laminas / laminas-component-installer

Composer plugin for injecting modules and configuration providers into application configuration
https://docs.laminas.dev/laminas-component-installer/
BSD 3-Clause "New" or "Revised" License
27 stars 12 forks source link

Using `composer install --no-interaction` is injecting modules into modules.config.php #1

Closed weierophinney closed 4 years ago

weierophinney commented 4 years ago

This seems like a bug to me. I can add --no-scripts which gives desired outcome but, I still think this is a bug.

Problem: Using composer install --no-interaction is injecting modules into modules.config.php.

Desired Outcome: using command should choose the default which is listed as Do Not Inject

- Installing doctrine/doctrine-module (1.2.0): Downloading (100%)

  Please select which config file you wish to inject 'DoctrineModule' into:
  [0] Do not inject
  [1] config/modules.config.php
  [2] config/development.config.php.dist
  Make your selection (default is 0):

- Installing zendframework/zend-form (2.12.0): Downloading (100%)

  Please select which config file you wish to inject 'Zend\Form' into:
  [0] Do not inject
  [1] config/modules.config.php
  [2] config/development.config.php.dist
  Make your selection (default is 0):

Default is set to Do not inject but, getting all of these modules injected anyway. Note the changes to the modules.config.php file after running this.

image

composer file being used:

{
    "name": "zfcampus/zf-apigility-skeleton",
    "description": "Skeleton Application for Apigility",
    "type": "library",
    "license": "BSD-3-Clause",
    "keywords": [
        "api",
        "apigility",
        "framework",
        "zf",
        "zendframework"
    ],
    "homepage": "http://apigility.org/",
    "support": {
        "issues": "https://github.com/zfcampus/zf-apigility-skeleton/issues",
        "source": "https://github.com/zfcampus/zf-apigility-skeleton",
        "rss": "https://github.com/zfcampus/zf-apigility-skeleton/releases.atom",
        "chat": "https://zendframework-slack.herokuapp.com",
        "forum": "https://discourse.zendframework.com/c/questions/apigility"
    },
    "config": {
        "process-timeout": 5000
    },
    "extra": {
        "branch-alias": {
            "dev-master": "1.5.x-dev",
            "dev-develop": "1.6.x-dev"
        }
    },
    "minimum-stability": "stable",
    "require": {
        "php": "^5.6 || ^7.0",
        "zendframework/zend-component-installer": "^1.1.1 || ^2.1.1",
        "zfcampus/zf-apigility": "^1.4",
        "zfcampus/zf-apigility-documentation": "^1.3",
        "zfcampus/zf-development-mode": "^3.2",
        "zfr/zfr-cors": "1.*",
        "guzzlehttp/guzzle": "^6.3",
        "elasticsearch/elasticsearch": "^5.3",
        "zfcampus/zf-apigility-doctrine": "^2.2",
        "doctrine/doctrine-mongo-odm-module": "^1.0",
        "mongodb/mongodb": "^1.4",
        "zfcampus/zf-doctrine-querybuilder": "^1.6",
        "phpunit/phpunit": "^7.3",
        "squizlabs/php_codesniffer": "^3.3"
    },
    "require-dev": {
        "zendframework/zend-developer-tools": "^1.2.1",
        "zendframework/zend-test": "^3.2",
        "zfcampus/zf-apigility-admin": "^1.6",
        "zfcampus/zf-asset-manager": "^1.2",
        "zfcampus/zf-composer-autoloading": "^1.1.1 || ^2.1",
        "zfcampus/zf-deploy": "^1.3"
    },
    "suggest": {
        "zfcampus/zf-apigility-doctrine": "zfcampus/zf-apigility-doctrine ^2.2 to create Doctrine-Connected REST services",
        "zfcampus/zf-http-cache": "zfcampus/zf-http-cache ^1.4 to add HTTP caching to your API",
        "zfr/zfr-cors": "zfr/zfr-cors ^1.5 to add CORS support to your API"
    },
    "autoload": {
        "psr-4": {
            "Application\\": "module/Application/src/",
            "ContentApi\\": "module/ContentApi/src/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "ApplicationTest\\": "module/Application/test/"
        },
        "files": [
            "src/Apigility/constants.php"
        ]
    },
    "scripts": {
        "cs-check": "phpcs",
        "cs-fix": "phpcbf",
        "development-disable": "zf-development-mode disable",
        "development-enable": "zf-development-mode enable",
        "development-status": "zf-development-mode status",
        "post-create-project-cmd": ["@development-enable"],
        "serve": "php -S 0.0.0.0:8080 -t public/",
        "test": "phpunit"
    }
}

Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56

weierophinney commented 4 years ago

This is how Composer works with the --no-interaction flag; it bypasses interactions, and any default values are what are then used.

