Problem/Motivation
In the core-recommended package, as well as the core-dev-pinned metapackages we use self.version
to represent the desired version of drupal/core
.
self.version
can be *very* problematic in several situations, leading to a frustrating situation where your site cannot be updated unless you are updating multiple things at a time, or at all if you happen to be on a branch that may or may not resolve properly to a composer version.
Now that we're generating the packages inside of core itself, we can generate the exact version declaration.
Proposed resolution
Change the generators to use the version as declared in core/lib/Drupal.php
Remaining tasks
Release process changes
When a release is being tagged, we must regenerate the metapackages to reflect the tag, and return them to their original -dev state after the release is pushed.
User interface changes
none
API changes
none
Data model changes
none
Release notes snippet
The core version in the core-recommended and core-dev-pinned metapackages will now be pinned to exact versions, and not rely on composer to extrapolate the version.
Comment | File | Size | Author |
---|---|---|---|
#18 | 3090906-9.0.x-18.patch | 3.86 KB | alexpott |
#18 | 3090906-8.8.x-18.patch | 3.86 KB | alexpott |
#18 | 3090906-8.9.x-18.patch | 3.86 KB | alexpott |
#9 | 3090906-9.patch | 3.86 KB | ravi.shankar |
#7 | 3090906-7.patch | 3.5 KB | ravi.shankar |
Comments
Comment #2
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedHere's a patch.
Comment #3
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedNo, really, here's a patch.
Comment #5
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedUpdate the test to match the patch.
Comment #6
MixologicMinor typo
Comment #7
ravi.shankar CreditAttribution: ravi.shankar at OpenSense Labs commentedI have fixed it.
Comment #9
ravi.shankar CreditAttribution: ravi.shankar at OpenSense Labs commentedComment #10
MixologicHey, thanks for the reroll, this is great.
Comment #11
alexpottThe means that the meta packages will change when we tag a Drupal release. I think we need to update https://www.drupal.org/core/maintainers/create-core-release and https://github.com/xjm/drupal_core_release/pull/8 has landed.
However the requirement to do this exists already so I think we can proceed here.
Comment #12
xjmThis should be mentioned in the beta1 release notes (and needs a release note).
Comment #13
xjm(Also I can't decide if it needs a CR? Maybe?)
Comment #14
xjmComment #15
MixologicComment #16
MixologicComment #17
ressa CreditAttribution: ressa at Ardea commentedFixed minor typo in Issue Summary.
Comment #18
alexpottHere's the patches for all the supported versions. I'm not sure what the purpose of a CR or a release note would be here. We're changing the meta-packages and as such I don't think there is anything for a user to do. @Mixologic am I correct that a user will not need to make any changes as a result of this? I think the only people this affects is Drupal core release managers.
The 8.9.x patch is exactly the same as #9 but included here for completeness and simplicity.
Comment #19
xjmCleaning up tags. (Did someone lowercase a bunch of issue tags recently? Violates our text standards and is disruptive... off-topic.) The release note needs to explain the disruption, and the CR at least needs to describe the change required for core development process: new command to run every time a release is created or a module is added, and the new files it will change. It might make sense to append this to the other CR from the previous issue.
Comment #20
xjmI've lost track of which issue it is that adds the test files that also get automatically updated; can we reference it here?
Comment #21
MixologicThis change is a bugfix, and therefore there wont be any disruption. We're fixing a bug that will prevent some edge case scenarios where people will not be able to upgrade. Now that beta1 is out, if people upgrade from beta1 to a version with this fix, they will get this pinned requirement instead of self.version, which should result in no change. The release note snippet that I wrote already is all I can even think of to document this change for end users.
I wrote a change record, and noted that the applicable audience is for release managers and the release process: There are neither API, nor user interface changes.
I went ahead and updated the core release document (https://www.drupal.org/core/maintainers/create-core-release) with the additional steps. The steps are non interfering or destructive on earier versions of drupal core (8.6/8.7 etc), so at worst they're just extra time. -> That doc could probably use some refreshing (old links to cgit etc).
There are no test files that get automatically updated, the versions that used to be in the tests were incidental, and not relevant to how the tests function, and were not something that required changes or maintenance, thus we removed them to reduce concern that they were something that mattered. https://www.drupal.org/project/drupal/issues/3087626#comment-13320847 is the comment where you expressed this concern, and later in the issue the version numbers were removed to alleviate that concern.
