[Symfony4.4] Composer2 update

[nanasess]

概要(Overview・Refs Issue)

• close Composer 2.0 Support #4712
• composer 2.0 対応のアップデート

• Removing ocramius/package-versions (1.4.2)
• Upgrading composer/ca-bundle (1.2.7 => 1.2.8)
• Upgrading composer/composer (1.10.8 => dev-master 5df1797)
• Locking composer/package-versions-deprecated (1.11.99)
• Upgrading composer/semver (1.5.1 => 3.2.1)
• Upgrading composer/spdx-licenses (1.5.3 => 1.5.4)
• Upgrading composer/xdebug-handler (1.4.2 => 1.4.3)
• Upgrading doctrine/annotations (1.10.3 => 1.10.4)
• Upgrading doctrine/cache (1.10.1 => 1.10.2)
• Upgrading doctrine/collections (1.6.5 => 1.6.7)
• Upgrading doctrine/doctrine-fixtures-bundle (3.3.1 => 3.3.2)
• Upgrading doctrine/event-manager (1.1.0 => 1.1.1)
• Upgrading doctrine/persistence (1.3.7 => 1.3.8)
• Upgrading ec-cube/plugin-installer (0.0.8 => 2.0.x-dev)
• Upgrading egulias/email-validator (2.1.18 => 2.1.22)
• Upgrading friendsofphp/php-cs-fixer (v2.16.3 => dev-master 9f8cc4d)
• Upgrading guzzlehttp/promises (v1.3.1 => 1.4.0)
• Upgrading guzzlehttp/psr7 (1.6.1 => 1.7.0)
• Upgrading monolog/monolog (1.25.4 => 1.25.5)
• Upgrading myclabs/deep-copy (1.9.5 => 1.10.1)
• Upgrading nikic/php-parser (v4.5.0 => v4.10.2)
• Upgrading php-coveralls/php-coveralls (v2.2.0 => v2.4.1)
• Locking react/promise (v2.8.0)
• Upgrading seld/jsonlint (1.8.0 => 1.8.2)
• Upgrading seld/phar-utils (1.1.0 => 1.1.1)
• Upgrading sensio/framework-extra-bundle (v5.5.6 => v5.5.7)
• Upgrading setasign/fpdi (v2.3.3 => v2.3.4)
• Upgrading symfony/asset (v4.4.10 => v4.4.15)
• Upgrading symfony/browser-kit (v4.4.10 => v4.4.15)
• Upgrading symfony/cache (v4.4.10 => v4.4.15)
• Upgrading symfony/cache-contracts (v1.1.7 => v1.1.10)
• Upgrading symfony/config (v4.4.10 => v4.4.15)
• Upgrading symfony/console (v4.4.10 => v4.4.15)
• Upgrading symfony/css-selector (v4.4.10 => v4.4.15)
• Upgrading symfony/debug (v4.4.10 => v4.4.15)
• Upgrading symfony/debug-bundle (v4.4.10 => v4.4.15)
• Upgrading symfony/dependency-injection (v4.4.10 => v4.4.15)
• Upgrading symfony/doctrine-bridge (v4.4.10 => v4.4.15)
• Upgrading symfony/dom-crawler (v4.4.10 => v4.4.15)
• Upgrading symfony/dotenv (v4.4.10 => v4.4.15)
• Upgrading symfony/error-handler (v4.4.10 => v4.4.15)
• Upgrading symfony/event-dispatcher (v4.4.10 => v4.4.15)
• Upgrading symfony/event-dispatcher-contracts (v1.1.7 => v1.1.9)
• Upgrading symfony/expression-language (v4.4.10 => v4.4.15)
• Upgrading symfony/filesystem (v4.4.10 => v4.4.15)
• Upgrading symfony/finder (v4.4.10 => v4.4.15)
• Upgrading symfony/flex (v1.8.4 => v1.9.4)
• Upgrading symfony/form (v4.4.10 => v4.4.15)
• Upgrading symfony/framework-bundle (v4.4.10 => v4.4.15)
• Locking symfony/http-client-contracts (v1.1.10)
• Upgrading symfony/http-foundation (v4.4.10 => v4.4.15)
• Upgrading symfony/http-kernel (v4.4.10 => v4.4.15)
• Upgrading symfony/inflector (v4.4.10 => v4.4.15)
• Upgrading symfony/intl (v4.4.10 => v4.4.15)
• Upgrading symfony/maker-bundle (v1.19.0 => v1.21.1)
• Upgrading symfony/mime (v4.4.10 => v4.4.15)
• Upgrading symfony/monolog-bridge (v4.4.10 => v4.4.15)
• Upgrading symfony/monolog-bundle (v3.5.0 => v3.6.0)
• Upgrading symfony/options-resolver (v4.4.10 => v4.4.15)
• Upgrading symfony/phpunit-bridge (v4.4.10 => v4.4.15)
• Upgrading symfony/polyfill-ctype (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-iconv (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-intl-icu (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-intl-idn (v1.17.1 => v1.18.1)
• Locking symfony/polyfill-intl-normalizer (v1.18.1)
• Upgrading symfony/polyfill-mbstring (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-php70 (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-php72 (v1.17.0 => v1.18.1)
• Upgrading symfony/polyfill-php73 (v1.17.1 => v1.18.1)
• Upgrading symfony/polyfill-php80 (v1.17.1 => v1.18.1)
• Upgrading symfony/process (v4.4.10 => v4.4.15)
• Upgrading symfony/profiler-pack (v1.0.4 => v1.0.5)
• Upgrading symfony/property-access (v4.4.10 => v4.4.15)
• Upgrading symfony/proxy-manager-bridge (v4.4.10 => v4.4.15)
• Upgrading symfony/routing (v4.4.10 => v4.4.15)
• Upgrading symfony/security (v4.4.10 => v4.4.15)
• Upgrading symfony/security-bundle (v4.4.10 => v4.4.15)
• Upgrading symfony/serializer (v4.4.10 => v4.4.15)
• Upgrading symfony/service-contracts (v1.1.8 => v1.1.9)
• Upgrading symfony/stopwatch (v4.4.10 => v4.4.15)
• Upgrading symfony/swiftmailer-bundle (v3.4.0 => v3.5.1)
• Upgrading symfony/templating (v4.4.10 => v4.4.15)
• Upgrading symfony/translation (v4.4.10 => v4.4.15)
• Upgrading symfony/translation-contracts (v1.1.7 => v1.1.10)
• Upgrading symfony/twig-bridge (v4.4.10 => v4.4.15)
• Upgrading symfony/twig-bundle (v4.4.10 => v4.4.15)
• Upgrading symfony/validator (v4.4.10 => v4.4.15)
• Upgrading symfony/var-dumper (v4.4.10 => v4.4.15)
• Upgrading symfony/var-exporter (v4.4.10 => v4.4.15)
• Upgrading symfony/web-profiler-bundle (v4.4.10 => v4.4.15)
• Upgrading symfony/web-server-bundle (v4.4.10 => v4.4.15)
• Upgrading symfony/workflow (v4.4.10 => v4.4.15)
• Upgrading symfony/yaml (v4.4.10 => v4.4.15)
• Upgrading twig/twig (v2.12.5 => v2.13.1)
• Upgrading webmozart/assert (1.9.0 => 1.9.1)

