Dependency patch resolution: resolve file paths to local patches stored in dependencies

cweagans commented 4 months ago

Verification

[X] I have updated Composer to the most recent stable release (composer self-update)
[X] I have updated Composer Patches to the most recent stable release (composer update cweagans/composer-patches)
[X] I am using one of the supported PHP versions (8.0+)
[X] I have searched existing issues and discussions for my idea.

Is your feature request related to a problem?

If a dependency defines a patch that is distributed alongside that dependency, it has historically been difficult to actually get that patch to apply to the project.

Describe your proposed solution(s)

If a dependency defines a patch and also distributes that patch alongside the dependency, we should just fix the path so that Composer Patches does the right thing.

Describe alternatives

No response

Additional context

No response

github-actions[bot] commented 4 months ago

👋 Thanks for the idea! Please remember that this is an open source project - feature requests may or may not be implemented, and if they are, the timeline is unknown. If you need a guaranteed implementation or timeline, sponsorships are welcome!

RobinHoutevelts commented 4 months ago

Edit: Created a separate issue: https://github.com/cweagans/composer-patches/issues/551

(original comment)

Bah, this breaks my setup in 2.0.0-beta2. And I was under the impression this feature was entirely removed and it was up to plugins to provide the feature? We've been using https://github.com/wieni/composer-plugin-patchsets, which worked well for our use-case. However, I **much** rather see this back in here so I'm happy to see it! I see it's possible to **exclude** patches from a dependency using `"ignore-dependency-patches"`. I think it should be inverse, I only allow patches from dependencies I trust. I think the default option we have now (granting every dependency patch rights by default) can become a potential can of worms to debug. People will have a much better understanding of why certain conflicts/errors happen if they are responsible to define which dependencies they want to grab patches from, which result in less GitHub issues/questions. Is it possible to define: ```json { "ignore-dependency-patches": ["*"], // don't allow patches from anyone else (should be default I think) "dependency-patches": ["your-org/drupal-patches"] // list of repositories you trust to apply patches from } ```

RobinHoutevelts commented 4 months ago

~~I'm also getting this error:~~

``` The "patches/drupal/core/2264739_mr2851.patch" file could not be downloaded: Failed to open stream: No such file or directory ```

Where patches/drupal/core/2264739_mr2851.patch is a file inside one of the repositories that defined a patch.

```json { "name": "your-org/drupal-patches", ... "patches": { "drupal/core": { "#2264739: Allow multiple field widgets to not use tabledrag": "patches/drupal/core/2264739_mr2851.patch" } } } ```

It's a problem I encountered too while developing [`wieni/composer-plugin-patchsets`](https://github.com/wieni/composer-plugin-patchsets). I've done this to solve it: perhaps you can take inspiration? https://github.com/wieni/composer-plugin-patchsets/blob/967f30ee65bb06eabee0e1c368b54a1e4da18ce0/src/PatchRepository/Loader.php#L100-L118

---

🙄 I'm an idiot. That error is why this issue exists. I'll create a separate issue for my previous comment. Sorry

RobinHoutevelts commented 4 months ago

@cweagans if you want I can also take a look at this one. But I'm busy for the next two weeks.

cweagans commented 4 months ago

I won't say no :) I'll update here if I beat you to it!

cweagans / composer-patches