Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update alert block for composer dependencies #435

Merged
merged 1 commit into from Jan 9, 2020

Conversation

@Quetzacoalt91
Copy link
Member

Quetzacoalt91 commented Jan 6, 2020

No description provided.

you have included production dependencies) so that they will be included in your module.
Composer is responsible in downloading your dependencies and generating the autoloader from the `composer.json`
& `composer.lock` in your source code. These two artifacts are needed by your module to work properly, so before
releasing it don't forget to run `composer dump-autoload -o --no-dev` to include your **production dependencies**

This comment has been minimized.

Copy link
@PierreRambaud

PierreRambaud Jan 6, 2020

Contributor
Suggested change
releasing it don't forget to run `composer dump-autoload -o --no-dev` to include your **production dependencies**
releasing it don't forget to run `composer dump-autoload -o --no-dev` to only include your **production dependencies**

This comment has been minimized.

Copy link
@Quetzacoalt91

Quetzacoalt91 Jan 6, 2020

Author Member

There is something weird about this only. I wrote it at the beginning but decided to remove it, it's like we add the prod dependencies but we forget all the rest

This comment has been minimized.

Copy link
@PierreRambaud

PierreRambaud Jan 7, 2020

Contributor
Suggested change
releasing it don't forget to run `composer dump-autoload -o --no-dev` to include your **production dependencies**
releasing it don't forget to run `composer dump-autoload -o --no-dev` to install your dependencies for a **production** environment

Maybe better? wdyt?

Composer is responsible in downloading your dependencies and generating the autoloader from the `composer.json`
& `composer.lock` in your source code. These two artifacts are needed by your module to work properly, so before
releasing it don't forget to run `composer dump-autoload -o --no-dev` to include your **production dependencies**
in the archive.

This comment has been minimized.

Copy link
@eternoendless

eternoendless Jan 7, 2020

Member

I think this notice is confusing.

Here's my suggestion:

{{% notice warning %}}
**Don't forget to include your vendor folder in your release package**
Composer is responsible for downloading your dependencies and creating the autoloader file that your module will need to work properly. Therefore, remember to run `composer dump-autoload -o --no-dev` before you create your package, and make sure you include the `vendor` directory in it.
{{% /notice %}}

{{% notice warning %}}
**Don't include development dependencies in your release package**
Development-only libraries like PHPUnit can pose a security threat in production environments. Make sure that these libraries are imported as "dev dependencies" (`require-dev`) so that they aren't included when you create your release package. If in doubt, **double-check that they aren't  in the `vendor` directory before creating your release package**.
{{% /notice %}}

This comment has been minimized.

Copy link
@Quetzacoalt91

Quetzacoalt91 Jan 8, 2020

Author Member

double-check that they aren't in the vendor directory before creating your release package

Should be before submitting or when creating don't you think?

@Quetzacoalt91 Quetzacoalt91 force-pushed the Quetzacoalt91:composer-no-dev branch from 40cd473 to deb30c9 Jan 8, 2020
@Quetzacoalt91

This comment has been minimized.

Copy link
Member Author

Quetzacoalt91 commented Jan 9, 2020

Doc updated with your recommandations

@eternoendless

This comment has been minimized.

Copy link
Member

eternoendless commented Jan 9, 2020

Thank you @Quetzacoalt91

@eternoendless eternoendless merged commit 189cc72 into PrestaShop:master Jan 9, 2020
1 check passed
1 check passed
Travis CI - Pull Request Build Passed
Details
@Quetzacoalt91 Quetzacoalt91 deleted the Quetzacoalt91:composer-no-dev branch Jan 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.