Closed mgol closed 4 years ago
Reviewed the upgrade.
composer/ca-bundle
. No other (indirect) dependencies exist or were changed, and the new dependency also has no further dependencies.composer/ca-bundle
: The file ca-bundle.crt
was previously shipped directly and (some other version of) that file is now brought in from the composer org instead of maintained by ua-parser. The main difference is that it no longer uses the Mozilla CA bundle unconditionally for fetching updates. Instead, it will now first try to find a CA bundle on the system. This might end up being a problem, since we don't regularly update it on this server afaik and might be unable to establish connections in that case. We'll see. Afaik we don't run the updater regularly anyway, so might be ignorable.@Krinkle I don't have write access to this repository. Can you merge it if it looks fine for you?
Yeah, once I get to that point I will merge it! (I don't have admin rights and thus also unable to grant it to you.)
@Krinkle Can I update uap-php to 3.9.0? The v3.8.8...v3.9.0
diff is mostly regexes changes and some are improvements for Edge parsing so I'd like to get it in.
That's fine sure. We can handle that at the same time.
Note that this is still blocked on several other steps (per pull description). From a quick glance, it looks like upstream no longer has a working build on PHP 5.4. Which is fair for them (it's super EOL), but also what our server still runs.
Is it enough for us that 3.8.8 had PHP 5.4 support and the code changes between 3.8.8 and 3.9.0 are so minimal? Or do we need to update PHP first? -- Michał Gołębiowski-Owczarek
The v3.8.8...v3.9.0
changes are minimal indeed and do not pose any concern. The v3.4.7...v3.8.8
diff is less trivial, and I'll need to re-review those in light of PHP 5.4 compat. But, we could just try, and revert if we find issues. We'll need to ensure Composer still works, which I can do once time is on my side :)
Regarding PHP and Composer, let's continue in private at https://github.com/jquery/infrastructure/issues/444.
@Krinkle PR updated. I had to run composer update
& lots of things got removed from the lockfile, is that normal?
@mgol It's normal to the extent that it reflects the change that ua-parser has undergone. Upstream removed several of its (allegedly unused) dependencies.
@Krinkle It looks like the Chromium Edge may near a stable release so I had another look at it (as it's not clear when https://github.com/jquery/infrastructure/issues/449 gets resolved):
master
: https://github.com/composer/composer/blob/master/.travis.yml. The latest version should work with our PHP 5.4 then.The diff between 3.9.0
that this PR currently uses & 3.9.1
is just one script so I'd do that update as well in this PR.
@Krinkle could you weigh in? The new Edge will arrive in less than a month.
@mgol
Looks like Composer has come back from not supporting PHP 5.3. That is interesting to see. Good news.
Composer is installed, but not globally (and indeed should not be as root). I have a copy of it in my home directory, that's how I used it so far. But, moving the files is tedious indeed. Perhaps we can just check them into Git. That seems like a better plan (it's not nearly as bad as node_modules).
With the composer.lock
checked in and platform versions pinned (by default Composer's dependency tree can expand differently based on your OS/php version, php extensions etc.), it is fine to run locally with a different PHP than in prod. Thus making check-in quite feasible. I'll get on this now.
Now deployed.
krinkle@/var/www/swarm$ sudo mv vendor/ ../swarm-vendor-backup && sudo git pull
@Krinkle I rebased my PR and then:
composer.json
but bumped the ua-parser/uap-php
version from 3.9.0
to 3.9.2
. The diff here is mostly the regexes update, including the addition of KaiOS in 3.9.2
so it looks safe.composer.lock
to the state on master
& run composer update
to update it again.vendor
directory. I reset it to the master
state & run composer install --no-dev
to only update production dependencies. This removed some folders like psr
or symfony
, I hope that's fine.What are the next steps here? Can I help with anything?
This is needed to properly recognize: