Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check missing required packages when running install and fail when there are any #11195

Merged
merged 3 commits into from
Dec 16, 2022
Merged

Check missing required packages when running install and fail when there are any #11195

merged 3 commits into from
Dec 16, 2022

Conversation

PrinsFrank
Copy link
Contributor

@PrinsFrank PrinsFrank commented Nov 23, 2022

In #9899 a check was added to the validate command to check if there are any required packages that are not locked. According to the discussion in #11154, the install command should also fail on this state. It doesn't seem there is currently any code present in the Installer that checks this, so I am adding it in this PR.

There are two things in here that I am not sure about:

  • The logic is used in the Validate and Installer, so I moved it to a more generic place. I decided on the locker as the correct place, do you agree?
  • The 'validate' command fails on missing locked packages in the require and require-dev section. But the installer can be run with the flag 'no-dev'. In the current implementation there are no errors displayed when running with that flag even when there are packages in de dev section that are not locked. Is that desired behaviour or should I also return errors there?

@Seldaek
Copy link
Member

Seldaek commented Dec 16, 2022

Implementation looks reasonable and good to me, thanks!

@Seldaek Seldaek added this to the 2.5 milestone Dec 16, 2022
@Seldaek Seldaek merged commit 6d1b36b into composer:main Dec 16, 2022
@PrinsFrank PrinsFrank deleted the check-missing-required-packages-when-running-install branch December 19, 2022 19:03
@rarkins
Copy link

rarkins commented Dec 21, 2022

FYI this change broke some Renovate Bot users, I have created an issue: #11232

@nickygerritsen
Copy link

We have a scenario which breaks with this new check: we have a composer script that modifies versions when we are on a develop branch: on main we set the version to (for example) 1.0.0 but on develop we want to automatically use develop to keep developing. We created a Composer plugin for this.

However, during deploy we run composer install --no-scripts because we do not want to run any OTHER scripts (like running migrations via post-install-cmd). However, now the version in the '.json' does not match the .lock anymore.

Are we just doing something that is not supported or should there be a way to allow this?

@Seldaek
Copy link
Member

Seldaek commented Dec 22, 2022

@nickygerritsen that sounds like an edge case that we don't necessarily want to cover, but maybe we can help figure out a solution. I'd suggest you open a new issue tho to avoid spamming everyone here, and please add a bit more details as to what you do, I don't yet exactly understand the develop/main/1.0.0 and where they fit in your workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants