93v
caa51ee 
The composer audit system uses its own advisory IDs (PKSA-*), not CVE IDs.
phpunit/phpunit ^4.8.35 is blocked by advisory PKSA-z3gr-8qht-p93v
(GHSA-vvj3-c3rp-c85p / CVE-2026-24765) during composer update.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs
Set audit block-insecure to false to allow phpunit 4.x install
48b20db 
Composer 2.6+ blocks dependency resolution entirely when packages have
security advisories, regardless of COMPOSER_NO_AUDIT. Setting
block-insecure=false allows phpunit/phpunit ^4.8.35 to be installed on
the 5.x.x branch where upgrading PHPUnit is not feasible.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs
Drop lowest-dependencies matrix entry
3340077 
With --prefer-lowest on PHP 7.2, sebastian/comparator installs a version
incompatible with phpunit 4.8.35, causing a fatal PHP error. Dropping
the lowest deps run as it is not essential for this legacy branch.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs
Clean up unused matrix.dependencies and COMPOSER_UPDATE_FLAGS
4857f66 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs DannyvdSluijs requested a review from Copilot March 23, 2026 21:36
@DannyvdSluijs DannyvdSluijs mentioned this pull request Mar 23, 2026
Closed
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR backports a PHP 8+ compatibility fix to the 5.x.x branch and introduces GitHub Actions CI for the branch, aligning maintenance workflows with the older release line.

Changes:

  • Guard curl_close($ch) to avoid PHP 8+ deprecation behavior.
  • Add a GitHub Actions CI workflow running the test suite on PHP 7.1–7.4 for 5.x.x.
  • Exclude /.github from exported archives via .gitattributes, and add Composer audit-related config.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
src/JsonSchema/Uri/Retrievers/Curl.php Adds PHP version guard around curl_close in the cURL retriever.
composer.json Introduces Composer config.audit settings (ignore + block behavior).
.github/workflows/continuous-integration.yml Adds CI workflow for the 5.x.x branch across PHP 7.1–7.4.
.gitattributes Adds /.github export-ignore so workflow files aren’t included in distribution archives.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/continuous-integration.yml
Comment on lines +15 to +21
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
php-version: ['7.1', '7.2', '7.3', '7.4']

Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using ubuntu-latest for an EOL PHP matrix (7.1–7.4) makes CI brittle because ubuntu-latest moves over time and can break old PHP builds unexpectedly. Pin the runner to a specific Ubuntu version known to work with these PHP versions (e.g., ubuntu-22.04/20.04) to keep the backport branch stable.

Copilot uses AI. Check for mistakes.
@DannyvdSluijs
Revert .gitattributes change to keep PR minimal
3fc3863 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@DannyvdSluijs DannyvdSluijs merged commit a0b7c13 into 5.x.x Mar 24, 2026
4 checks passed
@DannyvdSluijs DannyvdSluijs deleted the 5.x.x-php85-ci branch March 24, 2026 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DannyvdSluijs