-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checking packages from custom repositories is very slow #11648
Comments
From a cursory look, it seems this isn't anything to do with the repository set-up, but instead is due to the dependency tree for each package. app@230ffa95c90a:~/html$ composer show -vvva composer/xdebug-handler 2>&1 | grep -F '] https://repo.packagist.org/'
[304] https://repo.packagist.org/packages.json
[304] https://repo.packagist.org/p2/composer/xdebug-handler.json
[304] https://repo.packagist.org/p2/composer/xdebug-handler~dev.json
[304] https://repo.packagist.org/p2/psr/log.json
[304] https://repo.packagist.org/p2/composer/pcre.json
[304] https://repo.packagist.org/p2/psr/log~dev.json
[304] https://repo.packagist.org/p2/composer/pcre~dev.json
app@230ffa95c90a:~/html$ composer show -vvva psr/log 2>&1 | grep -F '] https://repo.packagist.org/'
[304] https://repo.packagist.org/packages.json
[304] https://repo.packagist.org/p2/psr/log.json
[304] https://repo.packagist.org/p2/psr/log~dev.json
app@230ffa95c90a:~/html$ composer show -vvva composer/pcre 2>&1 | grep -F '] https://repo.packagist.org/'
[304] https://repo.packagist.org/packages.json
[304] https://repo.packagist.org/p2/composer/pcre.json
[304] https://repo.packagist.org/p2/composer/pcre~dev.json
app@230ffa95c90a:~/html$ jq < vendor/composer/xdebug-handler/composer.json .require
{
"php": "^7.2.5 || ^8.0",
"psr/log": "^1 || ^2 || ^3",
"composer/pcre": "^1 || ^2 || ^3"
}
app@230ffa95c90a:~/html$ |
The composer metadata loading involves 1 request per package to load the metadata about its releases (and a second one to load the branches in case you have However, it looks weird to me that |
Yeah i need to check why we do this. It might be to be able to reference packages by the name they replace/provide too, but I'm not sure off the top of my head. Definitely should be able to optimize the common case here as this does seem wasteful |
I've checked this one more time and I don't think it's related to use of the custom packagist repository, but probably to the dependency tree of the certain dependency. Any way to optimize that ? |
PS It's obviously out of Composer's scope, but I think this is the code that checks for updates: https://github.com/dependabot/dependabot-core/blob/main/composer/helpers/v2/src/UpdateChecker.php Any suggestion here for optimization? |
Well, this logic in dependabot runs the installer. So it is indeed a different topic than this issue which is about |
See #11659 |
Basically, when a package is not available in the main packagist.org repo Composer does a lot (really a lot) of network requests, which are cacheable and 304, which is OK locally.
But this nuance creates a lot of overhead leading to a very slow Dependabot runs, which in the end just time out
My
composer.json
:Output of
composer diagnose
:When I run this command:
I get the following output (redacted to leave only network):
but when I run
I get the following output (redacted to leave only network):
See the attached log file: composer.log
There are literally ~60x more lines (and more network and cache readings)
The text was updated successfully, but these errors were encountered: