actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2024-11-22 20:01:06 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #636 from shivammathur/composer-no-audit

Browse Source 
Set COMPOSER_NO_AUDIT environment variable by default
This commit is contained in:
Shivam Mathur 2022-08-22 09:54:07 +05:30 committed by GitHub
commit 56ad5977ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -309,6 +309,7 @@ These tools can be set up globally using the `tools` input. It accepts a string
- Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy.
- If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow.
- By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`.
- Also, `COMPOSER_NO_AUDIT` is set to `1`. So if you want to audit your dependencies for security vulnerabilities, it is recommended to add a `composer audit` step before you install them.
## :signal_strength: Coverage Support

1
src/configs/composer.env
View File

@ -1,2 +1,3 @@
COMPOSER_PROCESS_TIMEOUT=0
COMPOSER_NO_INTERACTION=1
COMPOSER_NO_AUDIT=1