Upgrade Stepup-RA to run on Symfony 6.4 and PHP 8.2 #313
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ker based development environment
This will let the logs go to stdout when running as a container, which is the Docker way to send logs
Bumps [symfony/twig-bridge](https://github.com/symfony/twig-bridge) from 4.4.49 to 4.4.51. - [Release notes](https://github.com/symfony/twig-bridge/releases) - [Changelog](https://github.com/symfony/twig-bridge/blob/6.3/CHANGELOG.md) - [Commits](symfony/twig-bridge@v4.4.49...v4.4.51) --- updated-dependencies: - dependency-name: symfony/twig-bridge dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Tests started failing since yesterday: ``` yarn install v1.22.19 info No lockfile found. [1/4] Resolving packages... warning @symfony/webpack-encore > webpack-dev-server > webpack-dev-middleware > [email protected]: this will be v4 [2/4] Fetching packages... error @symfony/[email protected]: The engine "node" is incompatible with this module. Expected version ">=16.0.0". Got "14.21.2" ``` I was able to trace to issue back to a new release of webpack-encore: https://github.com/symfony/webpack-encore/releases/tag/v4.5.0
Feature/docker configs
Bumps [phpseclib/phpseclib](https://github.com/phpseclib/phpseclib) from 3.0.19 to 3.0.34. - [Release notes](https://github.com/phpseclib/phpseclib/releases) - [Changelog](https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md) - [Commits](phpseclib/phpseclib@3.0.19...3.0.34) --- updated-dependencies: - dependency-name: phpseclib/phpseclib dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [phpseclib/phpseclib](https://github.com/phpseclib/phpseclib) from 3.0.34 to 3.0.37. - [Release notes](https://github.com/phpseclib/phpseclib/releases) - [Changelog](https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md) - [Commits](phpseclib/phpseclib@3.0.34...3.0.37) --- updated-dependencies: - dependency-name: phpseclib/phpseclib dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
…/phpseclib-3.0.37 Bump phpseclib/phpseclib from 3.0.34 to 3.0.37
MKodde
requested changes
Mar 19, 2024
There was a problem hiding this comment.
Hi Paul, I absolutely love the work you put in here. Don't be discouraged by my numerous feedback points, they are mostly on the verge of nitpicking.
Non-code review points
Please also review these non-code review points;
- You created this PR from
master, Not a bad idea at all. We however have some new code ondevelop. I'd say, try to rebase ondevelopto get those changes. Or cherry pick those changes after merging this to master. But I much prefer a rebase ontodevelop. - After merging, we need a new
release/6.0branch based on the develop branch with your changes - Next, we need to merge the
release/6.0branch to master - Finally develop can be removed. Master can be renamed to
main,maincan be the default branch from that point on. - A lot of PHPStan warnings ended up in the baseline. I trust you did a best effort attemt to fix the issues when possible.
- The
config/packages/[dev|prod|smoketest|test]folders should be removed from the project after migrating all env specific config. I see that the web_profiler settings are not yet moved to theframework.yaml - I see quite some unused imports in the project. PHPStorm can super easily remove them for you. In the
projectpane, right click on thesrcfolder: ClickOptimize imports. Bob's your uncle. - Please move the
src/**/Resources/*to the /config folder. That way we can finally part with that SF 3 convention. - The
appfolder can be removed now? If you are not certain please run this past @pmeulen or @phavekes.
Next action
My next action is to use the application in the browser. I'm going to check if I can find some regressions there.
src/Surfnet/StepupRa/RaBundle/Command/RevokeRecoveryTokenCommand.php
Outdated
Show resolved
Hide resolved
src/Surfnet/StepupRa/RaBundle/Command/SearchRecoveryTokensCommand.php
Outdated
Show resolved
Hide resolved
src/Surfnet/StepupRa/RaBundle/Command/SearchSecondFactorAuditLogCommand.php
Outdated
Show resolved
Hide resolved
parijke
commented
Mar 22, 2024
@MKodde No I did not... I was in the assumption that a baseline is set to avoid overwhelming changes on an existing code base. Maybe we can do a better job, but the question is: how far....? |
MKodde
changed the title
quartje
force-pushed
the
feature/symfony6-upgrade
branch
2 times, most recently
from
3c3d076
to
ecb5c8d
Compare
- rector - sf/flex 2+
LevelSetList::UP_TO_PHP_82, ClassPropertyAssignToConstructorPromotionRector::class, SymfonySetList::SYMFONY_44,
Moved them from the bundle to the globa assets folder Updated the references to these files in the webpack config
This fixed the not present vetting type input fields. Which are added based on the programmed locales.
It can be autoconfigured without any issues
That is more in line with the other QA config
The code style sniffer reported some faulty formatting
Some no longer relevant entries were cleaned up And a couple new ones are added. There is insuficiant time to address them now
Security issues are monitored using dependabot on our VCS. And in addition we scan all projects on a daily scedule with our daily-security-check.yml github action
From `src` to `Surfnet\StepupRa` this sticks to the naming convention we stick to in the other stepup projects
- Remove the repository version of the saml bundle. We can rely on the latest actual release now - Upgrade the monitor bundle - Upgrade any other bundle within the set constraints
Pin them to the 6.4 version we built this app on
MKodde
force-pushed
the
feature/symfony6-upgrade
branch
from
9de0367
to
e17a0e6
Compare
phavekes
requested changes
Apr 16, 2024
| saml_remote_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on | ||
| saml_remote_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg=' | ||
| loa_required_for_login: 'http://dev.openconext.local/assurance/loa3' | ||
| authentication_context_class_ref: '%loa_required_for_login%' |
There was a problem hiding this comment.
authentication_context_class_ref seems to be a new config parameter, and probably does the same as loa_required_for_login. Please use the old parameter and drop this, or explain the purpose of this new parameter
There was a problem hiding this comment.
Fair point. Merged them. And kept `authentication_context_class_ref
This reverts commit 965cf09.
MKodde
force-pushed
the
feature/symfony6-upgrade
branch
from
4f7f7f6
to
f48e25b
Compare
The locales and hints were not set correctly set when no hints were found for the chosen institution
The saml bundle now listens for the authentication_context_class_ref param. Our config chekcs if it is set by verifying the required_loa config option. Having parameters for both options makes no sense. So I merged them
MKodde
approved these changes
Apr 17, 2024
Remove deprecated set-output commands Phase out ancient (4 years!) create release action
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upgrade the RA application to support Symfony 6.4 and PHP 8.2
Many structural changes have been made. For details, have a look at the commit history of this PR. Some highlights include: