fix(manager/composer): match composer's handling of the patch number for platform PHP version #17299
Conversation
|
Some points regarding, whether a PHP version with a patch of Latest patch versions... |
|
Sounds like composer treats a plain version as like <=, would it be better or we did that too? Eg we treat 7.4.99 as <=7.4.99 |
|
Composer treats So, to say we have the latest of the 7.4.x we use arbitrary high patch number (platform version must be specific. It can't be a range) to ensure platform version will satisfy packages requiring any of the existing releases as their minimum. Packages require specific PHP patch version as minimum when there was a php bug affecting the package that was fixed by a particular patch version. I never seen package that will not accept latest patch version. Composer itself does not have any special treatment to the number. It just needs to be within the range for the purposes of dependency resolution. I've seen My understanding is that the issue we experience comes from the fact that
Eg lock file maintenance laminas/laminas-skeleton-installer#39 creates lock file against package versions that require php 7.4 as a minimum where defined platform and expected lock file is for php 7.3. |
|
Composer allows the use of The difference currently lies with how composer vs renovate handles a non-existent version. Composer will obtain packages using Renovate however, passes this as a docker tag to fetch the correct PHP version. The ideal scenario would be to check if the patch version exists and if not, drop the patch number and check again. Specifying a setting of Also note we're talking specifically about the See https://getcomposer.org/doc/06-config.md#platform for composer's documentation on this feature. |
|
I think we need to discuss this in an issue to reach consensus on how Renovate should treat these edge cases, including composer's undocumented behaviour. @internalsystemerror Could you create one and we move the dissuasion there? |
|
It's not that the behaviour is undocumented, this is how composer treats the version specified in this setting. I've opened the following issue #17308 anyway. Hopefully this PR will bridge the differences whilst not having to make multiple round trips to docker in order to resolve the correct docker tag to use. |
In the comment above, I opened an issue for discussion. I've also provided a comment to try and clearly explain the current error with examples, and then a further comment to show why this doesn't occur with e.g. node. The issue again for brevity: #17308 |
|
please move the issue link to context section and add |
Ah! I didn't know that was a GitHub feature, glad I learnt it. Done! |
internalsystemerror
changed the title
.99 for platform PHP version
|
For the docker latest tag replaces previous. It makes sense that builds tagged with In the context of platform overrides we talk about specific versions so it can not be expanded with anything implied other than
For the constraints the Stability Constraints indirectly covers implicit behavior: https://getcomposer.org/doc/articles/versions.md#stability-constraints |
…for platform PHP version Signed-off-by: Gary Lockett <gary@creativecow.uk>
|
After updating using the solution agreed upon in the issue linked to this PR, I rebased and squashed to a single commit. However, you guys update quicker than I can keep up so it's already out of date again. Consider this PR now ready for review. |
|
I assume you guys are able to update the branch prior to merge, but if not just let me know. |
|
@rarkins sorry for the ping, I know your time is precious but a) I wanted to make sure that this is on your radar, and b) I wanted to ask if there are any other changes needed from me, or if I just need to wait patiently? |
|
🎉 This PR is included in version 32.181.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Changes
When specifying a deliberately high patch version (i.e. a never to be released version) e.g.
7.4.99forconfig.platform.phpinsidecomposer.json, this is currently handled by composer to imply the latest available patch version. This PR brings renovate in line with that usage, by replacing any patch version number greater than 0 with<=, (i.e.7.4.99becomes<=7.4.99for the purpose of resolving the docker tag).Context
At present when users are specifying a non-existent patch number, this tells composer to retrieve updates using the latest available patch for that PHP minor. Although not ubiquitous (as some will want to specify a specific patch version), nor a written standard (composer documentation only mentions the case where no patch is specified, which is treated the same as patch 0 (i.e.
7.4is taken to be7.4.0).config.platform.phpdifferent from composer #17308Documentation (please check one with an [x])
Although this is a change to renovate, we are using a feature of composer, and this PR simply brings it into line with that usage. However, I'm happy to include documentation changes if someone could point me to what and where.
How I've tested my work (please tick one)
I have verified these changes via:
There will still be examples where a version such as
7.4.50is specified, which is a non-existent version. In this case, composer will use7.4.30(latest patch for minor) whereas renovate will request the docker tag7.4.50which doesn't exist and so will fall back to the latest tag (which is8.0currently).In our discussions it had been suggested to drop the patch version altogether as we couldn't think of a case where the latest patch version wouldn't be allowed, quite the reverse, this is usually to require a minimum version that includes a specific fix.
However, as we did not want to prevent users from being able to specify a patch version, a patch ofAfter further discussion in the issue above, the approach will now be to replace any patch version number greater than 0 with>=99appeared to be a suitable compromise.<=, (i.e.7.4.99becomes<=7.4.99for the purpose of resolving the docker tag).