We switched from defaulting to no injection to injecting with version 2 of this component because we handled far too many problems from users who selected the default behavior (no injection) and then couldn't understand why the code wasn't working. We found it was better from a general usability perspective to default to inject, as that was the expected behavior.

Generally speaking, if I want to install without interaction, I generally do not want scripts running, either. Most build commands I've seen that prepare the production install use the combination --no-interaction --no-scripts --optimize-autoloader --prefer-dist.


Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-427856030

weierophinney commented 4 years ago

There is inconsistency here between interactive and non-interactive modes. I think interactive mode defaults should be changed to mirror non-interactive behavior to avoid confusion.


Originally posted by @Xerkus at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428136674

weierophinney commented 4 years ago

@Xerkus Please read what I wrote above; we're not going to change this back, because defaulting to no injection led to a ton of support issues. We have far fewer support problems regarding modules today due to this change.

Additionally, interactive mode defaults to injection, which is exactly what non-interactive does as well. It's only when you apply the --no-scripts option that no injection happens. --no-scripts is not the same as --no-interaction. So I'm not sure what your assertion is regarding...


Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428196173

weierophinney commented 4 years ago

@weierophinney I guess we are in a sad state of development these days... albeit we need all the adoption we can get.

Anyhow, this statement is false AFAIK and @Xerkus is correct. Maybe it does (haven't tested myself yet) default to inject under the hood but, then that means the output is incorrect when in interactive mode that shows Do not inject as the default option which was throwing me off.

Additionally, interactive mode defaults to injection, which is exactly what non-interactive does as well.

I have shown the defaults in interactive mode in my post above as being Do not inject. A direct copy/paste of the output below:

- Installing zendframework/zend-form (2.12.0): Downloading (100%)

  Please select which config file you wish to inject 'Zend\Form' into:
  [0] Do not inject
  [1] config/modules.config.php
  [2] config/development.config.php.dist
  Make your selection (default is 0):

Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428255770

weierophinney commented 4 years ago

@worthwhileindustries Which versions of the following are you using, please?

Based on what you've reported, I created a zend-mvc project using the following:

$ composer create-project zendframework/skeleton-application test

I chose the minimal installation option. Once created, I entered the project, updated all dependencies, and also updated to the latest zend-component-installer:

$ composer update
$ composer require "zendframework/zend-component-installer:^2.0"

Which installed version 2.1.1.

Now, I decided to test installing zend-form, as you did.

First, I used interaction:

$ composer require zendframework/zend-form
Using version ^2.12 for zendframework/zend-form
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 4 installs, 0 updates, 0 removals
  - Installing zendframework/zend-hydrator (2.4.0): Loading from cache

  Please select which config file you wish to inject 'Zend\Hydrator' into:
  [0] Do not inject
  [1] config/modules.config.php
  [2] config/development.config.php.dist
  Make your selection (default is 1):

So, with an up-to-date version of zend-component-installer, we can see that the default is to inject to a production configuration.

I aborted, and then tried without interaction:

$ composer require --no-interaction zendframework/zend-form
Using version ^2.12 for zendframework/zend-form
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 4 installs, 0 updates, 0 removals
  - Installing zendframework/zend-hydrator (2.4.0): Loading from cache
    Installing Zend\Hydrator from package zendframework/zend-hydrator
  - Installing zendframework/zend-filter (2.8.0): Loading from cache
    Installing Zend\Filter from package zendframework/zend-filter
  - Installing zendframework/zend-inputfilter (2.8.2): Loading from cache
    Installing Zend\InputFilter from package zendframework/zend-inputfilter
  - Installing zendframework/zend-form (2.12.0): Loading from cache
    Installing Zend\Form from package zendframework/zend-form
zendframework/zend-hydrator suggests installing zendframework/zend-serializer (^2.6.1, to use the SerializableStrategy)
zendframework/zend-filter suggests installing zendframework/zend-crypt (Zend\Crypt component, for encryption filters)
zendframework/zend-filter suggests installing zendframework/zend-i18n (Zend\I18n component for filters depending on i18n functionality)
zendframework/zend-form suggests installing zendframework/zend-captcha (^2.7.1, required for using CAPTCHA form elements)
zendframework/zend-form suggests installing zendframework/zend-code (^2.6 || ^3.0, required to use zend-form annotations support)
zendframework/zend-form suggests installing zendframework/zend-i18n (^2.6, required when using zend-form view helpers)
zendframework/zend-form suggests installing zendframework/zendservice-recaptcha (in order to use the ReCaptcha form element)
Writing lock file
Generating autoload files

