Skip to content

Add composer-dependency-analyser to CI (fix shadow & misplaced dependencies) #2875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 23, 2024
Merged

Add composer-dependency-analyser to CI (fix shadow & misplaced dependencies) #2875

merged 1 commit into from
Feb 23, 2024

Conversation

janedbal
Copy link
Contributor

@janedbal janedbal commented Jan 15, 2024
edited
Loading

image

janedbal
janedbal commented Jan 15, 2024
View reviewed changes
janedbal
janedbal commented Jan 15, 2024
View reviewed changes
@janedbal
Copy link
Contributor Author

@ondrejmirtes Any comments on this one? I believe it found real issues and thus make sense to keep it in CI to guard that. Also, the package is stable now.

@ondrejmirtes
Copy link
Member

I agree, we could remove composer-require-checker if this one does a better job. But my priority now is to finish and release 1.11 (and I'm travelling to PHP UK this werk) so I'll most likely start processing the backlog of emails (currently 130) after that.

@janedbal janedbal force-pushed the composer-dependency-analyser branch from be668dd to cb94bd1 Compare February 12, 2024 12:44
janedbal
janedbal commented Feb 12, 2024
View reviewed changes
@janedbal
Copy link
Contributor Author

@ondrejmirtes Ok, I removed composer-require-checker, updated the tool and fixed one more issue. It is also rebased so it could be merged now if you feel so.

janedbal
janedbal commented Feb 15, 2024
View reviewed changes
@janedbal janedbal changed the title Add composer-dependency-analyser to CI (fix shadow dependencies) Add composer-dependency-analyser to CI (fix shadow & misplaced dependencies) Feb 15, 2024
ondrejmirtes
ondrejmirtes requested changes Feb 20, 2024
View reviewed changes
@janedbal janedbal force-pushed the composer-dependency-analyser branch from e15bc23 to 69eda8e Compare February 21, 2024 15:39
ondrejmirtes
ondrejmirtes reviewed Feb 23, 2024
View reviewed changes
composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "bd93faf2a75150f9ba8e41fb86b8c632",
"content-hash": "2723c5a59596e6ccf2430f75a1fcf36b",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What command did you please use to update composer.lock here? I need it so I can replay the changes on 1.11.x

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

composer update --lock, see docs

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just realized this advice is wrong.

Example:

  1. 1.10.x updates phpstan/phpdoc-parser from 1.25.0 to 1.26.0.
  2. I merge 1.10.x into 1.11.x and get conflict in composer.lock
  3. I run git checkout --ours composer.lock to get it look like on top of 1.11.x.

Now I need to rerun the commands that make the lock file being changed in 1.10.x. Running composer update --lock is not sufficient, it's going to keep phpdoc-parser on version 1.25.0 in composer.lock. But I want it to be 1.26.0.

The correct solution is to run composer update phpdoc-parser.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My working flow:

  • I merge all non-conflicting stuff of composer.lock in PHPStorm merge tool.
  • The only conflict is the hash, I pick any.
    • If not, some package got update on both sides.
  • I fix that hash by composer update --lock

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see!

@ondrejmirtes ondrejmirtes merged commit 97408e6 into phpstan:1.10.x Feb 23, 2024
@ondrejmirtes
Copy link
Member

Thank you very much!

@janedbal janedbal mentioned this pull request Feb 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ondrejmirtes ondrejmirtes ondrejmirtes requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@janedbal @ondrejmirtes