search

concretecms / composer

Concrete CMS Composer base.
MIT License
34 stars 23 forks source link

Updating core best pratice #37

Closed wordish closed 4 months ago

wordish commented 3 years ago

What is the best way to upgrade a composer-based concrete5 site?

If I create a project today with:

composer create-project -n concrete5/composer the_oregon_trail

it will install 8.5.5.

But if I try to update an older project created the same way that's currently on an older version (such as 8.3.2) and I run 

composer update

I get bumped up to the latest commit on the develop branch:

- Updating concrete5/core (8.3.2) to concrete5/core (dev-develop 8d8aa97)

but I want to just go to 8.5.5.

(The above command I got from Googling "composer based concrete5 how to update core", I just get a3020's upgdate steps which also instruct me to use composer update.)

What I finally ended up doing is:

composer require --update-with-dependencies concrete5/core:8.5.5

which gave me this (along with other dependencies):

- Updating concrete5/core (8.3.2 => 8.5.5): Loading from cache

This seemed correct to me, but raised a few eyebrows from colleagues because it's now locked to a specific version.

^8.2 in composer.json should allow any release up to the next major version number (so anything <9.0 but >= 8.2)

If you just change the file yourself and run composer update , you'll usually get a bunch of errors about "requirements could not be resolved to an installable set of packages" or something about being unable to complete due to the constraints. The dependencies need to be updated as well so you need to add add the --with-(all-)dependencies switch.

So rather than edit and run update, it seems you can just combine the two steps with the require command.

But either way, shouldn't the ^8.2 constraint limit it to an actual release? I don't understand why running update gets the latest commit with that constraint.

Is there a better way to start with this skeleton and later move to the latest release without accidentally ending up on the most recent commit on the develop branch?

KorvinSzanto commented 4 months ago

The way you update a composer library is you change your composer.json file to have a constraint that accurately restricts the dependency to versions you want. In the case of this project where concrete is likely to be the main dependency, it's probably best to just lock to a specific minor version like ~9.1.0 so that you don't upgrade the core when you don't expect to, semver.mwl.be is a great tool for determining constraints.

So to update, I do the following:

  1. Update the constraint for the core in composer.json to be accurate
  2. Update constraints for any other dependencies that might need updating too
  3. Run composer update

The skeleton is a boilerplate to get you started with managing your concrete site with composer. We don't really have any control over projects after they are initially created, and frankly we don't want to have control over them. So with that said this question and the answer are general composer usage questions and not specific to this project.

My guess as to why you'd get a commit and not a release is because you might have prefer-stable disabled and minimum-stability set to dev.