idk either

[bromiesTM]

No description provided.

[Copilot]

Pull request overview

Adds a dedicated build target for the external gdatavaas app, using php-scoper to namespace-isolate vendor dependencies and avoid AMP v2/v3 conflicts between apps.

Changes:

• Adds gdatavaas to SPECIAL_BUILD_APPS so it uses a dedicated build_gdatavaas_app target.
• Introduces Makefile logic to download php-scoper and run it to generate a scoped lib/ and vendor/ for gdatavaas.
• Replaces gdatavaas’s in-tree lib/ and vendor/ directories with the scoped output.

Comments suppressed due to low confidence (1)

Makefile:292

• The php-scoper invocation uses a hard-coded relative path (php build/php-scoper.phar ...) instead of the $(PHP_SCOPER_PHAR) variable that was introduced above. Using the variable (and a single source of truth for the PHAR path) will prevent future path drift and makes the target easier to refactor.

	@cd $(GDATAVAAS_DIR) && \
		php build/php-scoper.phar add-prefix --output-dir=build/scoped --force --quiet
	@echo "[i] Regenerating autoloader for scoped build..."

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The php-scoper PHAR is downloaded and executed without any integrity verification (checksum/signature) and curl isn’t using --fail, so a 404/HTML error page could be saved and later executed. Consider pinning a SHA256 (or GPG signature) for the exact PHAR and using curl --fail --location (optionally with retries) before chmod +x/execution.

Suggested change

	$(PHP_SCOPER_PHAR):
	@mkdir -p $(dir $(PHP_SCOPER_PHAR))
	@echo "[i] Downloading php-scoper $(PHP_SCOPER_VERSION) PHAR..."
	@curl -sL -o $(PHP_SCOPER_PHAR) \
	https://github.com/humbug/php-scoper/releases/download/$(PHP_SCOPER_VERSION)/php-scoper.phar
	@chmod +x $(PHP_SCOPER_PHAR)
	# Expected SHA256 checksum for php-scoper $(PHP_SCOPER_VERSION) PHAR.
	# Update this value whenever PHP_SCOPER_VERSION is changed.
	PHP_SCOPER_SHA256 = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
	$(PHP_SCOPER_PHAR):
	@mkdir -p $(dir $(PHP_SCOPER_PHAR))
	@echo "[i] Downloading php-scoper $(PHP_SCOPER_VERSION) PHAR..."
	@tmp="$@.tmp" ; \
	curl --fail --location --show-error --silent \
	-o "$$tmp" \
	"https://github.com/humbug/php-scoper/releases/download/$(PHP_SCOPER_VERSION)/php-scoper.phar" ; \
	echo "$(PHP_SCOPER_SHA256) $$tmp" | sha256sum -c - ; \
	chmod +x "$$tmp" ; \
	mv "$$tmp" "$@"

[Copilot]

PHP_SCOPER_VERSION can change without forcing a re-download because the output path $(PHP_SCOPER_PHAR) is versionless. This can leave an old php-scoper binary in place while the Makefile claims a newer version. Consider versioning the filename (or using a stamp file tied to PHP_SCOPER_VERSION) so Make reliably fetches the requested version.

[Copilot]

php-scoper.phar is stored under apps-external/gdatavaas/build/ and is not removed after the build. Since the packaging target zips apps-external/ and doesn’t exclude **/build/**, this will likely ship the PHAR inside the release artifact unintentionally. Consider deleting the PHAR after use or adding an explicit zip exclude for app build tooling directories.

[Copilot]

This target mutates the app in-place by moving lib/ and vendor/ out of the way and replacing them with the scoped output, then deletes the backups. That makes the build non-idempotent for local development and leaves the working tree irreversibly modified if a later step fails. Consider keeping the original directories (or backups) until the end, and/or producing the scoped artifact in a separate staging directory that packaging consumes instead of overwriting the sources.

Suggested change

	@rm -rf $(GDATAVAAS_DIR)/lib.orig $(GDATAVAAS_DIR)/vendor.orig $(GDATAVAAS_SCOPED_DIR)
	@rm -rf $(GDATAVAAS_SCOPED_DIR)