Note that it does inject; after each component is installed, it mentions it is installing the component. I verified by inspecting my config/modules.config.php:

return [
    'Zend\Form',
    'Zend\InputFilter',
    'Zend\Filter',
    'Zend\Hydrator',
    'Zend\Router',
    'Zend\Validator',
    'Application',
];

So, my take is: you're using the old 0.X series of zend-component-installer that's bundled in the framework. Upgrade that, and you'll observe the behavior I described.

Now, I see two action items based on this:

The former is likely something to include both in the installer's documentation, as well as in the Expressive and zend-mvc tutorials.

The latter is something for the zendframework/ZendSkeletonApplication repository.


Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428271388

weierophinney commented 4 years ago

And, final point: what I demonstrate above is that the behavior is the same regardless of whether or not the --no-interaction is in use, when using the latest versions of zend-component-installer, which is what the original report was asserting was not the case. The behavior may not be what you want, but it's consistent, and it's what we opted for after answering support questions for more than a year related to the defaults.


Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428272234

weierophinney commented 4 years ago

@weierophinney I haven't tried updating all the things but, just for reference this is what my versions look like for this particular issue originally posted.

root@c48ba3e70f3a:/var/www/html# composer info
alcaeus/mongo-php-adapter                      1.1.3   Adapter to provide ext-mongo interface on top of mongo-php-libary
api-skeletons/zf-doctrine-module-zend-hydrator 1.0.1   Corrects DoctrineModule classes to use zend-hydrator
bshaffer/oauth2-server-php                     v1.10.0 OAuth2 Server for PHP
container-interop/container-interop            1.2.0   Promoting the interoperability of container objects (DIC, SL, etc.)
doctrine/annotations                           v1.6.0  Docblock Annotations Parser
doctrine/cache                                 v1.8.0  Caching library offering an object-oriented API for many cache backends
doctrine/collections                           v1.5.0  Collections Abstraction library
doctrine/common                                v2.9.0  Common Library for Doctrine projects
doctrine/doctrine-module                       1.2.0   Zend Framework Module that provides Doctrine basic functionality required for ORM and ODM modules
doctrine/doctrine-mongo-odm-module             1.0.0   Zend Framework Module that provides Doctrine MongoDB ODM functionality
doctrine/event-manager                         v1.0.0  Doctrine Event Manager component
doctrine/inflector                             v1.3.0  Common String Manipulations with regard to casing and singular/plural rules.
doctrine/instantiator                          1.1.0   A small, lightweight utility to instantiate objects in PHP without invoking their constructors
doctrine/lexer                                 v1.0.1  Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.
doctrine/mongodb                               1.6.3   Doctrine MongoDB Abstraction Layer
doctrine/mongodb-odm                           1.2.5   Doctrine MongoDB Object Document Mapper
doctrine/persistence                           v1.0.1  Doctrine Persistence abstractions.
doctrine/reflection                            v1.0.0  Doctrine Reflection component
elasticsearch/elasticsearch                    v5.3.2  PHP Client for Elasticsearch
guzzlehttp/guzzle                              6.3.3   Guzzle is a PHP HTTP client library
guzzlehttp/promises                            v1.3.1  Guzzle promises library
guzzlehttp/psr7                                1.4.2   PSR-7 message implementation that also provides common utility methods
guzzlehttp/ringphp                             1.1.1   Provides a simple API and specification that abstracts away the details of HTTP into a single PHP function.
guzzlehttp/streams                             3.0.0   Provides a simple abstraction over streams of data
herrera-io/json                                1.0.3   A library for simplifying JSON linting and validation.
herrera-io/phar-update                         1.0.3   A library for self-updating Phars.
justinrainbow/json-schema                      1.6.1   A library to validate a json schema.
kherge/version                                 1.0.1   A parsing and comparison library for semantic versioning.
michelf/php-markdown                           1.8.0   PHP Markdown
mongodb/mongodb                                1.4.2   MongoDB driver library
myclabs/deep-copy                              1.8.1   Create deep copies (clones) of your objects
paragonie/random_compat                        v2.0.17 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
phar-io/manifest                               1.0.3   Component for reading phar.io manifest information from a PHP Archive (PHAR)
phar-io/version                                2.0.1   Library for handling version information and constraints