方針(Policy)

• composer 2.0 に対応する

実装に関する補足(Appendix)

composer 2.0 の使用方法

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php composer.phar selfupdate --preview
php composer.phar -V
Composer version 2.0.0-RC1 2020-09-10 15:39:45

• EC-CUBE4.0系のプラグインは、プラグインの composer.json を修正しないと動作しない
• 以下のパッケージは minimum-stability: dev にする必要がある
  • composer/composer 2.0@dev
  • friendsofphp/php-cs-fixer 2.17@dev
  • ec-cube/plugin-installer 2.0@dev

テスト（Test)

• composer1.10.13 及び composer2.0.0-RC1 で、 composer install が動作するのを確認
• ec-cube/plugin-installer が取り込まれれば、 GitHub Actions や travis-ci で動作確認可能 2.0ブランチに取り込んでいただきました
• mock-package-api で composer.json を改修したプラグインでインストール/有効化/無効化/アンインストール可能なのを確認

相談（Discussion）

• EC-CUBE4.0系向けのプラグインと、4.1系向けのプラグインの配布方法
  • composer.json の変更を package-api で吸収できればベスト
    • name をすべて小文字にする
    • PluginCode は大文字のままで問題ない
    • 4.0向けには plugin-installer "~0.0.6" を依存させる必要がある
    • 4.1向けには plugin-installer "^2.0@dev" を依存させる必要がある
    • 本体側の composer.json で plugin-installer: "~0.0.6 || ^2.0@dev" としておけばプラグイン側の記述は不要

マイナーバージョン互換性保持のための制限事項チェックリスト

• 既存機能の仕様変更
• フックポイントの呼び出しタイミングの変更
• フックポイントのパラメータの削除・データ型の変更
• twigファイルに渡しているパラメータの削除・データ型の変更
• Serviceクラスの公開関数の、引数の削除・データ型の変更
• 入出力ファイル(CSVなど)のフォーマット変更

レビュワー確認項目

• 動作確認
• コードレビュー
• E2E/Unit テスト確認(テストの追加・変更が必要かどうか)
• 互換性が保持されているか
• セキュリティ上の問題がないか

[nanasess]

