In #2494073: Prevent modules which have unmet Composer dependencies from being installed, we've found a solution that uses composer/semver to do checking for package constraints. Attached patch adds that package to the repository.

I executed the following command: $ composer require composer/semver 1.*.
I manually edited core/composer.json and ran composer update composer/semver.

Beta phase evaluation

Reference: https://www.drupal.org/core/beta-changes
Issue category Task because it is an external library addition
Issue priority Major because it blocks a major issue - #2494073: Prevent modules which have unmet Composer dependencies from being installed
CommentFileSizeAuthor
#16 require_the-2575469-16.patch49.44 KBhussainweb
#10 require_the-2575469-10.patch49.63 KBhussainweb
#7 require_the-2575469-7.patch49.58 KBhussainweb
#5 require_the-2575469-5.patch64.14 KBborisson_
require-composer-semver-1.patch64.14 KBborisson_

Comments

borisson_ created an issue. See original summary.

borisson_’s picture

borisson_
Primary language Dutch
Location Mechelen, 🇧🇪
commented
Status: Needs work » Needs review
Parent issue: » #2494073: Prevent modules which have unmet Composer dependencies from being installed
dawehner’s picture

dawehner
Primary language German
commented

IMHO we should use ~2.0 as version constraint, its something we use in more places now.

bojanz’s picture

bojanz commented

+1 to adding the library.

borisson_’s picture

borisson_
Primary language Dutch
Location Mechelen, 🇧🇪
commented
StatusFileSize
new require_the-2575469-5.patch64.14 KB

Used $ composer require composer/semver ~1.0 for attached patch.

webflo’s picture

webflo commented
Issue tags: +Composer
hussainweb’s picture

hussainweb
Primary language English
commented
Priority: Normal » Major
StatusFileSize
new require_the-2575469-7.patch49.58 KB

Rerolled the patch. We don't have a core/vendor anymore.

Also, marking this as major as it blocks a major issue - #2494073-68: Prevent modules which have unmet Composer dependencies from being installed.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs review » Reviewed & tested by the community

This is RTBC, of course

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 7: require_the-2575469-7.patch, failed testing.

hussainweb’s picture

hussainweb
Primary language English
commented
Status: Needs work » Needs review
StatusFileSize
new require_the-2575469-10.patch49.63 KB

Rerolling...

hussainweb’s picture

hussainweb
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

RTBC as per #8. It was just a reroll.

The last submitted patch, 7: require_the-2575469-7.patch, failed testing.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Issue tags: +Needs framework manager review, +Needs beta evaluation

Library addition = needs framework manager sign-off.

For that sign-off, it'd be good if the issue summary had a beta evaluation; in particular to understand why we'd want to do this at the 11th hour of RC1 and not defer to 8.1.x instead. Seems like a nice to have?

bojanz’s picture

bojanz commented

I would agree that this is a "nice to have". It depends on how important you consider #2494073: Prevent modules which have unmet Composer dependencies from being installed.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Needs work

I like using this package to do #2494073: Prevent modules which have unmet Composer dependencies from being installed - it makes sense. Needs a reroll though.

hussainweb’s picture

hussainweb
Primary language English
commented
Issue summary: View changes
Status: Needs work » Reviewed & tested by the community
StatusFileSize
new require_the-2575469-16.patch49.44 KB

Rerolling and setting to RTBC as per #8.

hussainweb’s picture

hussainweb
Primary language English
commented
Issue tags: -Needs beta evaluation
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

I think we need to complete #2494073: Prevent modules which have unmet Composer dependencies from being installed before release as a broken site due to module install would be hard for users to recover from. Discussed with @catch, @xjm and @webchick we agreed to commit this under committer discretion since it unblocks that issue.

Committed b834fcd and pushed to 8.0.x. Thanks!

  • alexpott committed b834fcd on 8.0.x 
    Issue #2575469 by hussainweb, borisson_: Require the composer/semver...
hussainweb’s picture

hussainweb
Primary language English
commented

@alexpott: Thank you. I have set that issue to Needs Review with a fresh patch - #2494073: Prevent modules which have unmet Composer dependencies from being installed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

xjm’s picture

xjm
she/her
Primary language English
commented
Issue tags: -Needs framework manager review