Comment #22
MixologicCore docs updated,
Release script PR here: https://github.com/xjm/drupal_core_release/pull/9
Comment #23
Ghost of Drupal PastI feel like I should resurrect the happy chx tag...
Comment #24
MixologicI think this can go back to RTBC.
Comment #25
Mile23I just combined this patch with #3086644-55: LegacyProject composer templates wrongly reference 8.x + fix test coverage which will probably be the eventual test for all this.
Running
COMPOSER_ROOT_VERSION=8.9.x-dev composer update --lock
yielded changes like this:After that, the tests still pass, so +1 RTBC.
Comment #26
xjmStill testing to ensure this will work with release scripts, so this is blocked until that's resolved.
Comment #27
xjmSo I applied this locally and tested it with the changes to the tagging script that @Mixologic submitted a PR for. I got this diff if I tagged it as 8.8.0:
So on the one hand... yay, something worked. On the other, though, the values in the metapackages themselves look wrong. They don't match the core version constant. Is that intentional or is it just a bug in the script? The correct version constant for 8.8 at present is
8.8.0-dev
, not8.8.x-dev
. After 8.8.1 it's8.8.1-dev
, etc.Comment #28
xjmThere were also no changes to core's own
composer.json
orcomposer.lock
, and I was expecting there to be.Comment #29
alexpottIt's because there is no 8.8.1 dev branch. We only have the 8.8.x branch. If this was 8.8.1-dev composer wouldn't be able to work out that this means get the 8.8.x branch.
Comment #30
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedSo it looks like it worked for the tag: when VERSION was 8.8.0, then drupal/core was also required as 8.8.0.
As far as VERSION = 8.8.1-dev, I think that 8.8.x-dev is the correct version constraint for the drupal/core package, as @alexpott explained in #29.
Comment #31
Mile23+1 on #29 with the disclaimer that I don't know enough about the release script to really know all the implications.
Here's what
\Drupal\Composer\Composer::drupalVersionBranch()
does with\Drupal::VERSION
:So if you set
\Drupal::VERSION
to 8.8.1-alpha1, then that will make it through to the metapackages because it's expected to be a tagged release, and Composer can figure out a tagged release. Otherwise dev is major.minor.x-dev, and then Composer knows to just get that branch.Comment #32
xjmAlright, so according to #30, #27 is WAD. But what #28, about all the
self.version
incomposer.lock
andcore/composer.json
?Comment #33
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedself.version is not harmful in "replace", so core's composer.json does not have to change. Core does not have its own composer.lock; the project-level composer.lock serves this purpose for the entire project, including core.
Comment #34
xjmSo we do or do not expect
composer.lock
to change each time core issues a new release?Comment #35
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedIf I am not mistaken, issuing a release will modify core/lib/Drupal.php, but not composer.json or core/composer.json, so the metapackages will change, but composer.lock will not.
I did not test to verify tho.
Comment #36
Mile23It's possible that we won't see a change to composer.lock, because maybe no dependencies were changed since the last tagged release. But even if there's no change, we should see a change to the metapackages to reflect the tagged release.
So, for instance, after applying the patch in #18, and then changing
\Drupal::VERSION
to 8.8.1-alpha1, I docomposer update -lock
. There's no change to composer.lock, but I do see this change, and it's the right one:So then let's change
\Drupal::VERSION
to 8.8.2-dev, and aftercomposer update -lock
we see this, because 8.8.2 dev work will be commits after the last tagged release on the 8.8.x branch:This is all without changing the lock file, but still reflecting the release (or non-release) version of core in the metapackages.
The product (drupal/legacy-project or drupal/recommended-project) won't have a lock file. Only the dev version (drupal/drupal) will.
Comment #37
greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commentedThanks for running the update, @mile23. #36 LGTM.
Comment #38
larowlanComment #39
xjmAlright, I've tested the updates I made to the script with a normal security release, and confirmed that the necessary merges are handled correctly. Thanks for your patience on this issue.
Comment #40
xjmUpdating issue credit for everyone who helped with testing, docs updates, etc.
Comment #44
xjmCommitted to 9.0.x, 8.9.x, and 8.8.x. Thanks!
I'm leaving the DrupalSouth tag on even though the event hasn't started yet because I'm on a plane flying there... that counts, right?
Comment #45
xjmPublished the CR.