New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding plugin version fetching proposal #30
Conversation
Hey Richard, Good looking proposal! If implemented well and adopted by our plugin developers, I definitely see the value this provides. Things I like:
Some cons
Few questions:
Other thoughts
I think this could provide many benefits for cordova and the ecosystem. If we are still planning on trying to get cordova 6 out asap (next week), I don't think this is going to make the cut (especially considering testing time and updating all of the plugins). But it would be a really great goal for cordova 7 ;). This could easily work with the other pinning proposal as well. In your pseudocode where you grab latest if |
Chatted with @purplecabbage a bit. For the usecase where the latest release of the plugin specifies I'd hate to see a plugin use a maximum top range and then we release a new version of cordova and the plugin fails to install due to engine failure even though the plugin would still work. |
Thanks for the review Steve! Here are some responses to your questions:
I agree that this requires comprehensive documentation before implementation, I just wanted to get the idea up here for discussion first. Moving the engine tag to plugin.xml makes sense to me as well (no need to have it in two places!). This is definitely compatible with plugins pinned in cordova-lib. We just need to make sure that we don't leave out third party plugins in whatever we do. |
Just adding my two cents here. @stevengill: automatically updating to major versions is not very stable practice, but if it's required just using a range or Also @stevengill, I'm personally not a huge fan of putting dependencies in cordova-lib (I missed expressing this when the earlier proposal came out, sorry!) because the dependencies are of plugins on platforms, not the other way around. It feels like an antipattern to encode dependents in the thing they depend on, and as a result it also misses third-party plugins. About both of these things (tools pinning plugins and plugins pinning platforms) coexisting: I think it would be best to go with only one of them since maintaining both is more error-prone. |
Glad you agree with moving engine tag from plugin.xml to package.json! |
@stevengill: I posted a comment between Richard's last comment and your last comment. Any thoughts? |
@stevengill Ping. |
@stevengill after talking with @dblotsky and others, I have to agree that pinning plugins in two places (cordova-lib and the plugins themselves) is just creating more maintenance and opportunities for things to go out of sync. I'd rather these dependencies live in one place. Should we hold on releasing that feature in Cordova 6.0? |
The whole point of pinning plugins was to add some stability to the cordova ecosystem. This was all discussed at the f2f fairly in-depth. The main point of pinning plugins is to say to our users "Look we tested this version of the CLI with these platforms and these plugins. We can guarantee that they work together." It is that simple. Yes, pinning plugins does not provide a solution for 3rd party plugins. It was only ever meant to add stability for our core plugins. We could theoretically pin popular third party plugins as well, but I'd prefer not to go down this route. Once again, I really like the above proposal by @riknoll. I think we have some details to figure out still but it looks very promising. It is however going to be way more work and I bet more error prone (core and third party plugins not being updated fast enough)(we do a plugins update and now devs in teams using cordova have could have different versions of plugins in their projects depending on when they restored/added plugins). I don't think you have fully thought out all of the use cases these changes can affect. We only update the pinned plugins when we do a plugins release. When it is time to do a tools release, we run mobile spec with released platforms and released plugins. At the time of release, all of these should be pinned. I don't think it adds much complexity or opportunities to go out of sync. In fact, I'd argue it is more stable as it is exactly what we tested when releasing. At release time for tools, a plugin must support the versions of platforms pinned to the tools. If not, how is that plugin ever going to work. Our tools don't support installing two different versions of a plugin in one cordova project. If you have a cordova project with ios@3.9.2 and android@4.0.0, then the plugins you install need to support both. If file@3 supports ios@3.9.2 but doesn't support android@4.0.0, but file@4 supports android@4.0.0 but not ios@3.9.2, we can't release that combination! So at release time, it is our opportunity to confirm that what is released works well together. If not, we need to either update the pinned platform, or update the plugin. (The above proposal doesn't seem to handle this case either.) @dblotsky I wouldn't look at pinned platforms and plugins as dependencies. It is incredibly easy to change what version of platforms and plugins to add. Our original versioning and releasing strategy which we have been following for 2+ years made it clear that major jump in platforms != major jump in tools. This is what we have been doing for quite a while now. I was one of the main supporters that CLI version not be tied to platform versions. That CLI be able to work with any version of platforms if we can help it. We have had many versions of the cli that worked with past and future versions of platforms and plugins. We have done a pretty decent job of making changes backwards compatible. Issue is that we never had the man/machine power to go back and test. I can't say if cordova@3.1 works with android@4. To properly use engine tag would require us to test older versions with newer versions and vice versa. This has caused SOOOOO MUCH confusion for cordova developers. We are at a point where developers are afraid to update. Developer teams end up getting different versions of different things when they want to work on the same project. This is leading them to check in plugins and platforms into github. This is what has finally led to the current versioning strategy. Which is major change in platform == major change in tools. Platforms are essentially tied to tools now. This doesn't mean tools don't support other versions of platforms. This is ugly because it isn't