Open peterjaap opened 1 year ago
Thanks! I like this idea very much. I’m not sure when I’ll have time to implement, however. PR welcome!
I hadn’t seen that feature of private packagist. That is very nice.
On Sep 6, 2022, at 3:12 PM, Peter Jaap Blaakmeer @.***> wrote:
This could be done by making them bold, or by sorting the list on direct & indirect.
For example, here's how Private Packagist updates our issues with a changelog;
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.
I also really like the column Operation
, by which you could easily identify downgrades.
@peterjaap are you going to give a PR a try?
Hmm I did a little bit of investigating and the code looks in the composer.lock file and uses that to compare. However, the composer.lock file does not hold any information on whether the package mentioned is a direct or indirect dependency.
A way to extract that information is to run composer show --direct
but we obviously can't run this command on the previous composer.lock state since that is retrieved from the Git repostiroy.
The way how composer does this internally is by fetching the require list from the composer.json
; https://github.com/composer/composer/blob/a63ce7cf96441a32ba70ef63b924c84422e91a98/src/Composer/Command/ShowCommand.php#L682
So the approach here would be to also load the composer.json
contents, get the require
list from that file, match the packages in composer.lock against those and that way define which are direct and which are indirect.
Quick & dirty small diff that adds an asterix to direct dependencies;
diff --git a/composer-lock-diff b/composer-lock-diff
index b665439..1ad1e4d 100755
--- a/composer-lock-diff
+++ b/composer-lock-diff
@@ -6,13 +6,15 @@ $opts = parseOpts();
$changes = array();
$data_from = load($opts['from'], $opts['path'], $opts['vcs'], '');
$data_to = load($opts['to'], $opts['path'], $opts['vcs'], 'composer.lock');
+$composerJson = json_decode(file_get_contents('composer.json'), true);
+$directComposerPackages = array_keys($composerJson['require']);
if (! $opts['only-dev']) {
- $changes['changes'] = diff('packages', $data_from, $data_to);
+ $changes['changes'] = diff('packages', $data_from, $data_to, $directComposerPackages);
}
if (! $opts['only-prod']) {
- $changes['changes-dev'] = diff('packages-dev', $data_from, $data_to);
+ $changes['changes-dev'] = diff('packages-dev', $data_from, $data_to, $directComposerPackages);
}
if ($opts['json']) {
@@ -42,7 +44,7 @@ foreach($changes as $k => $diff) {
print tableize($table_titles[$k], $diff, $table_opts);
}
-function diff($key, $data_from, $data_to) {
+function diff($key, $data_from, $data_to, $directComposerPackages) {
$pkgs = array();
@@ -62,9 +64,19 @@ function diff($key, $data_from, $data_to) {
$pkgs[$pkg->name][1] = version($pkg);
$pkgs[$pkg->name][2] = makeCompareUrl($pkg, $pkgs);
}
+
}
- return $pkgs;
+ foreach ($pkgs as $name => $data) {
+ if (in_array($name, $directComposerPackages)) {
+ $result[$name . '*'] = $data;
+ } else {
+ $result[$name] = $data;
+ }
+ }
+
+
+ return $result;
}
function version($pkg)
@@ -487,4 +499,3 @@ EOF;
exit(0);
}
Thanks for the diff! I'd like to implement this a little differently though. The information is read from exactly the same file path, vcs or not, with the extension changed from .lock
to .json
. For the output, I tried the asterisk but I didn't really like it. It was okay, but I thought displaying them separately would be better. What do you think of this markdown output? (The parens were used because HTML was breaking the line into two when there were spaces around Direct)
Production Changes | From | To | Compare |
---|---|---|---|
~(Direct) |
|||
caseysoftware/marvel-helper | 1.1.2 | 2.0.0 | ... |
doctrine/dbal | 2.2.0 | v2.9.2 | ... |
ircmaxell/random-lib | v1.1.0 | v1.2.0 | ... |
ircmaxell/security-lib | 1.0.0 | v1.1.0 | ... |
monolog/monolog | 1.10.0 | 895066e | ... |
payintegrator/afterpay | 1.5.0 | 2.0.0 | ... |
pmjones/fake | 0.0.1 | 0.2.0 | ... |
~(Indirect) |
|||
doctrine/common | 2.2.3 | REMOVED | |
guzzle/guzzle | v3.7.4 | REMOVED | |
guzzlehttp/guzzle | 6.2.3 | 6.5.5 | ... |
guzzlehttp/promises | v1.3.1 | 1.5.1 | ... |
guzzlehttp/psr7 | 1.6.1 | 1.8.3 | ... |
psr/log | 1.1.0 | 1.1.4 | ... |
