From 12b910a04dedac846f87d037b065899d72382265 Mon Sep 17 00:00:00 2001 From: Shivam Mathur Date: Mon, 9 Jun 2025 17:30:41 +0530 Subject: [PATCH] Add support for COMPOSER_ALLOW_PLUGINS --- README.md | 11 +++++++++++ src/scripts/tools/add_tools.ps1 | 5 +++++ src/scripts/tools/add_tools.sh | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/README.md b/README.md index bd0822ad..8b1ff25a 100644 --- a/README.md +++ b/README.md @@ -309,6 +309,17 @@ These tools can be set up globally using the `tools` input. It accepts a string fail-fast: true ``` +- By default, `composer` blocks all its plugins. If you are using the `tools` input to install a composer plugin it will be added to the allow list, alternatively if your dependencies have composer plugins, you can allow them by setting `COMPOSER_ALLOW_PLUGINS` that accepts a csv string of plugin names. + +```yaml +- name: Setup PHP with fail-fast + uses: shivammathur/setup-php@v2 + with: + php-version: '8.4' + env: + COMPOSER_ALLOW_PLUGINS: composer/installers, composer/satis +``` + > [!NOTE] > - Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy. > - If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow. diff --git a/src/scripts/tools/add_tools.ps1 b/src/scripts/tools/add_tools.ps1 index d817bc0c..cfe28fe9 100644 --- a/src/scripts/tools/add_tools.ps1 +++ b/src/scripts/tools/add_tools.ps1 @@ -58,6 +58,11 @@ Function Set-ComposerEnv() { (Get-Content $src\configs\composer.env -Raw) -replace '(?m)^COMPOSER_PROCESS_TIMEOUT=.*$', "COMPOSER_PROCESS_TIMEOUT=$env:COMPOSER_PROCESS_TIMEOUT" | Set-Content $src\configs\composer.env } Add-EnvPATH $src\configs\composer.env + if($env:COMPOSER_ALLOW_PLUGINS) { + $env:COMPOSER_ALLOW_PLUGINS -split '\s*,\s*' | Where-Object { $_ } | ForEach-Object { + & composer global config --no-plugins "allow-plugins.$_" true > $null 2>&1 + } + } } # Function to extract tool version. diff --git a/src/scripts/tools/add_tools.sh b/src/scripts/tools/add_tools.sh index 0fdb80d2..99a736f6 100644 --- a/src/scripts/tools/add_tools.sh +++ b/src/scripts/tools/add_tools.sh @@ -75,6 +75,11 @@ set_composer_env() { sed -i "$sed_arg" "$composer_env" 2>/dev/null || sed -i '' "$sed_arg" "$composer_env" fi add_env_path "$composer_env" + if [ -n "$COMPOSER_ALLOW_PLUGINS" ]; then + echo "$COMPOSER_ALLOW_PLUGINS" | tr ',' '\n' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep -v '^$' | while IFS= read -r plugin; do + composer global config --no-plugins "allow-plugins.$plugin" true >/dev/null 2>&1 + done + fi } # Helper function to configure tools.