[Packagist] dependency version #8371
Conversation
…dencyVendor and dependencyRepo
|
|
This pull request introduces 1 alert when merging 623b442 into b624179 - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging fd96f9e into b624179 - view on LGTM.com new alerts:
|
PaulaBarszcz
changed the title
|
This PR is ready to be reviewed :) |
calebcartwright
added
the
service-badge
|
Thanks for picking this one up. I'm just having a look through this, and it seems to me like given the "require": {
"php": ">=8.1",
"composer-runtime-api": ">=2.1",
"ext-xml": "*",
"friendsofphp/proxy-manager-lts": "^1.0.2",
"doctrine/event-manager": "~1.0",
"doctrine/persistence": "^2|^3",
"twig/twig": "^2.13|^3.0.4",
"psr/cache": "^2.0|^3.0",
"psr/container": "^1.1|^2.0",
"psr/event-dispatcher": "^1.0",
"psr/link": "^1.1|^2.0",
"psr/log": "^1|^2|^3",
"symfony/contracts": "^2.5|^3.0",
"symfony/polyfill-ctype": "~1.8",
"symfony/polyfill-intl-grapheme": "~1.0",
"symfony/polyfill-intl-icu": "~1.0",
"symfony/polyfill-intl-idn": "^1.10",
"symfony/polyfill-intl-normalizer": "~1.0",
"symfony/polyfill-mbstring": "~1.0",
"symfony/polyfill-uuid": "^1.15"
}the distinction between a "packagist PHP version" badge ( i.e: if we've got a badge where we can use that data structure to show the version of I can also see that in that case things are a bit fiddly because of maintaining compatibility with the current URL structure, but I think I can see where I think we should go with this to streamline things a bit. I just want to check that assumption before I start making suggestions - you've probably spent more time thinking about this lately than I have. |
Yes, |
There was a problem hiding this comment.
I modified a regex in services/test-validators for checking the dependecy’s version so that it would accept also 2 options present in the response from packagist’s API.
An asterisk and 2 alternative versions (separated by a single |):
I checked with https://regexr.com/ to confirm that the previously accepted strings are still valid.
Edit: only now did I notice that I have to check also if these also pass the regex validation check (three option separated by a single pipe; version number starting with a ~):
psr/log": "^1|^2|^3",
symfony/polyfill-intl-grapheme": "~1.0",Edit2:
I confirmed that all of these pass the regex validation:
https://regexr.com/
Expression:
\*|(\s*(>=|>|<|<=|!=|\^|~)?\d+(\.(\*|(\d+(\.(\d+|\*))?)))?((\s*\|*)?\s*(>=|>|<|<=|!=|\^|~)?\d+(\.(\*|(\d+(\.(\d+|\*))?)))?)*\s*)
~1.28|~2.0
7.* || 5.6.*
7.1
>=5.6
>1.0 <2.0
!=1.0 <1.1 || >=1.2
7.1.*
7.* || 5.6.*
*
^1|^2|^3
~1.0
OK cool. I think we can usefully tidy up and reduce some duplication here then :) In terms of the URL schema for the new packagist dependency version badge we've got a few requirements:
so here's my suggestion:
There are lots of places where we have replaced an old route with a redirect to a new one you can refer to, but here is one example. https://github.com/badges/shields/blob/master/services/pypi/pypi-django-versions.service.js |
…/php-v redirects to the new url
|
I added http://localhost:8080/packagist/dependency-v/symfony/symfony/PHP Now we're good both with http://localhost:8080/packagist/dependency-v/symfony/symfony/PHP |
|
@chris48s |
| throw new NotFound({ prettyMessage: 'version requirement not found' }) | ||
| } | ||
|
|
||
| const depLowerCase = dependency.toLowerCase() |
There was a problem hiding this comment.
Are we sure no packagist vendor name, package name or extension name can contain an upper-case character?
There was a problem hiding this comment.
Good question - I don’t think we can be sure of that.
Should i remove the above line?
It would then have issues with querries containing capital letters
(#8371 (comment))
We can do one of the following:
- first check if there is a position in the response in ‚require’ section that contains directly the dependecy’s name (with capital letters)
and if not, transform the queried dependency’s name to lowercase and repeat the comparison - transform every dependency’s name from the reeponse to lowercase - and compare with lowercase depemdency’s name from the query.
What would be your preference?
There was a problem hiding this comment.
I modified it, now it looks like this - is it fine?
// All dependencies' names in the 'require' section from the response should be lowercase,
// so that we can compare lowercase name of the dependency given via url by the user.
Object.keys(packageVersion.require).forEach(dependency => {
packageVersion.require[dependency.toLowerCase()] =
packageVersion.require[dependency]
})
const depLowerCase = dependency.toLowerCase()
if (!packageVersion.require[depLowerCase]) {
throw new NotFound({ prettyMessage: 'version requirement not found' })
}
return { dependencyVersion: packageVersion.require[depLowerCase] }| t.create( | ||
| `gets the package version of symfony 5.2.3 - incorrectly with missing part of dependency's name` | ||
| ) | ||
| .get('/symfony/symfony/twig.json') | ||
| .expectBadge({ | ||
| label: 'dependency version', | ||
| message: 'version requirement not found', | ||
| }) |
There was a problem hiding this comment.
In general, the naming of tests in this file is a bit jumbled. For example, this one is called gets the package version of symfony 5.2.3... but you're not passing ?version=5.2.3. There's another one further down with the same problem that I've suggested deleting as a duplicate. Then you've got another one further up where you're actually explicitly passing ?version=v3.2.8 in the URL but the test name is just "gets the package version of symfony...", and so on.
Can you have a look over the tests and make sure:
- you're passing the
?version=param when that is actually part of the test, and leave it out if it doesn't make any difference to the test - if you want to explicitly describe the test params in the name of the test, make sure the test names and the params in the test body match up consistently.
That said, I know the number of cases we need to cover is now a bit larger and naming things is hard, but if you look at the test names that are deleted elsewhere in this PR (e.g: "invalid package name", "invalid version", "custom server", "invalid custom server", etc) those test names are actually pretty good. They explain what we are actually trying to test (i.e: what behaviour are we trying to trigger by providing these inputs, and what are we making an assertion about) rather than describing all of the inputs in each test. You might get more mileage out of just simplifying the test names a bit. I'll leave it with you to have a think about it.
There was a problem hiding this comment.
I removed the version query param, where it was not needed.
I modified the tests' names, I hope that now they are ok.
PaulaBarszcz
changed the title
|
Suggested changes were implemented. This PR is ready to be re-reviewed. |
PaulaBarszcz
changed the title
|
I'm just having a look over the tests in There's the case where the shields/services/packagist/packagist-php-version.spec.js Lines 36 to 52 in e3c938b and the case where the shields/services/packagist/packagist-php-version.spec.js Lines 63 to 80 in e3c938b #7779 gives a good example of a response including both the missing and The packagist API has some surprising behaviours and edge cases. Most of this is handled by calling |
You're right:) |
There was a problem hiding this comment.
Nearly done. There is one final thing to get this over the line: In a6fd477 the captions and version are the wrong way round: v2.5.0 is the __unset case and v2.4.0 is the missing case. I've suggested 2 corrections to make the inputs match the descriptions.
| { | ||
| version: 'v2.5.0', | ||
| require: '__unset', | ||
| }, | ||
| { | ||
| version: 'v2.4.0', | ||
| }, |
There was a problem hiding this comment.
I was initially confused by this, but I see what you did with the ordering to fit all 3 cases into a single input.
Co-authored-by: chris48s <chris48s@users.noreply.github.com>
Co-authored-by: chris48s <chris48s@users.noreply.github.com>
Thanks for spotting this, you’re right 😅 Committed. |
[Updated description]
Related to: #6963
We can check the dependencies' versions against the
requiresection of https://packagist.org/p2/symfony/symfony.jsonBelow are some badge screenshots for a couple of scenarios.
php.For the php case, I added a redirect from an old endpoint (
packagist-php-version.service.js), as @chris48s advised:http://localhost:8080/packagist/php-v/symfony/symfony/v3.2.8?server=https://packagist.org =>
http://localhost:8080/packagist/dependency-v/symfony/symfony/php.svg?server=https%3A%2F%2Fpackagist.org&version=v3.2.8
twig/twig.http://localhost:8080/packagist/dependency-v/symfony/symfony/twig/twig
http://localhost:8080/packagist/dependency-v/symfony/symfony/twiiiiiig/twig
http://localhost:8080/packagist/dependency-v/symfony/symfony/symfony/contracts
http://localhost:8080/packagist/dependency-v/symfony/symfony/ext-xml
http://localhost:8080/packagist/dependency-v/symfony/symfony/twig/twig?version=v3.2.8
http://localhost:8080/packagist/dependency-v/symfony/symfony/twig/twig?version=v3.2.8000
http://localhost:8080/packagist/dependency-v/symfony/symfony/twig/twig?version=v3.2.8&server=https://packagist.org
http://localhost:8080/packagist/dependency-v/symfony/symfony/twig/twig?version=v3.2.8&server=https://packagiiiist.org
http://localhost:8080/packagist/dependency-v/symfony/symfony/