New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plugins fail on non-interactive composer create-project #10928
Comments
After the new composer version is released, I have the same problem with each of our Sylius plugins in github actions:
Adding allow-plugins in composer.json like that does not solve the problem:
|
@davidwindell if the magento skeleton includes some plugins by default, it should probably configure them as allowed or no in the skeleton, to simplify the experience of new users (see symfony/skeleton#201 for the example about the Symfony skeleton). Otherwise, it forces to create the project with |
I guess we've no way to address this then as I can't see us being able to influence Magento's skeleton right now. The best workaround I could come up with for now was to create a temporary |
The Magento skeleton file got already updated by magento/magento2#34873 But @stof's workaround is probably going to work:
|
We're getting the same issue
Adding
Composer version 2.3.7 was working fine - 2.3.9 (maybe 8 too don't know) broke this behavior. |
For a plugin installed globally, you must configure it as allowed or no in the global composer config, not in the local config. |
Hi stof, we tried reverting back to 2.3.7 but had troubles doing that - running the command |
Having the same issue adding it to the root composer.json file in the allowed plugins keeps erroring on the same thing. Devdocs say add magento/* but the module its complaining about is a magento module. Even adding that package to the composer.json it still complains. What is your workaround @Wotuu ? Thanks! |
Yeah, I found the same, no matter what global config allows I set it still wouldn't install non-interactively. |
I dont know if this is helpful or not but I had a vanilla project with composer/composer 2.2.13 that I could accomplish my cloud docker generation it wouldn't error out but couldn't accomplish this on my current code base I would get that error. Looking at it my current code base composer/compose was set to 2.2.16. After updating the composer/composer to 2.2.16 on my vanilla project this same issue fails on this |
This is caused by the July 2022 enforced plugin changes (regardless of
version).
…On Thu, 7 Jul 2022, 19:27 birdman002, ***@***.***> wrote:
I dont know if this is helpful or not but I had a vanilla project with
composer/composer 2.2.13 that I could accomplish my cloud docker generation
it wouldn't error out but couldn't accomplish this on my current code base
I would get that error. Looking at it my current code base composer/compose
was set to 2.2.16. After updating the composer/composer to 2.2.16 on my
vanilla project this same issue fails on this
—
Reply to this email directly, view it on GitHub
<#10928 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAND6GRXQCNGI4TPF6PHFODVS4OSZANCNFSM522ZLOFA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
you can add |
This is what worked for my docker build
|
We have the same issue in the n98-magerun2 build pipeline. Seems that our install command is now broken. In the background we run |
This composer shit fucks up. Why do they have to change something nobody asked for. |
the documentation on https://getcomposer.org/doc/06-config.md#allow-plugins conflicts with actual behaviour. The documentation says it will warn on seeing a new plugin, instead it fatally errors
|
We're having quite a similar issue with command
on Composer 2.3.7 - worked fine ✅ After updating to 2.3.9 - it started to fail: ❌ Looks like adding Looks like the changes were caused by #10920. I would prefer to revert these changes in the 2.3.x line and add to 2.4, or even in 3.0. |
3.0 rather than 2.4, as a BC break, and that's whats made it different from the documentation. |
With |
Hi @Seldaek, |
For the people having trouble with setting up Magento using $ composer create-project --no-install --repository-url=https://repo.magento.com/ magento/project-community-edition=2.4.3-p2 .
$ composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
$ composer config allow-plugins.laminas/laminas-dependency-plugin true
$ composer config allow-plugins.magento/* true
$ composer install The trick lies in the I don't have anything against this new behavior of composer, since it was announced at least half a year before it changed. |
I was aware of this but this requires some rewrites in n98-magerun2 install command. Nevertheless, it seems that this is now the new default behavior which makes the world a bit more complex if we need to install a older version. |
Surely |
Yes and no. If the project does not ship with a lock file you are doing a composer update and getting latest dependencies. If something got compromised in the meantime and a plugin was added that shouldn't be there then suddenly you are executing code during composer install that wasn't expected. If the project is shipping a lock file, and the lock file is older than Composer 2.2.0 then as of the last releases we allow plugins to run for BC. If the lock file is newer, the project really should have been paying attention to warnings and added the appropriate allow-plugins config. It's unfortunate that Magento (as usual I'd say..) lagged behind, they somehow insist on using outdated Composer versions and thus tend to cause pain for their users. I don't think we should compromise the whole ecosystem's safety because some project refuses to take dependency management seriously. |
Also, they could include their list of allowed plugins in their project skeleton to fix that for their user for the plugins intended to be included by default. That's what other projects have done. And Magento even did that for their upcoming version. But they haven't applied it to the skeletons for their stable versions (see the comment above at #10928 (comment)). |
…tible with the current Composer version, refs #10928
For people having issues with hirak/prestissimo, I would recommend you remove it ( That said, it is a regression that it fails on this plugin as it should simply be skipped on Composer 2. I have fixed that now in 8323e85 |
Some of the create-project issues which happened only when running composer in an existing project's dir are resolved by 75ef490 - please try with The issue where the project created requires plugins itself and does not declare allow-plugins however is not fixed as per my comment above. I'll try to get a release out tomorrow with this and a few more fixes. |
Added a hint in 336a0d2 to suggest the workaround, and added the workaround to the OP here as well to help anyone googling to hopefully find the solution quickly. Closing this issue now as I don't see what else we can do. If someone still has unexpected behavior please report a new issue. BTW 2.3.10 is now released with all the above fixes. |
Workaround and solution:
The root cause here is that the project's composer.json does not contain the required
allow-plugins
configuration to match the plugins it requires.The trick to workaround this is to use
--no-install
withcreate-project
so that the project dependencies (and the plugins) do not get installed yet. That then lets you run thecomposer config
command to configureallow-plugins
, and finally you can runcomposer install
to complete the install of dependencies.This could look something like this:
Original issue below
I can no longer install Magento with
composer create-project --no-interaction
. I see this is caused by the July 2022 change.The command I run to install it is:
Leads to:
How can I use this command in a Docker build?
The text was updated successfully, but these errors were encountered: