Skip to content

Switch publishing to PIE only (pecl.php.net is deprecated)#5

Merged
sj-i merged 8 commits into
mainfrom
claude/docs-pie-not-pecl
May 30, 2026
Merged

Switch publishing to PIE only (pecl.php.net is deprecated)#5
sj-i merged 8 commits into
mainfrom
claude/docs-pie-not-pecl

Conversation

@sj-i
Copy link
Copy Markdown
Member

@sj-i sj-i commented May 29, 2026
edited
Loading

pecl.php.net is deprecated and no longer accepts new packages
(account-request.php now states: "No accounts will be accepted for new PECL
packages … If you are developing a new extension, you cannot add it to PECL"),
so the dual-channel plan in #2 isn't possible. This supersedes #2: publish via
PIE / Packagist only, with source-build installs for everyone else.

README

Install section trimmed to the essentials: all routes build from source (no
prebuilt binaries; needs a compiler + php-dev), then enable
extension=rdump.so as pecl/your distro directs.

  • pie install reliforp/ext-rdump (PIE needs PHP 8.1+ to run; the extension
    itself builds on 7.0+),
  • from a checkout: pecl install package.xml (for the older PHP PIE can't run
    on) or plain phpize && ./configure && make,
  • a note that pecl install rdump from the central channel isn't available.

(package.xml is kept: it still drives the local pecl install package.xml
build and pecl package, neither of which depends on the central channel.)

Release tooling

  • .github/workflows/release.yml — on a v* tag:
    • require a v* tag ref (so a stray workflow_dispatch from a branch fails
      fast), and gate the Release upload to push events;
    • check the version is in sync across php_rdump.h, package.xml
      <release> and <api>, and the tag;
    • pecl package-validate and composer validate --strict — the latter
      gates the actual distribution manifest that PIE/Packagist read;
    • build + run the full ci/build-and-test.sh (phpt suite plus the OOM-hook /
      safe_read / marker / budget smoke gates), not a bare run-tests.php call
      (which is a phpize-generated, gitignored file);
    • build the tarball and attach it to the GitHub Release as a convenience
      source archive (no upload to pecl.php.net).
  • RELEASING.md — PIE/Packagist release steps (PECL onboarding dropped).
  • CHANGELOG.md — 0.1.0 notes; also added to package.xml <contents> so
    it ships in the tarball.
  • .gitattributesexport-ignore dev-only paths from the dist archive.

Not automated (needs maintainer account)

  • Submitting the repo to Packagist (one-time) + enabling the hook; thereafter
    each pushed vX.Y.Z tag is picked up automatically.

pie install resolves from Packagist by package name, so it can't be exercised
pre-publish in the same run; composer validate is the meaningful pre-tag gate
for that channel.

Closes #2.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5

claude added 8 commits May 29, 2026 19:32
@claude
Release tooling + docs for PIE (pecl.php.net is deprecated)
30cc3e6 
pecl.php.net no longer accepts new packages, so there is no central PECL
channel. Publish via PIE/Packagist only, and document the three source-build
install routes (pie / pecl install package.xml from a checkout / plain phpize).

- README: install section reworked; note that `pecl install rdump` is not
  available and `pecl install package.xml` is just a local build helper.
- RELEASING.md: PIE/Packagist release steps; drop the PECL onboarding.
- .github/workflows/release.yml: on a v* tag, verify version sync, validate
  package.xml, build + test, build the tarball and attach it to the GitHub
  Release as a convenience source archive (no pecl.php.net upload).
- CHANGELOG.md, .gitattributes.

Supersedes #2.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
Harden the release workflow; ship CHANGELOG in the package
a6054f4 
Addresses review of the release tooling:
- Require a v* tag ref (GITHUB_REF_TYPE == tag + v* pattern) so a manual
  workflow_dispatch from a branch fails fast instead of comparing a branch name
  to the version; the Release upload is gated to push events.
- Run the full ci/build-and-test.sh in a container instead of calling
  run-tests.php directly. run-tests.php is a phpize-generated, gitignored file,
  and the shared script also exercises the OOM-hook / safe_read / marker /
  budget smoke gates, so the release meets the same bar as the matrix.
- Also check package.xml's <api> against the tag, not just <release>.
- Add CHANGELOG.md to package.xml <contents> as a doc so it ships in the tarball.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
README: don't claim pecl auto-edits php.ini
3c1c6aa 
pecl install package.xml runs the phpize build, but enabling the extension is
environment-dependent: on the common scan-dir layouts (Debian/Ubuntu,
setup-php) pecl doesn't reliably edit php.ini and you enable it separately.
Describe the build-helper role accurately and show how to enable it.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
README: trim the install section to the essentials
0a10d27 
Drop the scan-dir one-liner and verbose framing; state once that all routes
build from source and you enable extension=rdump.so as pecl/your distro
directs. Keep PIE, the pecl/phpize checkout build, and the note that the
central pecl channel is gone.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
README: drop em-dashes from the install section
3ddc2cd 
https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
release: validate composer.json (the PIE/Packagist manifest)
58bdd2b 
Distribution is PIE/Packagist, which read composer.json, but the release gate
only validated package.xml (the pecl build helper). Add `composer validate
--strict --no-check-publish` so a broken manifest fails the release. Add
composer to the setup-php tools.

(PIE install itself resolves from Packagist by package name, so it can't be
exercised pre-publish in the same run; composer validate is the meaningful
pre-tag gate for that channel.)

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
release: least-privilege split and tag-push-only trigger
1e7caa1 
- Default the workflow to contents: read; only the final job that creates the
  GitHub Release gets contents: write. The package job (checkout, setup-php,
  Docker build/test, pecl/composer validation) now runs read-only and hands the
  tarball to the release job via an artifact.
- Drop workflow_dispatch: its checks compare against a v* tag, so a Web-UI run
  against a branch would just fail. Tag-push only; RELEASING.md documents
  rehearsing the checks locally before tagging.
- Note why a single representative PHP (8.3) is fine for release packaging (the
  tarball is version-agnostic; full version/arch coverage is the other CIs).

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@claude
release: fix stale dispatch comment; drop --no-check-publish
e4cc536 
- The workflow comment still pointed at `gh workflow run ... --ref` for a
  dry-run, but workflow_dispatch was removed; reword to match RELEASING.md
  (rehearse locally).
- composer.json passes the publish checks, so run `composer validate --strict`
  without --no-check-publish to also catch Packagist publish warnings (the real
  distribution target). Update the RELEASING.md rehearsal command to match.

https://claude.ai/code/session_017skw8BsHkF8wur7Pf4G9W5
@sj-i sj-i merged commit f8d7bcb into main May 30, 2026
81 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sj-i @claude