Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symfony flex endpoint order #73

Closed
Rainrider opened this issue Feb 23, 2023 · 2 comments
Closed

Symfony flex endpoint order #73

Rainrider opened this issue Feb 23, 2023 · 2 comments
Assignees
@Spomky
Labels
DX

Comments

@Rainrider
Copy link

Version(s) affected: v4.0.0

Description

With the provided installation instructions of adding your flex recipes endpoint, Symfony Flex does not honor extra.symfony.require anymore.

How to reproduce

  1. Install a simple Symfony skeleton with a fixed Symfony version (here current LTS): 
    mkdir skeleton && cd skeleton
composer create-project symfony/skeleton:"5.4.*" .
    symfony/* packages are kept to 5.4.*
  2. Add your custom recipes endpoint as per README.md 
    composer config --json extra.symfony.endpoint '["https://api.github.com/repos/Spomky-Labs/recipes/contents/index.json?ref=main", "flex://defaults"]'
  3. Run composer update -> symfony/* packages are updated to latest 6.2.* versions

Possible Solution

Swap the order of extra.symfony.endpoint so that flex://defaults is first:

  1. Run 
    composer config --json extra.symfony.endpoint '["flex://defaults", "https://api.github.com/repos/Spomky-Labs/recipes/contents/index.json?ref=main"]'
  2. Run composer update -> symfony/* packages are downgraded to latest 5.4.* versions as expected

This has the disadvantage that the recipe for spomky-labs/lexik-jose-bridge will be taken from the recipes contrib repo instead of your custom one. See output after composer req spomky-labs/lexik-jose-bridge:

Symfony operations: 4 recipes (84563b0c21a9ca4cdcdfc632a8ffa7a7)
  - Configuring web-token/jwt-bundle (>=3.0): From github.com/Spomky-Labs/recipes:tree
  - Configuring symfony/security-bundle (>=5.3): From github.com/symfony/recipes:main
  - Configuring lexik/jwt-authentication-bundle (>=2.5): From github.com/symfony/recipes:main
  -  WARNING  spomky-labs/lexik-jose-bridge (>=2.0): From github.com/symfony/recipes-contrib:main
    The recipe for this package comes from the "contrib" repository, which is open to community contributions.
    Review the recipe at https://github.com/symfony/recipes-contrib/tree/main/spomky-labs/lexik-jose-bridge/2.0

    Do you want to execute this recipe?
    [y] Yes
    [n] No
    [a] Yes for all packages, only for the current installation session
    [p] Yes permanently, never ask again for this project
    (defaults to n):

Additional context

This is probably a bug in Symfony Flex, as their instructions propose the order as used by you. I could file the bug with them if you would confirm this is not caused by your custom flex recipe endpoint somehow.
@Spomky
Copy link
Member

Spomky commented Feb 26, 2023

Hi,

To be honest, I had a discussion with Nicolas Grekas end of 2022 and actually there is no need for custom Fex endpoint for libraries. It only makes sense for biggest project with dilated rules and project requirements.

You can safely remove the rules from your composer.json, the existing rule in the contribute repository is sufficient (if it is not, just ask and I will update it).

@Spomky Spomky self-assigned this Feb 26, 2023
@Spomky Spomky added the DX label Feb 26, 2023
@Rainrider
Copy link
Author

It appears there is no need to update your contrib recipe. Symfony auto-generates recipe for web-token/jwt-bundle as well.

This is the diff without the custom endpoint vs with it:

diff --git a/.env b/.env
index 7c0ef70..76bb759 100644
--- a/.env
+++ b/.env
@@ -22,7 +22,7 @@ APP_SECRET=145bfed3ebfb47b7715715040c5745cb
 ###> lexik/jwt-authentication-bundle ###
 JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
-JWT_PASSPHRASE=3d2dfea4221974a1ec339cc22af1dd1c
+JWT_PASSPHRASE=d5a11ca0514bb159968dc573da2ccc5c
 ###< lexik/jwt-authentication-bundle ###
 
 ###> spomky-labs/lexik-jose-bridge ###
diff --git a/composer.json b/composer.json
index 41c94bd..60b019b 100644
--- a/composer.json
+++ b/composer.json
@@ -61,6 +61,10 @@
     "extra": {
         "symfony": {
             "allow-contrib": false,
+            "endpoint": [
+                "flex://defaults",
+                "https://api.github.com/repos/Spomky-Labs/recipes/contents/index.json?ref=main"
+            ],
             "require": "5.4.*"
         }
     }
diff --git a/composer.lock b/composer.lock
index a75c25f..249ed7c 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "95449eba4563344ccea0718f580e889f",
+    "content-hash": "a5d7b134e67c8748b6738933fa0e5dcd",
     "packages": [
         {
             "name": "brick/math",
diff --git a/symfony.lock b/symfony.lock
index 50e4dcd..876dfff 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -92,6 +92,12 @@
         ]
     },
     "web-token/jwt-bundle": {
-        "version": "3.1.6"
+        "version": "3.1",
+        "recipe": {
+            "repo": "github.com/Spomky-Labs/recipes",
+            "branch": "tree",
+            "version": "3.0",
+            "ref": "e9872ca728053c5a09ef09ec4712d430f30895d6"
+        }
     }
 }

Thank you very much for your bundle!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Spomky Spomky

Labels
DX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rainrider @Spomky