Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Declaring composer package version #86

Closed
szepeviktor opened this issue Jul 10, 2019 · 9 comments
Closed

Declaring composer package version #86

szepeviktor opened this issue Jul 10, 2019 · 9 comments

Comments

@szepeviktor
Copy link

szepeviktor commented Jul 10, 2019
edited
Loading

I know you have reason/s for putting package versions into composer.json but that prevents updates. https://github.com/shopware/platform/blob/master/composer.json

We could declare package versions in composer.lock
@shyim
Copy link
Member

shyim commented Jul 10, 2019

It's not the same. Shopware has two distributions ways zip version and composer. In the Zip your comment would work. But when somebody depend on Shopware using composer only the require from composer.json will be restrictet.

Locking for a specific version makes the lifes for our support team easier, because we have only to check the Shopware version and not of the dependencies. We had already tickets, where a single patch version difference in Symfony broke the complete shop registration and address managment

@szepeviktor
Copy link
Author

Okay. I see, you have incompetent users.
I am sorry.

@szepeviktor
Copy link
Author

where a single patch version difference in Symfony broke

@shyim If you encounter an issue use version exclusion: "symfony/something": "^3.1.41 !=3.1.42"

But I understand the business is the main thing.

@NeoBlack
Copy link

pinning the version in the composer.json file is a pain in the ass for the other developers, who code plugins or try to manage bigger installations. It is stupid to pin package versions in a composer product.
Other systems also have zip releases and don't pin packages to a specific version. I guess you don't understand how package management works. Really sad.

@NeoBlack NeoBlack mentioned this issue Jul 28, 2020
Closed
@shyim
Copy link
Member

shyim commented Jul 28, 2020

@NeoBlack
The current pinning helps us to have a reproduceable build. We have already a ticket open to reconsider it https://issues.shopware.com/issues/NEXT-9961

@szepeviktor
Copy link
Author

szepeviktor commented Jul 28, 2020
edited
Loading

@shyim Yes! That is fine. I encourage you to do that, just by the means of the composer.lock file.

  • you could do build/test with locked versions
  • with downgraded versions
  • with latest versions

kép

https://getcomposer.org/doc/01-basic-usage.md#installing-with-composer-lock

@shyim
Copy link
Member

shyim commented Jul 28, 2020

That does not help us. This repository is an library and not an root composer project

@szepeviktor
Copy link
Author

Okay.
Please randomly pick a handful of Composer packages https://packagist.org/explore/popular
and it will be very-very difficult to find one with locked versions in the JSON file.
How could it be? (theoretical question)

@shyim
Copy link
Member

shyim commented Jul 28, 2020

I just explained our current point why we do it and didn't said we are against that 😊 .
We will look into that linked issue and come back with feedback 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@szepeviktor @NeoBlack @shyim