PHP Build Pipeline: Composer Diagnose: Checking pubkeys: FAIL

This isn't formatted. Something is stripping the indentation within the yaml. But this is as best as I could get it to look.

---
# PropBot PHP Build

# This template allows you to validate your PHP application.
# The workflow allows running tests and code linting on the default branch.
#
# This should allow us to run our code, but execute the tests along with it
#
# README:
# https://support.atlassian.com/bitbucket-cloud/docs/configure-bitbucket-pipelinesyml/

image: php:8.1.18-fpm-alpine

pipelines:
branches:
staging:
- step:
name: Linting and PHPStan
script:
- apk update
- apk add composer git
- /usr/local/bin/php /usr/bin/composer.phar self-update
# Running locally - cd /app/propbot
- /usr/local/bin/php /usr/bin/composer.phar install
- ./vendor/bin/parallel-lint . --exclude vendor/
caches:
- composer
- step:
name: PHPStan
script:
- env | sort
- pwd
- ls
- apk add composer git bash libxml++-2.6 php-tokenizer php-dom php-xmlwriter php-xml
- apk update
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar diagnose
- /usr/local/bin/php /usr/bin/composer.phar install
- git config --global --add safe.directory /app/propbot
- git submodule init
- git submodule update vendor/google-api-php-client/
- git submodule update vendor/stripe-php
- cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini
- sed -i 's/memory_limit = 128M/memory_limit = 1G/g' /usr/local/etc/php/php.ini
- /usr/local/bin/php ./vendor/bin/phpstan --configuration=phpstan.neon -vvv --debug
caches:
- composer
- step:
name: Testing
script:
- apk update
- apk add composer
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar install
# Followed these directions
# https://rohjay.one/how-to-easily-setup-phpunit-tests-for-codeigniter-3/
# However the myFirstTest.php does not work
- ./vendor/bin/phpunit
caches:
- composer
pull requests:
- step:
name: Lint and PHPStan Checks
script:
- composer install
- ./vendor/bin/phplint . --exclude=/vendor/
caches:
- composer
- step:
name: PHPStan
script:
- apk add composer git bash libxml++-2.6 php-tokenizer php-dom php-xmlwriter php-xml
- apk update
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar diagnose
- /usr/local/bin/php /usr/bin/composer.phar install
- git config --global --add safe.directory /app/propbot
- git submodule init
- git submodule update vendor/google-api-php-client/
- git submodule update vendor/stripe-php
- cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini
- sed -i 's/memory_limit = 128M/memory_limit = 1G/g' /usr/local/etc/php/php.ini
- /usr/local/bin/php ./vendor/bin/phpstan --configuration=phpstan.neon -vvv --debug
caches:
- composer
- step:
name: Testing
script:

- ./vendor/bin/phpunit
caches:
- composer

 

Hello @Joel Webb ,

Thank you for sharing the YML file with us.

It seems like the issue is that the docker image you are using is not coming with the composer certificates, and neither the apk add composer is installing those certificates. 

I was able to get the diagnose to pass by installing composer following the instructions of Download composer documentation. You will need to include the following commands as part of your step's script, before the diagnose command : 

- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
- php composer-setup.php
- php -r "unlink('composer-setup.php');"

This should properly install composer with the required certificates. You can try including those commands in your yml file and let us know how it goes.

Thank you, @Joel Webb !

Patrik S

Thanks Patrik. The issue is a week before, the pipeline worked fine. The only state that changed was that I know Bitbucket changed SSL certs. But I wasn't sure of any downstream affect, if any.

Hello @Joel Webb ,

From the symptoms of the error, it doesn't seem to be an effect of the recent Bitbucket SSH rotation. The image you are using php:8.1.18-fpm-alpine

was last updated 11 days ago according to Dockerhub. The changes on this update might have caused your pipeline to start failing. Also, you are downloading the dependencies during the build time using the apk add command. Those dependencies are controlled by a third party and they might have been changed/updated during this period, which might have caused your build to start failing, even though your code didn't actually change.

I would suggest trying to include the commands I've shared in my previous response to your step's script, and it should install composer along with the necessary certificates.

Thank you, @Joel Webb !

Patrik S

@Patrik S It's happening again.

I just ran the docker pipeline locally, and it ran fine without the suggested cert install code.

Hey @Joel Webb ,

Could you share what exact command you used to spin up the local container, and also the sequence of commands you have executed inside the container? 

@Patrik S Correction. I loaded the certs manually on a subsequent step. But generally I am getting past this issue by running without the composer diagnose.