I think this is an unnecessary dependency and it is not available in minimalist Docker image.
The next command is sudo php ..., it means a working PHP has to be available, which is quite understandable in light of the fact we want to use the Composer.
PHP \copy() function could be used to download a remote file instead of SHELL curl.
Leftover composer-setup.php file
Orb does not delete the composer-setup.php file after it was used.
Checksum validation is skipped
The integrity of the downloaded composer-setup.php is not checked.
I know, it is a bit tricky, because the hash is changing time to time.
configurable filename
composer-setup.php has a --filename CLI option. Orb has no such a parameter.
This is problem because I can't (easily) download two different version of composer.
For example 1.x and 2.x, because the destination file always be the same
CURL dependency
Currently the
install-composertask uses thecurlSHELL command to download the Composer installer. https://github.com/CircleCI-Public/php-orb/blob/87336d5b26372040c6c6500cb332003bdb0846b7/src/commands/install-composer.yml#L19I think this is an unnecessary dependency and it is not available in minimalist Docker image. The next command is
sudo php ..., it means a working PHP has to be available, which is quite understandable in light of the fact we want to use the Composer.The official install script is:
PHP
\copy()function could be used to download a remote file instead of SHELLcurl.Leftover composer-setup.php file
Orb does not delete the
composer-setup.phpfile after it was used.Checksum validation is skipped
The integrity of the downloaded
composer-setup.phpis not checked. I know, it is a bit tricky, because the hash is changing time to time.configurable filename
composer-setup.phphas a--filenameCLI option. Orb has no such a parameter. This is problem because I can't (easily) download two different version of composer. For example 1.x and 2.x, because the destination file always be the sameHow to install Composer programmatically