phpdocumentor/reflection-common                1.0.1   Common reflection classes used by phpdocumentor to reflect the code structure
phpdocumentor/reflection-docblock              4.3.0   With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.
phpdocumentor/type-resolver                    0.4.0  
phpro/zf-doctrine-hydration-module             v3.0.0  Doctrine hydrators for ZF2 and ZF3
phpspec/prophecy                               1.8.0   Highly opinionated mocking framework for PHP 5.3+
phpunit/php-code-coverage                      6.0.7   Library that provides collection, processing, and rendering functionality for PHP code coverage information.
phpunit/php-file-iterator                      2.0.1   FilterIterator implementation that filters files based on a list of suffixes.
phpunit/php-text-template                      1.2.1   Simple template engine.
phpunit/php-timer                              2.0.0   Utility class for timing
phpunit/php-token-stream                       3.0.0   Wrapper around PHP's tokenizer extension.
phpunit/phpunit                                7.3.5   The PHP Unit Testing framework.
psr/cache                                      1.0.1   Common interface for caching libraries
psr/container                                  1.0.0   Common Container Interface (PHP FIG PSR-11)
psr/http-message                               1.0.1   Common interface for HTTP messages
psr/link                                       1.0.0   Common interfaces for HTTP links
psr/log                                        1.0.2   Common interface for logging libraries
psr/simple-cache                               1.0.1   Common interfaces for simple caching
react/promise                                  v2.7.0  A lightweight implementation of CommonJS Promises/A for PHP
sebastian/code-unit-reverse-lookup             1.0.1   Looks up which function or method a line of code belongs to
sebastian/comparator                           3.0.2   Provides the functionality to compare PHP values for equality
sebastian/diff                                 3.0.1   Diff implementation
sebastian/environment                          3.1.0   Provides functionality to handle HHVM/PHP environments
sebastian/exporter                             3.1.0   Provides the functionality to export PHP variables for visualization
sebastian/global-state                         2.0.0   Snapshotting of global state
sebastian/object-enumerator                    3.0.3   Traverses array structures and object graphs to enumerate all referenced objects
sebastian/object-reflector                     1.1.1   Allows reflection of object attributes, including inherited and non-public ones
sebastian/recursion-context                    3.0.0   Provides functionality to recursively process PHP variables
sebastian/resource-operations                  1.0.0   Provides a list of PHP built-in functions that operate on resources
sebastian/version                              2.0.1   Library that helps with managing the version number of Git-hosted PHP projects
seld/jsonlint                                  1.7.1   JSON Linter
squizlabs/php_codesniffer                      3.3.1   PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
symfony/console                                v3.4.15 Symfony Console Component
symfony/debug                                  v4.1.4  Symfony Debug Component
symfony/polyfill-mbstring                      v1.9.0  Symfony polyfill for the Mbstring extension
theseer/tokenizer                              1.1.0   A small library for converting tokenized PHP source code into XML and potentially other formats
webmozart/assert                               1.3.0   Assertions to validate method input/output with nice error messages.
zendframework/zend-authentication              2.6.0   provides an API for authentication and includes concrete authentication adapters for common use case scenarios
zendframework/zend-cache                       2.8.2   Caching implementation with a variety of storage options, as well as codified caching strategies for callbacks, classes, and output
zendframework/zend-code                        3.3.1   provides facilities to generate arbitrary code using an object oriented interface
zendframework/zend-component-installer         2.1.1   Composer plugin for automating component registration in zend-mvc and Expressive applications
zendframework/zend-config                      3.2.0   provides a nested object property based user interface for accessing this configuration data within application code
zendframework/zend-console                     2.7.0   Build console applications using getopt syntax or routing, complete with prompts
zendframework/zend-crypt                       3.3.0   Strong cryptography tools and password hashing
zendframework/zend-db                          2.9.3   Database abstraction layer, SQL abstraction, result set abstraction, and RowDataGateway and TableDataGateway implementations
zendframework/zend-debug                       2.6.0   Safely dump debug information to HTML
zendframework/zend-developer-tools             1.2.1   Module for developer and debug tools for use with zend-mvc applications.
zendframework/zend-dom                         2.7.1   provides tools for working with DOM documents and structures