symfony/event-dispatcher | v4.3.3 | REMOVED | |
symfony/event-dispatcher-contracts | v1.1.5 | REMOVED | |
doctrine/cache | NEW | 1.12.1 | |
doctrine/event-manager | NEW | 1.1.1 | |
symfony/polyfill-intl-idn | NEW | v1.25.0 | |
symfony/polyfill-intl-normalizer | NEW | v1.25.0 | |
symfony/polyfill-php72 | NEW | v1.25.0 |
And this table output,
+------------------------------------+--------+---------+-------------------------------------------------------------------------------------------------+
| Production Changes | From | To | Compare |
+------------------------------------+--------+---------+-------------------------------------------------------------------------------------------------+
| ~(Direct)~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~ | ~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| caseysoftware/marvel-helper | 1.1.2 | 2.0.0 | https://gitlab.com/CaseySoftware/marvel-php/compare/1.1.2...2.0.0 |
| doctrine/dbal | 2.2.0 | v2.9.2 | https://github.com/doctrine/dbal/compare/2.2.0...v2.9.2 |
| ircmaxell/random-lib | v1.1.0 | v1.2.0 | https://github.com/ircmaxell/RandomLib/compare/v1.1.0...v1.2.0 |
| ircmaxell/security-lib | 1.0.0 | v1.1.0 | https://github.com/ircmaxell/SecurityLib/compare/1.0.0...v1.1.0 |
| monolog/monolog | 1.10.0 | 895066e | https://github.com/Seldaek/monolog/compare/1.10.0...895066e |
| payintegrator/afterpay | 1.5.0 | 2.0.0 | https://bitbucket.org/afterpay-plugins/afterpay-composer-package/branches/compare/2.0.0%0D1.5.0 |
| pmjones/fake | 0.0.1 | 0.2.0 | https://gitlab.com/pmjones/fake/compare/0.0.1...0.2.0 |
| ~(Indirect)~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~ | ~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| doctrine/common | 2.2.3 | REMOVED | |
| guzzle/guzzle | v3.7.4 | REMOVED | |
| guzzlehttp/guzzle | 6.2.3 | 6.5.5 | https://github.com/guzzle/guzzle/compare/6.2.3...6.5.5 |
| guzzlehttp/promises | v1.3.1 | 1.5.1 | https://github.com/guzzle/promises/compare/v1.3.1...1.5.1 |
| guzzlehttp/psr7 | 1.6.1 | 1.8.3 | https://github.com/guzzle/psr7/compare/1.6.1...1.8.3 |
| psr/log | 1.1.0 | 1.1.4 | https://github.com/php-fig/log/compare/1.1.0...1.1.4 |
| symfony/event-dispatcher | v4.3.3 | REMOVED | |
| symfony/event-dispatcher-contracts | v1.1.5 | REMOVED | |
| doctrine/cache | NEW | 1.12.1 | |
| doctrine/event-manager | NEW | 1.1.1 | |
| symfony/polyfill-intl-idn | NEW | v1.25.0 | |
| symfony/polyfill-intl-normalizer | NEW | v1.25.0 | |
| symfony/polyfill-php72 | NEW | v1.25.0 | |
+------------------------------------+--------+---------+-------------------------------------------------------------------------------------------------+
I'm not sure I like it, but I'm not coming up with any other good ideas for display right now.
@davidrjonas I like it! Maybe hide the direct/indirect header when there are none?
+----------------------------------+---------+-----------+----------------------------------------------------------------------+
| Production Changes | From | To | Compare |
+----------------------------------+---------+-----------+----------------------------------------------------------------------+
| ~ Direct ~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~ | ~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| ~ Indirect ~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~ | ~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| box/spout | v3.3.0 | v2.7.3 | https://github.com/box/spout/compare/v3.3.0...v2.7.3 |
| magento/module-csp | 100.4.4 | REMOVED | |
| smile/elasticsuite | 2.10.11 | 2.10.12.1 | https://github.com/Smile-SA/elasticsuite/compare/2.10.11...2.10.12.1 |
| magento/module-inventory | NEW | 1.2.3 | |
| magento/module-inventory-api | NEW | 1.2.3 | |
| sivaschenko/magento2-clean-media | NEW | 1.1.1 | |
+----------------------------------+---------+-----------+----------------------------------------------------------------------+
@davidrjonas hmm I now noticed that table is incorrect, the smile/elasticsuite
and sivaschenko/magento2-clean-media
packages are actually direct dependencies.
This could be done by making them bold, or by sorting the list on direct & indirect.
For example, here's how Private Packagist updates our issues with a changelog;