Add `--abandoned` option (#12091)

* Add `--abandoned` option * Refactoring - Use `Auditor::ABANDONEDS` in `Config.php` - Drop `getAuditAbandoned()` from `BaseCommand.php` * Modify cli docs
2024-09-17 16:44:55 +03:00 · 2024-09-17 16:44:55 +03:00 · 21bf74d2c7
parent bd4fd2cf94
commit 21bf74d2c7
5 changed files with 36 additions and 4 deletions
--- a/doc/03-cli.md
+++ b/doc/03-cli.md
@ -1075,6 +1075,10 @@ php composer.phar audit
 * **--no-dev:** Disables auditing of require-dev packages.
 * **--format (-f):** Audit output format. Must be "table" (default), "plain", "json", or "summary".
 * **--locked:** Audit packages from the lock file, regardless of what is currently in vendor dir.
+* **--abandoned:** Behavior on abandoned packages. Must be "ignore", "report",
+  or "fail".  See also [audit.abandoned](06-config.md#abandoned).  Passing this
+  flag will override the config value and the environment variable.
+

 ## help

--- a/doc/06-config.md
+++ b/doc/06-config.md
@ -153,7 +153,12 @@ Defaults to `report` in Composer 2.6, and defaults to `fail` from Composer 2.7 o
 }
 ```

-Since Composer 2.7 the option can be overridden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable.
+Since Composer 2.7, the option can be overridden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable.
+
+Since Composer 2.8, the option can be overridden via the
+[`--abandoned`](03-cli.md#audit) command line option, which overrides both the
+config value and the environment variable.
+

 ## use-parent-dir

--- a/src/Composer/Advisory/Auditor.php
+++ b/src/Composer/Advisory/Auditor.php
@ -47,6 +47,13 @@ class Auditor
    public const ABANDONED_REPORT = 'report';
    public const ABANDONED_FAIL = 'fail';

+    /** @internal */
+    public const ABANDONEDS = [
+        self::ABANDONED_IGNORE,
+        self::ABANDONED_REPORT,
+        self::ABANDONED_FAIL,
+    ];
+
    /**
     * @param PackageInterface[] $packages
     * @param self::FORMAT_* $format The format that will be used to output audit results.
--- a/src/Composer/Command/AuditCommand.php
+++ b/src/Composer/Command/AuditCommand.php
@ -33,6 +33,7 @@ class AuditCommand extends BaseCommand
                new InputOption('no-dev', null, InputOption::VALUE_NONE, 'Disables auditing of require-dev packages.'),
                new InputOption('format', 'f', InputOption::VALUE_REQUIRED, 'Output format. Must be "table", "plain", "json", or "summary".', Auditor::FORMAT_TABLE, Auditor::FORMATS),
                new InputOption('locked', null, InputOption::VALUE_NONE, 'Audit based on the lock file instead of the installed packages.'),
+                new InputOption('abandoned', null, InputOption::VALUE_REQUIRED, 'Behavior on abandoned packages. Must be "ignore", "report", or "fail".', null, Auditor::ABANDONEDS),
            ])
            ->setHelp(
                <<<EOT
@ -65,7 +66,22 @@ EOT

        $auditConfig = $composer->getConfig()->get('audit');

-        return min(255, $auditor->audit($this->getIO(), $repoSet, $packages, $this->getAuditFormat($input, 'format'), false, $auditConfig['ignore'] ?? [], $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL));
+        $abandoned = $input->getOption('abandoned');
+        if ($abandoned !== null && !in_array($abandoned, Auditor::ABANDONEDS, true)) {
+            throw new \InvalidArgumentException('--audit must be one of '.implode(', ', Auditor::ABANDONEDS).'.');
+        }
+
+        $abandoned = $abandoned ?? $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL;
+
+        return min(255, $auditor->audit(
+            $this->getIO(),
+            $repoSet,
+            $packages,
+            $this->getAuditFormat($input, 'format'),
+            false,
+            $auditConfig['ignore'] ?? [],
+            $abandoned
+        ));
    }

    /**
--- a/src/Composer/Config.php
+++ b/src/Composer/Config.php
@ -440,9 +440,9 @@ class Config
                $result = $this->config[$key];
                $abandonedEnv = $this->getComposerEnv('COMPOSER_AUDIT_ABANDONED');
                if (false !== $abandonedEnv) {
-                    if (!in_array($abandonedEnv, $validChoices = [Auditor::ABANDONED_IGNORE, Auditor::ABANDONED_REPORT, Auditor::ABANDONED_FAIL], true)) {
+                    if (!in_array($abandonedEnv, $validChoices = Auditor::ABANDONEDS, true)) {
                        throw new \RuntimeException(
-                            "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected ".Auditor::ABANDONED_IGNORE.", ".Auditor::ABANDONED_REPORT." or ".Auditor::ABANDONED_FAIL
+                            "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected one of ".implode(', ', Auditor::ABANDONEDS)."."
                        );
                    }
                    $result['abandoned'] = $abandonedEnv;