Set COMPOSER_NO_AUDIT environment variable by default

This commit is contained in:
Shivam Mathur 2022-08-22 09:46:12 +05:30
parent e04e1d97f0
commit 6353d20df2
No known key found for this signature in database
GPG Key ID: 3E13E4C8591ACC2A
2 changed files with 2 additions and 0 deletions

View File

@ -309,6 +309,7 @@ These tools can be set up globally using the `tools` input. It accepts a string
- Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy. - Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy.
- If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow. - If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow.
- By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`. - By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`.
- Also, `COMPOSER_NO_AUDIT` is set to `1`. So if you want to audit your dependencies for security vulnerabilities, it is recommended to add a `composer audit` step before you install them.
## :signal_strength: Coverage Support ## :signal_strength: Coverage Support

View File

@ -1,2 +1,3 @@
COMPOSER_PROCESS_TIMEOUT=0 COMPOSER_PROCESS_TIMEOUT=0
COMPOSER_NO_INTERACTION=1 COMPOSER_NO_INTERACTION=1
COMPOSER_NO_AUDIT=1