proper semver. But we tried proper semver for the last 2 years and it isn't working for us. We are essentially still doing semver except for the exception when a platform does a major change. When our users think of the version of cordova, they think of the version of cordova-cli. They don't think about the version of cordova-android, cordova-ios, etc. They see it as one. We release it as one. The version of cordova has to reflect runtime changes for platforms for our users benefit. Most times, a major runtime change includes changes to cordova-lib that it requires to function properly. It was agreed at the F2F that cordova needs to focus on stability. This is the first major step towards that. Future releases of tools will no longer grab the latest by default. They will only grab what has been tested with them and the platforms they have pinned. We can revisit removing pinned dependencies once this proposal is implemented, tested, plugins updated, 3rd party plugin developers notified and updated, and documentation is ready. Not to mention the ironing it out it still needs in terms of use-cases for teams. I like the potential of the proposal, but am very worried about how it will do in real life projects and how much of a maintenance burden it will add for cordova committers. Cordova community has definitely had issues in the past with new features added in and then abandoned once committing companies move on. As you can see, we have a lot of work to do. This is not something that should hold back cordova-6.0.0. Sorry for diving into the platform versioning too. I know @dblotsky posted to the list about dependency hell, I just thought it made more sense to respond to those queries here as they are related. |
It is very important for us to keep progressing and releasing. Which is why we need to move on cordova 6.0.0. Users have been clamoring for marshmallow and wkwebview support for too long now. |
@stevengill I wasn't suggesting blocking the 6.0.0 release, just plugin pinning. I agree that this is a complicated feature and that the proposal above is not fleshed out to the point of implementation (and certainly not something that would be done for 6.0.0). However, I'm willing to concede that a core-only solution is useful as a temporary measure before a more complete one is implemented (whether that final solution be derived from this proposal or some other idea). I agree that stability is one of the key issues in the Cordova ecosystem, I just want to ensure that we are moving in a direction where we will eventually be able to extend stability to all parts of the ecosystem and not just core. Sorry if I was unclear in my earlier posts! |
If this proposal is implemented well, it would definitely remove the need for pinning plugins. The benefit to the community and ecosystem would be huge. By having pinning in the next release, we are essentially future proofing cordova. My hope is someone can download cordova@6 a year from now and it still be able to work. We could even one day get to a point where we use this type of proposal on platforms themselves. I just want to avoid issues for our developers along the way. |
I agree with @riknoll that this is a decent temporary measure, but not a long-term solution. I'm also willing to support installing pinned plugins in 6.0.0 as an interim measure, but to then make a proper solution for the versioning problem take higher priority over future feature work. Regarding the broader issue of versioning and the long-term solution post-6.0.0, let's continue to discuss on the mailing list so that others can participate. |
This has been updated! I've tried to clarify some things and update the semantics based on our discussion and some offline conversations with @dblotsky and @axemclion. I think this covers most of what we talked about:
I also wanted to provide a clearer specification for how the dependencies should be interpreted for each version of the plugin. The three types of constraints that matter are Cordova CLI version (easiest for third party developers to map against), platform versions, and plugin versions (as is done in plugin.xml's dependency tag). I don't think that the CLI version provides the most reliable information because how easy it is for the CLI to go out of sync with a project (e.g. by updating it or a project's platforms), but after discussing this offline I have been convinced that third party plugin developers will have an easier time testing against a CLI as opposed to individual platforms. I also added the option for specifying breaking platform changes for all earlier versions of a plugin (see the |
This looks pretty good! Logic looks sound to me. Question: Why use a custom attribute (cordovaDependencies) instead of the engine attribute in package.json? |
The engine attribute in package.json is for Node, isn't it? Is it conventionally ok to specify other things there? |
I've seen it used for other things (npm, iojs, etc). Conventionally, it would be encouraged to reuse the engine tag. A lot clearer than |
That's fine with me! |
Looks like the engine tag might require that you give a node version: https://docs.npmjs.com/files/package.json#engines If that is the case, we might have to put it somewhere else since it doesn't really make sense for plugins to specify that version. |
I don't think the engine tag requires node. The docs just show npm looks for node, iojs and npm. But we can put whatever we want in there. I made a quick test: https://github.com/stevengill/enginesTest I figured you would still want a named object to grab all of the versions with one call. So I put everything in a cordovaDependencies object.
I'm fine if you want to keep it in cordova instead of engines. I just think it makes the purpose of it more clear being in engine |
If that works, I'm all for it! The npm docs are really unclear about that fact. |
Can I merge this PR in now and close it? |
Adding plugin version fetching proposal
I merged it in. Wanted to reference it in blog post |
@stevengill I wrote up something for the blog and some actual docs here. Sorry, I meant to send out a link to that. Let me know what you think! |
@riknoll oh good to know! I can just reference your post instead of the proposal in the tools release blog post. apache/cordova-docs#561 |
This is a counterproposal to pinning core plugin versions in cordova-lib aimed at adding support for third party plugins