Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
composer · Feb 7, 2024 · 7cb92a9 · 7cb92a9
1 parent e0807d3
commit 7cb92a9
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 0 deletions.
diff --git a/doc/03-cli.md b/doc/03-cli.md
@@ -1247,6 +1247,11 @@ similar use case), and need to support proxies, please provide the `CGI_HTTP_PRO
 environment variable instead. See [httpoxy.org](https://httpoxy.org/) for further
 details.
 
+### COMPOSER_AUDIT_ABANDONED
+
+Set to `ignore`, `report` or `fail` to override the [audit.abandoned](06-config.md#abandoned)
+config option.
+
 ### COMPOSER_MAX_PARALLEL_HTTP
 
 Set to an integer to configure how many files can be downloaded in parallel. This

diff --git a/doc/06-config.md b/doc/06-config.md
@@ -143,6 +143,18 @@ Defaults to `report` in Composer 2.6, and defaults to `fail` from Composer 2.7 o
 - `report` means abandoned packages are reported as an error but do not cause the command to exit with a non-zero code.
 - `fail` means abandoned packages will cause audits to fail with a non-zero code.
 
+```json
+{
+    "config": {
+        "audit": {
+            "abandoned": "report"
+        }
+    }
+}
+```
+
+Since Composer 2.7 the option can be overriden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable.
+
 ## use-parent-dir
 
 When running Composer in a directory where there is no composer.json, if there

diff --git a/src/Composer/Advisory/Auditor.php b/src/Composer/Advisory/Auditor.php
@@ -19,6 +19,7 @@
 use Composer\Package\PackageInterface;
 use Composer\Repository\RepositorySet;
 use Composer\Util\PackageInfo;
+use Composer\Util\Platform;
 use InvalidArgumentException;
 use Symfony\Component\Console\Formatter\OutputFormatter;
 

diff --git a/src/Composer/Config.php b/src/Composer/Config.php
@@ -436,6 +436,20 @@ public function get(string $key, int $flags = 0)
 
                 return $this->process($this->config[$key], $flags);
 
+            case 'audit':
+                $result = $this->config[$key];
+                $abandonedEnv = $this->getComposerEnv('COMPOSER_AUDIT_ABANDONED');
+                if (false !== $abandonedEnv) {
+                    if (!in_array($abandonedEnv, $validChoices = [Auditor::ABANDONED_IGNORE, Auditor::ABANDONED_REPORT, Auditor::ABANDONED_FAIL], true)) {
+                        throw new \RuntimeException(
+                            "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected ".Auditor::ABANDONED_IGNORE.", ".Auditor::ABANDONED_REPORT." or ".Auditor::ABANDONED_FAIL
+                        );
+                    }
+                    $result['abandoned'] = $abandonedEnv;
+                }
+
+                return $result;
+
             default:
                 if (!isset($this->config[$key])) {
                     return null;

diff --git a/tests/Composer/Test/Advisory/AuditorTest.php b/tests/Composer/Test/Advisory/AuditorTest.php
@@ -23,6 +23,7 @@
 use Composer\Repository\RepositorySet;
 use Composer\Test\TestCase;
 use Composer\Advisory\Auditor;
+use Composer\Util\Platform;
 use InvalidArgumentException;
 
 class AuditorTest extends TestCase

diff --git a/tests/Composer/Test/ConfigTest.php b/tests/Composer/Test/ConfigTest.php
@@ -12,6 +12,7 @@
 
 namespace Composer\Test;
 
+use Composer\Advisory\Auditor;
 use Composer\Config;
 use Composer\IO\IOInterface;
 use Composer\Util\Platform;
@@ -382,6 +383,30 @@ public function testGetSourceOfValueEnvVariables(): void
         $this->assertEquals('COMPOSER_HTACCESS_PROTECT', $result);
     }
 
+    public function testAudit(): void
+    {
+        $config = new Config(true);
+        $result = $config->get('audit');
+        self::assertArrayHasKey('abandoned', $result);
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(Auditor::ABANDONED_FAIL, $result['abandoned']);
+        self::assertSame([], $result['ignore']);
+
+        Platform::putEnv('COMPOSER_AUDIT_ABANDONED', Auditor::ABANDONED_IGNORE);
+        $result = $config->get('audit');
+        Platform::clearEnv('COMPOSER_AUDIT_ABANDONED');
+        self::assertArrayHasKey('abandoned', $result);
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(Auditor::ABANDONED_IGNORE, $result['abandoned']);
+        self::assertSame([], $result['ignore']);
+
+        $config->merge(['config' => ['audit' => ['ignore' => ['A', 'B']]]]);
+        $config->merge(['config' => ['audit' => ['ignore' => ['A', 'C']]]]);
+        $result = $config->get('audit');
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(['A', 'B', 'A', 'C'], $result['ignore']);
+    }
+
     public function testGetDefaultsToAnEmptyArray(): void
     {
         $config = new Config;