zendframework/zend-escaper                     2.6.0   Securely and safely escape HTML, HTML attributes, JavaScript, CSS, and URLs
zendframework/zend-eventmanager                3.2.1   Trigger and listen to events within a PHP application
zendframework/zend-filter                      2.8.0   provides a set of commonly needed data filters
zendframework/zend-form                        2.12.0  Validate and display simple and complex forms, casting forms to business objects and vice versa
zendframework/zend-http                        2.8.2   Provides an easy interface for performing Hyper-Text Transfer Protocol (HTTP) requests
zendframework/zend-hydrator                    2.4.0   Serialize objects to arrays, and vice versa
zendframework/zend-inputfilter                 2.8.2   Normalize and validate input sets from the web, APIs, the CLI, and more, including files
zendframework/zend-json                        3.1.0   provides convenience methods for serializing native PHP to JSON and decoding JSON to native PHP
zendframework/zend-loader                      2.6.0   Autoloading and plugin loading strategies
zendframework/zend-math                        3.1.1   Create cryptographically secure pseudo-random numbers, and manage big integers
zendframework/zend-modulemanager               2.8.2   Modular application system for zend-mvc applications
zendframework/zend-mvc                         3.1.1   Zend Framework's event-driven MVC layer, including MVC Applications, Controllers, and Plugins
zendframework/zend-paginator                   2.8.1   zend-paginator is a flexible component for paginating collections of data and presenting that data to users.
zendframework/zend-permissions-acl             2.7.0   Provides a lightweight and flexible access control list (ACL) implementation for privileges management
zendframework/zend-permissions-rbac            3.0.1   Provides a role-based access control management
zendframework/zend-router                      3.2.0   Flexible routing system for HTTP and console applications
zendframework/zend-servicemanager              3.3.2   Factory-Driven Dependency Injection Container
zendframework/zend-stdlib                      3.2.1   SPL extensions, array utilities, error handlers, and more
zendframework/zend-test                        3.2.0   Tools to facilitate unit testing of zend-mvc applications
zendframework/zend-uri                         2.6.1   A component that aids in manipulating and validating » Uniform Resource Identifiers (URIs)
zendframework/zend-validator                   2.10.2  provides a set of commonly needed validators
zendframework/zend-view                        2.10.0  provides a system of helpers, output filters, and variable escaping
zfcampus/zf-api-problem                        1.3.0   ZF2 Module providing API-Problem assets and rendering
zfcampus/zf-apigility                          1.4.0   Apigility module for Zend Framework
zfcampus/zf-apigility-admin                    1.6.0   Apigility Admin module
zfcampus/zf-apigility-admin-ui                 1.3.11  Apigility Admin UI module
zfcampus/zf-apigility-doctrine                 2.2.0   Apigility Doctrine module
zfcampus/zf-apigility-documentation            1.3.0   Apigility API documentation module
zfcampus/zf-apigility-provider                 1.3.0   Apigility interfaces
zfcampus/zf-asset-manager                      1.2.0   Composer plugin for copying module assets into application document roots.
zfcampus/zf-composer-autoloading               2.1.0   Sets up Composer-based autoloading for your Zend Framework modules
zfcampus/zf-configuration                      1.3.3   Zend Framework module providing a REST resource for manipulating configuration
zfcampus/zf-console                            1.4.0   Library for creating and dispatching console commands
zfcampus/zf-content-negotiation                1.4.0   ZF Module providing content-negotiation features
zfcampus/zf-content-validation                 1.6.1   Zend Framework module providing incoming content validation
zfcampus/zf-deploy                             1.3.0   Deployment tool for Zend Framework applications
zfcampus/zf-development-mode                   3.2.0   Zend Framework development mode script
zfcampus/zf-doctrine-querybuilder              1.6.0   Apigility Doctrine QueryBuilder module
zfcampus/zf-hal                                1.5.0   ZF2 Module providing Hypermedia Application Language assets and rendering
zfcampus/zf-mvc-auth                           1.5.1   ZF2 Module providing Authentication and Authorization events and infrastructure
zfcampus/zf-oauth2                             1.5.0   ZF module for implementing an OAuth2 server
zfcampus/zf-rest                               1.5.0   ZF Module providing structure for RESTful resources
zfcampus/zf-rpc                                1.4.0   ZF2 Module for simplifying the creation of RPC services
zfcampus/zf-versioning                         1.3.0   ZF2 Module providing listeners and route prototypes for implementing API versioning
zfr/zfr-cors                                   v1.5.0  Zend Framework 2 module that let you deal with CORS requests

Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428335538

weierophinney commented 4 years ago

It looks like you're on zend-component-installer 2.1.1, which is the latest.

Which means I cannot reproduce your issue - what I posted in here today was based on that same version, and I'm clearly getting different results.


Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428362836

weierophinney commented 4 years ago

Closing, as unable to reproduce.

InvisibleSmiley commented 7 months ago

We need to document better that you need to run composer install with the --no-interaction flag if decide not to inject module configuration in your application during installation, and/or remove it later.

It seems to me that it was missed to update the documentation.

I just ran into issues that are a direct consequence of this magic config modification when composer install --no-interaction is used.

I'm not going to reiterate that this is unexpected behavior to some people, but instead focus on the documentation part.

What is mentioned in the documentation is the component-auto-installs key under extra, laminas. To me it reads as if packages are never auto-installed if that key is missing or a given dependency is not listed under it. But after experiencing what this issue is about I now know that this assumption is wrong, and the documentation should be updated accordingly (probably in this very section).

Affects:

boesing commented 7 months ago

Just my 2 cents here:

From what I know is, the component-auto-installs was initially created for the skeleton applications so that one does not have to manually accept installations of chosen components during composer create-project .... @weierophinney might correct me if I'm wrong.

I've added the component-ignore-list because of the issue mentioned here, especially since we somehow had to add laminas-db due to weird behavior of psalm analyzing our project going over validator component and suddenly exited with errors due to the lack of the laminas db component (as validator does extend classes from there).


The option --no-interaction just forces CLI commands to choose default options when user input is required. Since the default is put into <projectSpecificConfig>.php instead of Do nothing (or similar phrased), that is what is chosen from the commands/plugins perspective.

In https://github.com/laminas/laminas-component-installer/issues/80 is even requested that the pre-chosen config file should be more precisely depending on where the dependency is registered in the projects composer.json (i.e. require-dev or require section).

IMHO, if projects do not want plugins to interact at all, --no-plugins should be used along with --no-interaction. But regarding the documentation, I do not see that it says "components are not installed automatically", but I can see that this might be "weird behavior". Fine with having documentation extended but IMHO thats just default behavior on how CLI commands work n general, not sure if that has to be documented but I do not mind if we do state that somewhere.

InvisibleSmiley commented 7 months ago

But regarding the documentation, I do not see that it says "components are not installed automatically", but I can see that this might be "weird behavior".

It doesn't say that but it is what I understand from reading the documentation top to bottom. Both the readme and the docs.laminas.dev documentation first explain how to install the package, then how to adapt packages utilizing it, and then we have the following headings:

So if the documentation prominently states how to enable auto-install, conversely the assumption is that without explicit action/config, auto-install will not happen ever.

You have the technical background to know that this is not true, and I had to learn it the hard way, but this is not how documentation should work (assuming people know things that play a role but are not mentioned explicitly).

Anyway, I only left the original comment to help improve the situation for other people who might run into this like I did.

Personally I will just remove this package dependency from all of our projects since I find it strange (borderline unacceptable) that a plugin modifies production code during composer install. I know you can use --no-plugins but that's maybe not what I want during a composer install with dev dependencies enabled with the aim of running QA tools. You don't have to agree with me here, and I understand different people have different intentions/expectations. No-one is forced to use any package, so everyone can make their own choice. Just keep in mind that this choice/opinion of mine is not what this is about, it's about updating the documentation to an extent that makes clear how this package behaves in different circumstances.