New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
install should have a --prune flag #3751
Comments
How about you just run |
The problem is that it's something that I want to be automatic and not requiring human interaction. Here's the flow where I encountered this problem: we have a githook to do a composer install on checkout. I want updates to be an intentional process and the composer.lock is added to to the repo so the install will just install what is needed based on the composer.lock. If I have different dependencies on different branches switching branches will ensure I have what is listed in the composer.lock but it won't delete extra things. I don't want each developer to have to run a compose update of the delete packages and don't want to complicate the process to create a log of things that should get deleted and manage that myself - I think the package manager should do it. In the dev environment it causes extra files to sit around - and might cause problems by leaving files in the autoinclude path that I'm not expecting. Eg, lets say I'm migrating from code AAA to CCC - but I still have some references to AAA in my code. The testing server wouldn't detect the failure it should because the code would still be in the vendor directory and loaded. It's also bad because in my live rollout code I'll still be rsyncing the unused files. There may be workarounds - but they are not elegant and I really shouldn't have to do it. I think what I'm suggesting is a reasonable feature of a good package management system. The .lock files is a great feature of composer and there should just be someway to enforce it. |
Good luck with that. |
For those that are desperate, I posted a workaround http://stackoverflow.com/questions/26930816/how-to-remove-unused-dependencies-from-composer |
I think the main problem is that there is no way to fully automate this. Install behaves differently depending on the availability of a .lock file or not. Update updates everything unless you specifically pass in a whitelist of packages. Regarding cleanup:
I think what you're asking for, is a check in the install flow, that determines if there is a vendor directory already or not, and if so, cleans it up while installing specific versions. I'm not sure how it could properly do that though, other than just removing everything and installing only what is required (which could make the install procedure quite lengthy unnecessarily). I know there is also an installed.json in the vendor directory ( |
What about this. After the current flow for a composer install finishes, a What do you think - do you see any issues with this approach? |
Honestly I am not sure. I never encountered this use-case myself yet (something similar, but not the same, and
|
I'm also not sure what the whole issue is.
It cleaned up exactly as expected:
So what does it not clean up according to you? Did I not reproduce the scenario properly? If you have a way for me to reproduce the scenario step by step that would be immensely useful. It looks to me like a git hook that runs |
ok - pretty strange. I was doing this yesterday and it wasn't working like this. I guess in this universe everything works as requested. looks like |
Not sure I understand what you mean by that... Does it work now? Does it behave differently than before? Did this resolve your issue? I'm confused :-( |
Sorry - I'm also confused. But it's working now as far as I can tell. I'm moving between branches with different dependencies and it seems to be updating and deleting properly. I'm not sure what was happening before (hence the reference to parallel universes). |
Well, should you run into a situation that does not behave as expected, feel free to reopen or reply to this thread again. |
Back - there is a problem. I was changing the major dependencies and that is updating properly (which I don't think was happening for me yesterday.. not sure.) But what's still not working, I just wasn't paying attention, is that when I have sub-dependencies and I remove the package, they are not removed. Here's the flow to see the problem: at this point all the dependencies from the elasticsearch are still there, but I don't want them. Moreover, the composer.lock also has the references. So a composer install won't help. And I don't want to do a composer update because I don't want to update the packages I am using. I could manually do a composer remove on all the packages, but that's not nice - I didn't even ask for those packages. I installed elasticsearch and I now have to figure out which package are using what's left and which I can delete. So this is the use case and I don't know how this can't be happening to everyone all the time that is removing packages. Perhaps people are comfortable updating or specify more specific version - but I think I should be able to remove a package and the dependencies with it without upgrading my other packages. The implementation is a little more complicated than I originally suggested, but not terribly so. I'll post it in another comment. |
It's really not complicated.. There are two arrays - the requirements in the composer.json and the packages in composer.lock. Inside each package in the composer.lock, there are the dependencies for that. You have a function to find all the dependencies of a package that are listed in the composed.lock. the pseudo-code looks like
The top look using the composer.json for the packages and then you then find all the require dependencies from there. Anything that is no longer required will not make it in the final list. If you write this back to the composer.lock and do a composer install, it seems it will delete the extra packages for you. The whole problem is that the composer.lock contains references that are not needed. let me know if that makes sense. |
If you run
|
ok then - seems like that would work. sorry for the trouble and thanks for the lesson. |
/cc @Seldaek any idea why this isn't default behaviour by the way? Edit: the above example, specifically the |
@alcohol whitelisting dependencies used to be the default for partial updates (
Regarding this old comment for you, there is nothing like "install from scratch". If there is no lock file, |
I'm having this problem myself. In this case, we have The only workaround I've found is to delete the whole |
@charlieman you don't need to remove the vendor folder. You only have to run
|
If I remove dependencies from my composer.json file, the only way (I know of) to actually get those removed from my vendor directory is to do a composer update. This will also update my versions to the latest matching version, which is not necessarily what I was trying to do.
Eg, If I have two packages
and I am currently at version 1.0 of
AAA/aaa
and they released 1.1, but I'm not looking to upgrade because I need to run my tests, etc...when I delete
BBB/bbb
and want to remove it from my vendor (because it something like a geoip database that's 50MB) - I'll automatically be upgraded to 1.1, which I don't want.What I want is to be able to run a
composer install --prune
which will go through the dependencies in composer.json and install the specific versions mentioned in composer.lock (if they exist), install appropriate versions if they don't exist, and remove any irrelevant packages from vendor and composer.lock that do not match a dependency in composer.jsonThe text was updated successfully, but these errors were encountered: