Add GitHub Actions CI for 5.x.x and fix curl_close deprecation on PHP 8+#900
Merged
Conversation
- Add .github/workflows/continuous-integration.yml with PHP 7.1, 7.2, 7.3, 7.4 - Add /.github export-ignore to .gitattributes - Wrap curl_close() in PHP version check to suppress deprecation on PHP >= 8.0 Fixes #798 Fixes #863 Co-authored-by: Copilot <[email protected]>
PHPUnit ^4.8.35 is affected by CVE-2026-24765 but cannot be updated on the 5.x.x branch due to PHP version constraints. As this is a dev-only dependency used in CI, we whitelist the CVE. Co-authored-by: Copilot <[email protected]>
The composer audit system uses its own advisory IDs (PKSA-*), not CVE IDs. phpunit/phpunit ^4.8.35 is blocked by advisory PKSA-z3gr-8qht-p93v (GHSA-vvj3-c3rp-c85p / CVE-2026-24765) during composer update. Co-authored-by: Copilot <[email protected]>
Composer 2.6+ blocks dependency resolution entirely when packages have security advisories, regardless of COMPOSER_NO_AUDIT. Setting block-insecure=false allows phpunit/phpunit ^4.8.35 to be installed on the 5.x.x branch where upgrading PHPUnit is not feasible. Co-authored-by: Copilot <[email protected]>
With --prefer-lowest on PHP 7.2, sebastian/comparator installs a version incompatible with phpunit 4.8.35, causing a fatal PHP error. Dropping the lowest deps run as it is not essential for this legacy branch. Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR backports a PHP 8+ compatibility fix to the 5.x.x branch and introduces GitHub Actions CI for the branch, aligning maintenance workflows with the older release line.
Changes:
- Guard
curl_close($ch)to avoid PHP 8+ deprecation behavior. - Add a GitHub Actions CI workflow running the test suite on PHP 7.1–7.4 for 5.x.x.
- Exclude
/.githubfrom exported archives via.gitattributes, and add Composer audit-related config.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/JsonSchema/Uri/Retrievers/Curl.php |
Adds PHP version guard around curl_close in the cURL retriever. |
composer.json |
Introduces Composer config.audit settings (ignore + block behavior). |
.github/workflows/continuous-integration.yml |
Adds CI workflow for the 5.x.x branch across PHP 7.1–7.4. |
.gitattributes |
Adds /.github export-ignore so workflow files aren’t included in distribution archives. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+15
to
+21
| runs-on: ubuntu-latest | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| php-version: ['7.1', '7.2', '7.3', '7.4'] | ||
|
|
There was a problem hiding this comment.
Using ubuntu-latest for an EOL PHP matrix (7.1–7.4) makes CI brittle because ubuntu-latest moves over time and can break old PHP builds unexpectedly. Pin the runner to a specific Ubuntu version known to work with these PHP versions (e.g., ubuntu-22.04/20.04) to keep the backport branch stable.
Co-authored-by: Copilot <[email protected]>
DannyvdSluijs
added a commit
that referenced
this pull request
May 4, 2026
… 8+ (#900) This PR re-implements changes from #864, solving #863 --- 🤖 This is a minimal backport addressing PHP 8+ compatibility for the 5.x.x branch. ## Changes - **Add CI pipeline**: GitHub Actions workflow targeting PHP 7.1, 7.2, 7.3 and 7.4 - **Fix `curl_close` deprecation**: Wrap `curl_close($ch)` in a `PHP_VERSION_ID < 80000` check — `curl_close()` is a no-op and deprecated since PHP 8.0 - **`.gitattributes`**: Add `/.github export-ignore` so the workflow files are excluded from archives Fixes #863 --------- Co-authored-by: Copilot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR re-implements changes from #864, solving #863
🤖 This is a minimal backport addressing PHP 8+ compatibility for the 5.x.x branch.
Changes
curl_closedeprecation: Wrapcurl_close($ch)in aPHP_VERSION_ID < 80000check —curl_close()is a no-op and deprecated since PHP 8.0.gitattributes: Add/.github export-ignoreso the workflow files are excluded from archivesFixes #863