Closed helgatheviking closed 1 year ago
@helgatheviking This is not an issue with this plugin, but with a "security feature" which was introduced in Composer 2.2. See this announcement post: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution
The Usage section of the readme contains all the info you need to solve this.
Nothing we can do about this, but you can fix it yourself by adding the permission. Hope this helps.
Thanks so much @jrfnl . I still struggle with this ever since you got my plugin set up to run phpcs. :) I guess I don't understand the point of allow-plugins
... by declaring a dependency I would think that I've already accepted I want that code to run.
Hopefully last question... can the woocommerce-sniffs repo add the config
section in their composer.json
or do I need to add it to mine for each project where I am using the woocommerce sniffs (which itself requires the dealerdirect/phpcodesniffer-composer-installer
)
I guess I don't understand the point of allow-plugins...
Well, it was introduced as a security feature and while this plugin is quite innocent and limited in what it does (and therefore not problematic), there are other plugins which can make code changes in dependencies, so I can see how the allow-plugins
feature could save someone's bacon who is not fully aware of the capabilities of each plugin dependency which was added.
can the woocommerce-sniffs repo add the config section in their composer.json or do I need to add it to mine for each project where I am using the woocommerce sniffs
The woocommerce-sniffs
should also add the directive (for their own use), but you will still need to add it to your project as well. While require
dependencies are inherited from your own require
dependencies, the allow-plugins
config is not.
Pro-tip for the woocommerce-sniffs
standard: they should update their installation instructions to include the command to allow the plugin. See https://github.com/PHPCSStandards/PHPCSExtra/pull/101 for an example.
@helgatheviking Can we close this issue as "answered" ?
@Potherca FYI: I've added this issue to the "pinned issues" and remove the pins related to Composer 2.x and PHP 8.0 as those are a bit dated by now.
I'm cool with that. Thank you for the detailed explanation.
Problem/Motivation
My github action is terminating with an error.
My github action is calling
composer install
Currently the action appears to be installing composer 2.3.10.
My
composer.json
is only includingwoocommerce-sniffs
which appears to require"dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
Expected behaviour
composer install
finishes without throwing exception that ends the github actionActual behaviour
the action is failing with the following message:
the GH action log
Steps to reproduce
Building a release asset on git tag for plugin repo
Proposed changes
Environment
Output of
vendor/bin/phpcs --config-show
:Tested against
master
branch?master
branch.If this is something known to be resolved in
master
then I will open a ticket withwoocommerce/woocommerce-sniffs
to update. I just wasn't sure where this issue originated so starting here.