search

acquia / reservoir

A back end for your front end: a content repository. Powered by Drupal 8, JSON API and OAuth2.
244 stars 30 forks source link

Dev branch (with 8.3.4) cannot be installed with composer. #35

Closed damontgomery closed 7 years ago

damontgomery commented 7 years ago

On a new project, if I try to pin to the 8.x-1.x branch which includes the 8.3.4 security release, I cannot install the dependencies with composer.

On an existing project with Reservoir, I can update core, composer update drupal/core. This is using the alpha release and then updating core. I haven't tested any functionality yet, just composer installation.

I tried a fresh install using the reservoir-project repo as a starting point,

Changed: "acquia/reservoir": "dev-8.x-1.x"

composer.json

{
    "name": "acquia/reservoir-project",
    "description": "Project template for Drupal 8 sites built with the Reservoir distribution.",
    "type": "project",
    "license": "GPL2",
    "minimum-stability": "dev",
    "prefer-stable": true,
    "repositories": [
        {
          "type": "composer",
          "url": "https://packages.drupal.org/8"
        }
  ],
  "require": {
    "composer/installers": "^1.0",
    "cweagans/composer-patches": "~1.0",
    "drupal-composer/drupal-scaffold": "^2.0.0",
    "acquia/reservoir": "dev-8.x-1.x"
  },
  "extra": {
      "installer-paths": {
          "docroot/core": [
              "type:drupal-core"
          ],
          "docroot/modules/contrib/{$name}": [
              "type:drupal-module"
          ],
          "docroot/profiles/contrib/{$name}": [
              "type:drupal-profile"
          ],
          "docroot/themes/contrib/{$name}": [
              "type:drupal-theme"
          ],
          "drush/contrib/{$name}": [
              "type:drupal-drush"
          ]
      },
      "enable-patching": true
  }
}

This produces the error, 

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for acquia/reservoir dev-8.x-1.x -> satisfiable by acquia/reservoir[dev-8.x-1.x].
    - acquia/reservoir dev-8.x-1.x requires webflo/drupal-core-strict ^8.3.4 -> satisfiable by webflo/drupal-core-strict[8.3.4, 8.3.x-dev, 8.4.x-dev].
    - webflo/drupal-core-strict 8.3.4 requires composer/installers v1.2.0 -> satisfiable by composer/installers[v1.2.0].
    - webflo/drupal-core-strict 8.3.x-dev requires composer/installers v1.2.0 -> satisfiable by composer/installers[v1.2.0].
    - webflo/drupal-core-strict 8.4.x-dev requires composer/installers v1.2.0 -> satisfiable by composer/installers[v1.2.0].
    - Conclusion: don't install composer/installers v1.2.0

I believe this is because Drupal core and webflo/drupal-core-strict are not compatible. I got similar (but slightly different) composer errors when trying to upgrade from the alpha to this branch.

$ composer require acquia/reservoir:dev-8.x-1.x
    1/1:    http://packagist.org/p/provider-latest$ff0af8c2229d07f162d42f6d3525c6f84b1d168edc303d9f03273fb503a156a9.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
./composer.json has been updated
    1/1:    http://packagist.org/p/provider-latest$ff0af8c2229d07f162d42f6d3525c6f84b1d168edc303d9f03273fb503a156a9.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
Gathering patches for root package.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for zendframework/zend-stdlib (locked at 3.1.0) -> satisfiable by zendframework/zend-stdlib[3.1.0].
    - Installation request for acquia/reservoir dev-8.x-1.x -> satisfiable by acquia/reservoir[dev-8.x-1.x].
    - acquia/reservoir dev-8.x-1.x requires webflo/drupal-core-strict ^8.3.4 -> satisfiable by webflo/drupal-core-strict[8.3.4, 8.3.x-dev, 8.4.x-dev].
    - webflo/drupal-core-strict 8.3.4 requires zendframework/zend-stdlib 3.0.1 -> satisfiable by zendframework/zend-stdlib[3.0.1].
    - webflo/drupal-core-strict 8.3.x-dev requires zendframework/zend-stdlib 3.0.1 -> satisfiable by zendframework/zend-stdlib[3.0.1].
    - webflo/drupal-core-strict 8.4.x-dev requires zendframework/zend-stdlib 3.0.1 -> satisfiable by zendframework/zend-stdlib[3.0.1].
    - Conclusion: don't install zendframework/zend-stdlib 3.0.1

Installation failed, reverting ./composer.json to its original content.
wimleers commented 7 years ago

Hm, so https://github.com/acquia/reservoir/pull/6 is causing problems it seems. I don't see how https://github.com/acquia/reservoir/commit/88772957f2658a72ba1509a28fa44fb8035fc116 (which updated us from 8.3.3 to 8.3.4) could be causing this?

damontgomery commented 7 years ago

@wimleers,

Acquia Lightning had a similar conversation around this and decided against using drupal-core-strict. This was partially because of the issues we are seeing here. Please see https://github.com/acquia/lightning/issues/391.

I think the Lightning decision makes a lot of sense. It really should be Drupal core's job to lock their composer library to specific version constraints if they need to. Trying to use this other system could (as in this case?) cause a lot of headaches around what's getting installed.

I don't want you to think I'm telling you what to do. :) I thought the Lightning discussion might be helpful. The team hasn't ignored the concern, they've chosen to address it in another way.

balsama commented 7 years ago

@damontgomery Looking at the output you posted, I think this is just because of your lock file. "locked at 3.1.0":

Installation request for zendframework/zend-stdlib (locked at 3.1.0)

Running composer require acquia/reservoir:dev-8.x-1.x will only be successful if none of the other dependency requirements change. Can you add --no-update to the require command, then run composer update? Or delete your lock file entirely to troubleshoot.

damontgomery commented 7 years ago

Local Install

👍 I was able to run a new install with the composer.json listed above pointing at dev.

Maybe this (https://github.com/acquia/reservoir/commit/edb9cbcf13507dc1fdea62dbd7944597f5637699) fixed the issue for a new install. Maybe I was doing something wrong before. :(

Update

👍 I was able to update an existing site with

# Add the dependency to composer.json without installing.
composer require acquia/reservoir:dev-8.x-1.x --no-update

# Update EVERYTHING.
composer update

This is what Adam was recommending. I usually like to just update the specific package, but that's not always possible. Updating just one with composer update acquia/reservoir reduces the risk that tons of unexpected module / package changes are occurring.

I think we can close this. I'd still recommend removing that lock system because it might make the updates more difficult going forward, but I can understand both opinions.