Is this [mostly] a bug report, feature request, or question?
Perhaps all 3..
Working on a demo site which should always run "latest" CORE. So this is not a fork, just running master branch from this repo. Will be auto-upgrading it nightly to keep it current.
The problem comes with Composer, and the composer.json file. As of Composer 2.5.4, but probably earlier versions too, the composer install command now prompts about explicitly enabling some plugins, for the install to work. Getting 3 separate prompts, like:
ledgar@demo:/srv/corepos/upstream/IS4C$ composer install
composer/installers contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "composer/installers" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
corepos/composer-installer contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "corepos/composer-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
oomphinc/composer-installers-extender contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "oomphinc/composer-installers-extender" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
NB. it's also possible to avoid the prompts, by enabling ahead of time via commands:
So that means git status no longer is clean, which means git pull cannot happen until it's cleaned up. I also tried adding --global to the composer config commands, which did add plugin allowances to a different file, ~/.config/composer/config.json - but then composer install still gave same prompts, so not sure why that would be ignoring the global allowances..?
The basic nightly upgrade plan will be e.g.:
cd /srv/corepos/upstream/IS4C
git pull
composer install
But that won't work given the dirty working folder. A workaround for now will be to tweak that sequence to be more like:
I'm wondering then, what should happen here to improve the situation. Is there any harm in adding the plugin allowances directly to composer.json in this master repo? (I don't know what the implications might be.) Is there some other trick I should know about etc.?
Another issue when forking the repo and adding custom plugins, is that esp. the composer.lock file becomes essentially irreconcilable between the fork and upstream, so any changes made to upstream are difficult to merge into the fork. I plan to avoid that by way of Poser (cf. #1074) and keeping plugins separate. (So far no plugins need any extra Composer packages..) But am curious if there is some strategy that might "normally" be used aside from Poser, to add extra packages while preserving upstream composer.lock etc.?
Dang it, nevermind.. I had a typo in my composer config --global command, have fixed that and now those global allowances are being respected. No more prompts happening in the CORE folder..
master
Office (both?)
Perhaps all 3..
Working on a demo site which should always run "latest" CORE. So this is not a fork, just running master branch from this repo. Will be auto-upgrading it nightly to keep it current.
The problem comes with Composer, and the
composer.json
file. As of Composer 2.5.4, but probably earlier versions too, thecomposer install
command now prompts about explicitly enabling some plugins, for the install to work. Getting 3 separate prompts, like:NB. it's also possible to avoid the prompts, by enabling ahead of time via commands:
In either case the end result is that
composer.json
has been modified with these plugin allowances:So that means
git status
no longer is clean, which meansgit pull
cannot happen until it's cleaned up. I also tried adding--global
to thecomposer config
commands, which did add plugin allowances to a different file,~/.config/composer/config.json
- but thencomposer install
still gave same prompts, so not sure why that would be ignoring the global allowances..?The basic nightly upgrade plan will be e.g.:
But that won't work given the dirty working folder. A workaround for now will be to tweak that sequence to be more like:
I'm wondering then, what should happen here to improve the situation. Is there any harm in adding the plugin allowances directly to
composer.json
in this master repo? (I don't know what the implications might be.) Is there some other trick I should know about etc.?Another issue when forking the repo and adding custom plugins, is that esp. the
composer.lock
file becomes essentially irreconcilable between the fork and upstream, so any changes made to upstream are difficult to merge into the fork. I plan to avoid that by way of Poser (cf. #1074) and keeping plugins separate. (So far no plugins need any extra Composer packages..) But am curious if there is some strategy that might "normally" be used aside from Poser, to add extra packages while preserving upstreamcomposer.lock
etc.?