別ブランチで検証中ですが、プラグインのアップデートがうまくいかない模様
https://github.com/nanasess/ec-cube/runs/1240767426?check_suite_focus=true#step:15:106

[nanasess]

プラグインのアップデートがうまくいかない模様

package-api の改修でアップデートの E2Eテストが通ることを確認。

[nanasess]

プラグインの依存関係をチェックする箇所で、本体側にも ec-cube/<PluginCode> を参照している箇所がいくつかあるので修正が必要そうです

[nanasess]

symfony/flex の依存関係の影響?で、 symfony-cmd が自動実行されない場合がある

php composer.phar --version
Composer version 2.0.0-RC2 2020-10-14 21:34:07

php composer.phar install

The "symfony/flex" plugin was skipped because it is not compatible with Composer 2+. Make sure to update it to version 1.9.8 or greater.
...snip
> symfony-cmd
sh: symfony-cmd: command not found
Script symfony-cmd handling the auto-scripts event returned with error code 127
Script @auto-scripts was called via post-install-cmd

[nanasess]

symfony/flex の依存関係の影響?で、 symfony-cmd が自動実行されない場合がある

これの模様
symfony/flex#693

[nanasess]

AppVeyor 落ちてますが、個人アカウントの方では通っているのでガチャだと思われます(僕の権限だと再実行できない

[okazy]

ありがとうございます。再実行しました。

[okazy]

テスト通りました！
ソースコードの変更内容も問題ありませんでした。

[okazy]

動作テストをしました。

• composer2.0で composer install が正常に完了し、EC-CUBEがインストールできることを確認しました。
• 爆速でプラグインのインストールができました。
• composer1.10とcomposer2.0RCの両方でEC-CUBEをインストールしてプラグインのインストールができることを確認しました。

**************** Horizon ****************
[11.5MiB/0.01s] <warning>Warning: Accessing 127.0.0.1 over http which is an insecure protocol.</warning>
[11.4MiB/0.02s] Using version ^1.0 for ec-cube/horizon
[11.4MiB/0.02s] ./composer.json has been updated
[14.9MiB/0.50s] Running composer update ec-cube/horizon --with-dependencies
[16.1MiB/0.51s] Loading composer repositories with package information
[16.3MiB/0.52s] Updating dependencies
[16.4MiB/0.52s] <warning>Warning: Accessing 127.0.0.1 over http which is an insecure protocol.</warning>
[16.4MiB/0.53s] <warning>Dependency "ec-cube/plugin-installer" is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies to include root dependencies.</warning>
[18.2MiB/0.57s] Lock file operations: 1 install, 0 updates, 0 removals
[18.2MiB/0.57s]   - Locking ec-cube/horizon (1.0.0)
[17.6MiB/0.58s] Writing lock file
[17.6MiB/0.58s] Installing dependencies from lock file (including require-dev)
[20.1MiB/0.58s] Package operations: 1 install, 0 updates, 0 removals
[20.1MiB/0.58s]   - Downloading ec-cube/horizon (1.0.0)
[20.1MiB/0.66s]   - Installing ec-cube/horizon (1.0.0): Extracting archive
[20.3MiB/0.75s] <warning>Package easycorp/easy-log-handler is abandoned, you should avoid using it. No replacement was suggested.</warning>
[20.3MiB/0.75s] <warning>Package setasign/fpdi-tcpdf is abandoned, you should avoid using it. No replacement was suggested.</warning>
[20.3MiB/0.75s] <warning>Package twig/extensions is abandoned, you should avoid using it. No replacement was suggested.</warning>
[20.3MiB/0.75s] <warning>Package zendframework/zend-code is abandoned, you should avoid using it. Use laminas/laminas-code instead.</warning>
[20.3MiB/0.75s] <warning>Package zendframework/zend-eventmanager is abandoned, you should avoid using it. Use laminas/laminas-eventmanager instead.</warning>
[20.3MiB/0.75s] <warning>Package facebook/webdriver is abandoned, you should avoid using it. Use php-webdriver/webdriver instead.</warning>
[20.3MiB/0.75s] <warning>Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.</warning>
[20.3MiB/0.75s] <warning>Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.</warning>
[20.3MiB/0.75s] Generating optimized autoload files
[23.0MiB/1.98s] <warning>Class Plugin\EntityExtension\Entity\CustomerSortNoTrait located in ./app/Plugin/EntityExtension/Entity/CustomerRankTrait.php does not comply with psr-4 autoloading standard. Skipping.</warning>
[21.8MiB/3.25s] 87 packages you are using are looking for funding.
[21.8MiB/3.25s] Use the `composer fund` command to find out more!
[21.8MiB/3.25s] Memory usage: 21.8MiB (peak: 32.08MiB), time: 3.25s

[okazy]

ありがとうございます！取り込みました。