humbug/box

Fast, zero config application bundler with PHARs.

Maintainers

Details

github.com/box-project/box

Source

Issues

Installs: 426 822

Dependents: 50

Suggesters: 1

Security: 0

Stars: 1 124

Watchers: 26

Forks: 101

Open Issues: 62

4.6.2 2024-04-23 19:33 UTC

Requires

Requires (Dev)

Suggests

Replaces

MIT 29c3585c64a16d17df97699dd9e0291591a266a3

  • Kevin Herrera <kevin.woop@herrera.io>
  • ThΓ©o Fidry <theo.fidry.woop@gmail.com>

phar

This package is auto-updated.

Last update: 2024-10-07 06:49:37 UTC

README

Box logo

Package version Scrutinizer Code Quality Slack License

Upgrading from Box2? Checkout the upgrade guide!

Goal

The Box application simplifies the PHAR building process. Out of the box (no pun intended), the application can do many great things:

  • ⚑ Fast application bundling
  • πŸ”¨ PHAR isolation
  • βš™οΈ Zero configuration by default
  • πŸš” Requirements checker
  • 🚨 Friendly error logging experience
  • πŸ” Retrieve information about the PHAR extension or a PHAR file and its contents (box info or box diff)
  • πŸ”οΈ Verify the signature of an existing PHAR (box verify)
  • πŸ“ Use Git tags and short commit hashes for versioning
  • πŸ•΅οΈοΈ Get recommendations and warnings about regarding your configuration (box validate)
  • 🐳 Docker support (box docker)

For the full documentation see https://box-project.github.io/box.

Table of Contents

  1. Installation
    1. Phive
    2. Composer
    3. Homebrew
    4. GitHub
    5. Docker
    6. shivammathur/setup-php (GitHub Actions)
  2. Usage
  3. Configuration
    1. Base path (base-path)
    2. Main (main)
    3. Output (output)
    4. Permissions (chmod)
    5. Check requirements (check-requirements)
    6. Including files
      1. Force auto-discovery (force-autodiscovery)
      2. Files (files and files-bin)
      3. Directories (directories and directories-bin)
      4. Finder (finder and finder-bin)
      5. Blacklist (blacklist)
      6. Excluding the Composer files (exclude-composer-files)
      7. Excluding dev files (exclude-dev-files)
      8. Map (map)
    7. Stub
      1. Stub (stub)
      2. Alias (alias)
      3. Shebang (shebang)
      4. Banner (banner)
      5. Banner file (banner-file)
    8. Forcing the timestamp (timestamp)
    9. Dumping the Composer autoloader (dump-autoload)
    10. Compactors (compactors)
      1. Annotations (annotations)
      2. PHP-Scoper (php-scoper)
    11. Compression algorithm (compression)
    12. Security
      1. Signing algorithm (algorithm)
      2. The private key (key)
      3. The private key password (key-pass)
    13. Metadata (metadata)
    14. Replaceable placeholders
      1. Replacements (replacements)
      2. Replacement sigil (replacement-sigil)
      3. Datetime placeholder (datetime)
      4. Datetime placeholder format (datetime-format)
      5. Pretty git commit placeholder (git)
      6. Git commit placeholder (git-commit)
      7. Short git commit placeholder (git-commit-short)
      8. Git tag placeholder (git-tag)
      9. Git version placeholder (git-version)
  4. Requirements checker
    1. Configuration
      1. PHP version requirements
      2. Extension configuration requirements
      3. Polyfills
    2. Integration with a custom stub
  5. Optimize your PHAR
    1. Review your files
    2. Compress your PHAR
    3. Optimize your code
  6. PHAR code isolation
    1. Why/Explanation
    2. Isolating the PHAR
    3. Debugging the scoping
  7. Docker support
  8. Symfony support
    1. Project files
    2. Project directory
    3. Cache
  9. Reproducible builds
    1. Creating a reproducible PHAR
      1. PHP-Scoper
      2. Composer
        1. Composer root version
        2. Composer autoload suffix
      3. Box
        1. PHAR alias
        2. Requirement Checker
        3. Box banner
      4. PHAR
    2. Usages
  10. PHAR signing best practices
    1. Built-in PHAR API
      1. How to sign your PHAR
      2. How it works
      3. Why it is bad
    2. How to (properly) sign your PHAR
      1. Create a new GPG-key
      2. Manually signing
      3. Generate the encryption key
      4. Secure your encryption key
      5. Sign your PHAR
      6. Verifying the PHAR signature
    3. Automatically sign in GitHub Actions
  11. FAQ
    1. What is the canonical way to write a CLI entry file?
      1. The shebang
      2. The PHP_SAPI check
      3. Autoloading Composer
    2. Detecting that you are inside a PHAR
    3. Building a PHAR with Box as a dependency
  12. Contributing
  13. Upgrade guide
  14. Backward Compatibility Promise (BCP)
  15. Credits

Usage

Creating a PHAR should be as simple as running box compile (no config required!). It will however assume some defaults that you might want to change. Box will by default be looking in order for the files box.json and box.json.dist in the current working directory. A basic configuration could be for example changing the PHAR permissions:

{
    "chmod": "0700"
}

You can then find more advanced configuration settings in the configuration documentation. For more information on which command or options is available, you can run:

box help

Contributing

The project provides a Makefile in which the most common commands have been registered such as fixing the coding style or running the test.

make

Backward Compatibility Promise (BCP)

The policy is for the major part following the same as Symfony's one. Note that the code marked as @private or @internal are excluded from the BCP.

The text displayed by the commands (e.g. compile or info) or the content of the error/exception messages are also not subject to the BCP.

Credits

Project originally created by: Kevin Herrera (@kherge) which has now been moved under the Humbug umbrella.