mirror of
https://github.com/shivammathur/setup-php.git
synced 2024-11-22 20:01:06 +07:00
Merge pull request #636 from shivammathur/composer-no-audit
Set COMPOSER_NO_AUDIT environment variable by default
This commit is contained in:
Shivam Mathur
GitHub
commit
56ad5977ba
@ -309,6 +309,7 @@ These tools can be set up globally using the `tools` input. It accepts a string
|
|||||||
- Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy.
|
- Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy.
|
||||||
- If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow.
|
- If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow.
|
||||||
- By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`.
|
- By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`.
|
||||||
|
- Also, `COMPOSER_NO_AUDIT` is set to `1`. So if you want to audit your dependencies for security vulnerabilities, it is recommended to add a `composer audit` step before you install them.
|
||||||
|
|
||||||
## :signal_strength: Coverage Support
|
## :signal_strength: Coverage Support
|
||||||
|
|
||||||
|
|||||||
@ -1,2 +1,3 @@
|
|||||||
COMPOSER_PROCESS_TIMEOUT=0
|
COMPOSER_PROCESS_TIMEOUT=0
|
||||||
COMPOSER_NO_INTERACTION=1
|
COMPOSER_NO_INTERACTION=1
|
||||||
|
COMPOSER_NO_AUDIT=1
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user