-
-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
phpPackages.composer: 2.6.6 -> 2.7.1 #288574
Conversation
@ofborg build phpPackages.composer |
Upgrade to the 2.7.x branch needs some work (see NixOS#288574), let's patch the security issue in the meantime.
Upgrade to the 2.7.x branch needs some work (see NixOS#288574), let's patch the security issue in the meantime.
6d34f8c
to
094600f
Compare
Removing the security flag on this one since we patched the security issue in #288858 |
ddb6bf6
to
0487236
Compare
@ofborg build phpPackages.composer phpPackages.psalm phpunit (just to show that there's no need to update derivation hashes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems to break snipe-it
, the composer validate
does not succeed (it is fine on master
).
Executing composerInstallCheckHook
./composer.json is valid but your composer.lock has some errors
# Lock file errors
- The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update` or `composer update <package name>`.
ERROR: composer files validation failed
The validation of the composer.json and composer.lock failed.
Make sure that the file composer.lock is consistent with composer.json.
Result of nixpkgs-review pr 288574
run on x86_64-linux 1
1 package failed to build:
- snipe-it
61 packages built:
- adminer
- bookstack
- composer-require-checker
- librenms
- movim
- n98-magerun
- n98-magerun2
- paratest
- pdepend
- pest
- phel
- php81Packages.box (php82Packages.box ,php83Packages.box)
- php81Packages.castor
- php81Packages.composer
- php81Packages.deployer
- php81Packages.grumphp
- php81Packages.phan
- php81Packages.phing
- php81Packages.phive
- php81Packages.php-codesniffer
- php81Packages.php-cs-fixer
- php81Packages.php-parallel-lint
- php81Packages.phpmd
- php81Packages.phpstan
- php81Packages.psalm
- php81Packages.psysh
- php82Packages.castor
- php82Packages.composer
- php82Packages.deployer
- php82Packages.grumphp
- php82Packages.phan
- php82Packages.phing
- php82Packages.phive
- php82Packages.php-codesniffer
- php82Packages.php-cs-fixer
- php82Packages.php-parallel-lint
- php82Packages.phpmd
- php82Packages.phpstan
- php82Packages.psalm
- php82Packages.psysh
- php83Packages.castor
- php83Packages.composer
- php83Packages.deployer
- php83Packages.grumphp
- php83Packages.phan
- php83Packages.phing
- php83Packages.phive
- php83Packages.php-codesniffer
- php83Packages.php-cs-fixer
- php83Packages.php-parallel-lint
- php83Packages.phpmd
- php83Packages.phpstan
- php83Packages.psalm
- php83Packages.psysh
- phpactor
- phpdocumentor
- phpunit
- pixelfed
- platformsh
- robo
- vimPlugins.phpactor
d6b31cf
to
d61e0f3
Compare
d61e0f3
to
bc627a6
Compare
@ofborg build phpPackages.psalm phpunit snipe-it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, waiting on CI checks before merging just in case.
Result of nixpkgs-review pr 288574
run on x86_64-linux 1
62 packages built:
- adminer
- bookstack
- composer-require-checker
- librenms
- movim
- n98-magerun
- n98-magerun2
- paratest
- pdepend
- pest
- phel
- php81Packages.box (php82Packages.box ,php83Packages.box)
- php81Packages.castor
- php81Packages.composer
- php81Packages.deployer
- php81Packages.grumphp
- php81Packages.phan
- php81Packages.phing
- php81Packages.phive
- php81Packages.php-codesniffer
- php81Packages.php-cs-fixer
- php81Packages.php-parallel-lint
- php81Packages.phpmd
- php81Packages.phpstan
- php81Packages.psalm
- php81Packages.psysh
- php82Packages.castor
- php82Packages.composer
- php82Packages.deployer
- php82Packages.grumphp
- php82Packages.phan
- php82Packages.phing
- php82Packages.phive
- php82Packages.php-codesniffer
- php82Packages.php-cs-fixer
- php82Packages.php-parallel-lint
- php82Packages.phpmd
- php82Packages.phpstan
- php82Packages.psalm
- php82Packages.psysh
- php83Packages.castor
- php83Packages.composer
- php83Packages.deployer
- php83Packages.grumphp
- php83Packages.phan
- php83Packages.phing
- php83Packages.phive
- php83Packages.php-codesniffer
- php83Packages.php-cs-fixer
- php83Packages.php-parallel-lint
- php83Packages.phpmd
- php83Packages.phpstan
- php83Packages.psalm
- php83Packages.psysh
- phpactor
- phpdocumentor
- phpunit
- pixelfed
- platformsh
- robo
- snipe-it
- vimPlugins.phpactor
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin release-23.11
git worktree add -d .worktree/backport-288574-to-release-23.11 origin/release-23.11
cd .worktree/backport-288574-to-release-23.11
git switch --create backport-288574-to-release-23.11
git cherry-pick -x 39502e7aa718377973117333caeafa38f5108ae8 cf9e77ef8e6c7b903c7dd5b37d3753c65b3c6a13 bc627a6acad591f05e8b879a9388137859e10855 |
echo -e '\e[33mMake sure that the file composer.lock is consistent with composer.json.\e[0m' | ||
echo | ||
echo -e '\e[33mThis check is not blocking, but it is recommended to fix the issue.\e[0m' | ||
echo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO a better way would be to run composer validate
, and if it fails run it again with --no-check-lock
and if that passes then you know for sure the error was the lock file outdated, and you can output this msg. If it's not that then I'd probably fail hard.
Because there are many other reasons this could fail, and the messages above only suggest it is about the lock file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Diff: https://github.com/composer/composer/compare/2.6.6..2.7.1
Changelog: https://github.com/composer/composer/releases/tag/2.7.1
Encountering issues with the Composer plugin (https://github.com/nix-community/composer-local-repo-plugin, version 1.0.3) while using Composer 2.7, I opened an issue at composer/composer#11850. Today, I had a meeting with @Seldaek, he proposed a better idea for the plugin's functionality. Rather than generating a
packages.json
file, the suggestion was to create an updatedcomposer.lock
file.And indeed, this approach has proven to be highly effective, streamlining the Composer builder's process and enhancing its comprehensibility.
Description of changes
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 馃憤 reaction to pull requests you find important.