From d9c951eec69060093f29838865266c1ef917d205 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 12:50:02 +0000 Subject: [PATCH 1/2] Initial plan From baa1aa818f8585cc69d2dd4c8eeb198c8a90c741 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 13:01:43 +0000 Subject: [PATCH 2/2] chore(ci): pin github actions to commit SHAs Agent-Logs-Url: https://github.com/CycloneDX/cyclonedx-php-composer/sessions/d3fe367c-c02f-4322-8b46-9e05f25eda8a Co-authored-by: jkowalleck <2765863+jkowalleck@users.noreply.github.com> --- .github/workflows/php-dev.yml | 6 ++--- .github/workflows/php.yml | 48 +++++++++++++++++------------------ .github/workflows/release.yml | 4 +-- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/php-dev.yml b/.github/workflows/php-dev.yml index fefb79db..675f8113 100644 --- a/.github/workflows/php-dev.yml +++ b/.github/workflows/php-dev.yml @@ -45,10 +45,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ matrix.php }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -60,7 +60,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-php${{ matrix.php }}-${{ hashFiles('composer.*', 'tools/*/composer.*') }} diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 3726f666..0f5089ec 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -35,10 +35,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ env.PHP_VERSION_LATEST }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -73,12 +73,12 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: dir setup run: mkdir ${{ env.REPORTS_DIR }} - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ matrix.php }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -91,7 +91,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-php${{ matrix.php }}-${{ matrix.dependencies }}-${{ hashFiles('composer.*', 'tools/phpunit/composer.*') }} @@ -128,7 +128,7 @@ jobs: - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: '${{ env.TESTS_REPORTS_ARTIFACT }}_${{ matrix.os }}_php${{ matrix.php }}_${{ matrix.dependencies }}' path: ${{ env.REPORTS_DIR }} @@ -141,7 +141,7 @@ jobs: steps: - name: fetch test artifacts # see https://github.com/actions/download-artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: pattern: '${{ env.TESTS_REPORTS_ARTIFACT }}_*' merge-multiple: true @@ -152,7 +152,7 @@ jobs: ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets if: ${{ env.CODACY_PROJECT_TOKEN != '' }} # see https://github.com/codacy/codacy-coverage-reporter-action - uses: codacy/codacy-coverage-reporter-action@v1 + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1 with: project-token: ${{ env.CODACY_PROJECT_TOKEN }} coverage-reports: ${{ env.REPORTS_DIR }}/coverage/*.clover.xml @@ -188,10 +188,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ matrix.php }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -203,7 +203,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-php${{ matrix.php }}-c${{ matrix.composer }}-${{ matrix.dependencies }}-${{ hashFiles('composer.*', 'tools/psalm/composer.*') }} @@ -237,7 +237,7 @@ jobs: - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: '${{ env.TYPES_REPORTS_ARTIFACT }}_php${{ matrix.php }}_composer${{ matrix.composer }}_${{ matrix.dependencies }}' path: ${{ env.REPORTS_DIR }} @@ -249,10 +249,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ env.PHP_VERSION_LATEST }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -264,7 +264,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-${{ hashFiles('composer.*', 'tools/composer-unused/composer.*') }} @@ -288,10 +288,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ env.PHP_VERSION_LATEST }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -303,7 +303,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-${{ hashFiles('composer.*', 'tools/composer-require-checker/composer.*') }} @@ -325,10 +325,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ env.PHP_VERSION_LOWEST }} extensions: ${{ env.PHP_PROJECT_EXT }} @@ -340,7 +340,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-${{ hashFiles('composer.*', 'tools/php-cs-fixer/composer.*') }} @@ -364,10 +364,10 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup PHP # see https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ env.PHP_VERSION_LATEST }} tools: 'composer:v2' @@ -378,7 +378,7 @@ jobs: - name: Cache dependencies if: ${{ steps.composer-cache.outputs.dir }} # see https://github.com/actions/cache - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: ${{ steps.composer-cache.outputs.dir }} key: composer-${{ github.job }}-${{ runner.os }}-${{ hashFiles('composer.*', 'tools/composer-normalize/composer.*') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 35976aa8..cc54d409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout # see https://github.com/actions/checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set the version id: set_version run: | @@ -54,7 +54,7 @@ jobs: - name: Create github release and git tag for release id: create_release # see https://github.com/softprops/action-gh-release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: