Closed weierophinney closed 4 years ago
This is how Composer works with the --no-interaction
flag; it bypasses interactions, and any default values are what are then used.
We switched from defaulting to no injection to injecting with version 2 of this component because we handled far too many problems from users who selected the default behavior (no injection) and then couldn't understand why the code wasn't working. We found it was better from a general usability perspective to default to inject, as that was the expected behavior.
Generally speaking, if I want to install without interaction, I generally do not want scripts running, either. Most build commands I've seen that prepare the production install use the combination --no-interaction --no-scripts --optimize-autoloader --prefer-dist
.
Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-427856030
There is inconsistency here between interactive and non-interactive modes. I think interactive mode defaults should be changed to mirror non-interactive behavior to avoid confusion.
Originally posted by @Xerkus at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428136674
@Xerkus Please read what I wrote above; we're not going to change this back, because defaulting to no injection led to a ton of support issues. We have far fewer support problems regarding modules today due to this change.
Additionally, interactive mode defaults to injection, which is exactly what non-interactive does as well. It's only when you apply the --no-scripts
option that no injection happens. --no-scripts
is not the same as --no-interaction
. So I'm not sure what your assertion is regarding...
Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428196173
@weierophinney I guess we are in a sad state of development these days... albeit we need all the adoption we can get.
Anyhow, this statement is false AFAIK and @Xerkus is correct. Maybe it does (haven't tested myself yet) default to inject under the hood but, then that means the output is incorrect when in interactive mode that shows Do not inject
as the default option which was throwing me off.
Additionally, interactive mode defaults to injection, which is exactly what non-interactive does as well.
I have shown the defaults in interactive mode in my post above as being Do not inject
. A direct copy/paste of the output below:
- Installing zendframework/zend-form (2.12.0): Downloading (100%)
Please select which config file you wish to inject 'Zend\Form' into:
[0] Do not inject
[1] config/modules.config.php
[2] config/development.config.php.dist
Make your selection (default is 0):
Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428255770
@worthwhileindustries Which versions of the following are you using, please?
Based on what you've reported, I created a zend-mvc project using the following:
$ composer create-project zendframework/skeleton-application test
I chose the minimal installation option. Once created, I entered the project, updated all dependencies, and also updated to the latest zend-component-installer:
$ composer update
$ composer require "zendframework/zend-component-installer:^2.0"
Which installed version 2.1.1.
Now, I decided to test installing zend-form, as you did.
First, I used interaction:
$ composer require zendframework/zend-form
Using version ^2.12 for zendframework/zend-form
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 4 installs, 0 updates, 0 removals
- Installing zendframework/zend-hydrator (2.4.0): Loading from cache
Please select which config file you wish to inject 'Zend\Hydrator' into:
[0] Do not inject
[1] config/modules.config.php
[2] config/development.config.php.dist
Make your selection (default is 1):
So, with an up-to-date version of zend-component-installer, we can see that the default is to inject to a production configuration.
I aborted, and then tried without interaction:
$ composer require --no-interaction zendframework/zend-form
Using version ^2.12 for zendframework/zend-form
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 4 installs, 0 updates, 0 removals
- Installing zendframework/zend-hydrator (2.4.0): Loading from cache
Installing Zend\Hydrator from package zendframework/zend-hydrator
- Installing zendframework/zend-filter (2.8.0): Loading from cache
Installing Zend\Filter from package zendframework/zend-filter
- Installing zendframework/zend-inputfilter (2.8.2): Loading from cache
Installing Zend\InputFilter from package zendframework/zend-inputfilter
- Installing zendframework/zend-form (2.12.0): Loading from cache
Installing Zend\Form from package zendframework/zend-form
zendframework/zend-hydrator suggests installing zendframework/zend-serializer (^2.6.1, to use the SerializableStrategy)
zendframework/zend-filter suggests installing zendframework/zend-crypt (Zend\Crypt component, for encryption filters)
zendframework/zend-filter suggests installing zendframework/zend-i18n (Zend\I18n component for filters depending on i18n functionality)
zendframework/zend-form suggests installing zendframework/zend-captcha (^2.7.1, required for using CAPTCHA form elements)
zendframework/zend-form suggests installing zendframework/zend-code (^2.6 || ^3.0, required to use zend-form annotations support)
zendframework/zend-form suggests installing zendframework/zend-i18n (^2.6, required when using zend-form view helpers)
zendframework/zend-form suggests installing zendframework/zendservice-recaptcha (in order to use the ReCaptcha form element)
Writing lock file
Generating autoload files
Note that it does inject; after each component is installed, it mentions it is installing the component. I verified by inspecting my config/modules.config.php
:
return [
'Zend\Form',
'Zend\InputFilter',
'Zend\Filter',
'Zend\Hydrator',
'Zend\Router',
'Zend\Validator',
'Application',
];
So, my take is: you're using the old 0.X series of zend-component-installer that's bundled in the framework. Upgrade that, and you'll observe the behavior I described.
Now, I see two action items based on this:
We need to document better that you need to run composer install
with the --no-interaction
flag if decide not to inject module configuration in your application during installation, and/or remove it later.
We need to update the skeleton to use a more recent version of zend-component-installer.
The former is likely something to include both in the installer's documentation, as well as in the Expressive and zend-mvc tutorials.
The latter is something for the zendframework/ZendSkeletonApplication repository.
Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428271388
And, final point: what I demonstrate above is that the behavior is the same regardless of whether or not the --no-interaction
is in use, when using the latest versions of zend-component-installer, which is what the original report was asserting was not the case. The behavior may not be what you want, but it's consistent, and it's what we opted for after answering support questions for more than a year related to the defaults.
Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428272234
@weierophinney I haven't tried updating all the things but, just for reference this is what my versions look like for this particular issue originally posted.
root@c48ba3e70f3a:/var/www/html# composer info
alcaeus/mongo-php-adapter 1.1.3 Adapter to provide ext-mongo interface on top of mongo-php-libary
api-skeletons/zf-doctrine-module-zend-hydrator 1.0.1 Corrects DoctrineModule classes to use zend-hydrator
bshaffer/oauth2-server-php v1.10.0 OAuth2 Server for PHP
container-interop/container-interop 1.2.0 Promoting the interoperability of container objects (DIC, SL, etc.)
doctrine/annotations v1.6.0 Docblock Annotations Parser
doctrine/cache v1.8.0 Caching library offering an object-oriented API for many cache backends
doctrine/collections v1.5.0 Collections Abstraction library
doctrine/common v2.9.0 Common Library for Doctrine projects
doctrine/doctrine-module 1.2.0 Zend Framework Module that provides Doctrine basic functionality required for ORM and ODM modules
doctrine/doctrine-mongo-odm-module 1.0.0 Zend Framework Module that provides Doctrine MongoDB ODM functionality
doctrine/event-manager v1.0.0 Doctrine Event Manager component
doctrine/inflector v1.3.0 Common String Manipulations with regard to casing and singular/plural rules.
doctrine/instantiator 1.1.0 A small, lightweight utility to instantiate objects in PHP without invoking their constructors
doctrine/lexer v1.0.1 Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.
doctrine/mongodb 1.6.3 Doctrine MongoDB Abstraction Layer
doctrine/mongodb-odm 1.2.5 Doctrine MongoDB Object Document Mapper
doctrine/persistence v1.0.1 Doctrine Persistence abstractions.
doctrine/reflection v1.0.0 Doctrine Reflection component
elasticsearch/elasticsearch v5.3.2 PHP Client for Elasticsearch
guzzlehttp/guzzle 6.3.3 Guzzle is a PHP HTTP client library
guzzlehttp/promises v1.3.1 Guzzle promises library
guzzlehttp/psr7 1.4.2 PSR-7 message implementation that also provides common utility methods
guzzlehttp/ringphp 1.1.1 Provides a simple API and specification that abstracts away the details of HTTP into a single PHP function.
guzzlehttp/streams 3.0.0 Provides a simple abstraction over streams of data
herrera-io/json 1.0.3 A library for simplifying JSON linting and validation.
herrera-io/phar-update 1.0.3 A library for self-updating Phars.
justinrainbow/json-schema 1.6.1 A library to validate a json schema.
kherge/version 1.0.1 A parsing and comparison library for semantic versioning.
michelf/php-markdown 1.8.0 PHP Markdown
mongodb/mongodb 1.4.2 MongoDB driver library
myclabs/deep-copy 1.8.1 Create deep copies (clones) of your objects
paragonie/random_compat v2.0.17 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
phar-io/manifest 1.0.3 Component for reading phar.io manifest information from a PHP Archive (PHAR)
phar-io/version 2.0.1 Library for handling version information and constraints
phpdocumentor/reflection-common 1.0.1 Common reflection classes used by phpdocumentor to reflect the code structure
phpdocumentor/reflection-docblock 4.3.0 With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.
phpdocumentor/type-resolver 0.4.0
phpro/zf-doctrine-hydration-module v3.0.0 Doctrine hydrators for ZF2 and ZF3
phpspec/prophecy 1.8.0 Highly opinionated mocking framework for PHP 5.3+
phpunit/php-code-coverage 6.0.7 Library that provides collection, processing, and rendering functionality for PHP code coverage information.
phpunit/php-file-iterator 2.0.1 FilterIterator implementation that filters files based on a list of suffixes.
phpunit/php-text-template 1.2.1 Simple template engine.
phpunit/php-timer 2.0.0 Utility class for timing
phpunit/php-token-stream 3.0.0 Wrapper around PHP's tokenizer extension.
phpunit/phpunit 7.3.5 The PHP Unit Testing framework.
psr/cache 1.0.1 Common interface for caching libraries
psr/container 1.0.0 Common Container Interface (PHP FIG PSR-11)
psr/http-message 1.0.1 Common interface for HTTP messages
psr/link 1.0.0 Common interfaces for HTTP links
psr/log 1.0.2 Common interface for logging libraries
psr/simple-cache 1.0.1 Common interfaces for simple caching
react/promise v2.7.0 A lightweight implementation of CommonJS Promises/A for PHP
sebastian/code-unit-reverse-lookup 1.0.1 Looks up which function or method a line of code belongs to
sebastian/comparator 3.0.2 Provides the functionality to compare PHP values for equality
sebastian/diff 3.0.1 Diff implementation
sebastian/environment 3.1.0 Provides functionality to handle HHVM/PHP environments
sebastian/exporter 3.1.0 Provides the functionality to export PHP variables for visualization
sebastian/global-state 2.0.0 Snapshotting of global state
sebastian/object-enumerator 3.0.3 Traverses array structures and object graphs to enumerate all referenced objects
sebastian/object-reflector 1.1.1 Allows reflection of object attributes, including inherited and non-public ones
sebastian/recursion-context 3.0.0 Provides functionality to recursively process PHP variables
sebastian/resource-operations 1.0.0 Provides a list of PHP built-in functions that operate on resources
sebastian/version 2.0.1 Library that helps with managing the version number of Git-hosted PHP projects
seld/jsonlint 1.7.1 JSON Linter
squizlabs/php_codesniffer 3.3.1 PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
symfony/console v3.4.15 Symfony Console Component
symfony/debug v4.1.4 Symfony Debug Component
symfony/polyfill-mbstring v1.9.0 Symfony polyfill for the Mbstring extension
theseer/tokenizer 1.1.0 A small library for converting tokenized PHP source code into XML and potentially other formats
webmozart/assert 1.3.0 Assertions to validate method input/output with nice error messages.
zendframework/zend-authentication 2.6.0 provides an API for authentication and includes concrete authentication adapters for common use case scenarios
zendframework/zend-cache 2.8.2 Caching implementation with a variety of storage options, as well as codified caching strategies for callbacks, classes, and output
zendframework/zend-code 3.3.1 provides facilities to generate arbitrary code using an object oriented interface
zendframework/zend-component-installer 2.1.1 Composer plugin for automating component registration in zend-mvc and Expressive applications
zendframework/zend-config 3.2.0 provides a nested object property based user interface for accessing this configuration data within application code
zendframework/zend-console 2.7.0 Build console applications using getopt syntax or routing, complete with prompts
zendframework/zend-crypt 3.3.0 Strong cryptography tools and password hashing
zendframework/zend-db 2.9.3 Database abstraction layer, SQL abstraction, result set abstraction, and RowDataGateway and TableDataGateway implementations
zendframework/zend-debug 2.6.0 Safely dump debug information to HTML
zendframework/zend-developer-tools 1.2.1 Module for developer and debug tools for use with zend-mvc applications.
zendframework/zend-dom 2.7.1 provides tools for working with DOM documents and structures
zendframework/zend-escaper 2.6.0 Securely and safely escape HTML, HTML attributes, JavaScript, CSS, and URLs
zendframework/zend-eventmanager 3.2.1 Trigger and listen to events within a PHP application
zendframework/zend-filter 2.8.0 provides a set of commonly needed data filters
zendframework/zend-form 2.12.0 Validate and display simple and complex forms, casting forms to business objects and vice versa
zendframework/zend-http 2.8.2 Provides an easy interface for performing Hyper-Text Transfer Protocol (HTTP) requests
zendframework/zend-hydrator 2.4.0 Serialize objects to arrays, and vice versa
zendframework/zend-inputfilter 2.8.2 Normalize and validate input sets from the web, APIs, the CLI, and more, including files
zendframework/zend-json 3.1.0 provides convenience methods for serializing native PHP to JSON and decoding JSON to native PHP
zendframework/zend-loader 2.6.0 Autoloading and plugin loading strategies
zendframework/zend-math 3.1.1 Create cryptographically secure pseudo-random numbers, and manage big integers
zendframework/zend-modulemanager 2.8.2 Modular application system for zend-mvc applications
zendframework/zend-mvc 3.1.1 Zend Framework's event-driven MVC layer, including MVC Applications, Controllers, and Plugins
zendframework/zend-paginator 2.8.1 zend-paginator is a flexible component for paginating collections of data and presenting that data to users.
zendframework/zend-permissions-acl 2.7.0 Provides a lightweight and flexible access control list (ACL) implementation for privileges management
zendframework/zend-permissions-rbac 3.0.1 Provides a role-based access control management
zendframework/zend-router 3.2.0 Flexible routing system for HTTP and console applications
zendframework/zend-servicemanager 3.3.2 Factory-Driven Dependency Injection Container
zendframework/zend-stdlib 3.2.1 SPL extensions, array utilities, error handlers, and more
zendframework/zend-test 3.2.0 Tools to facilitate unit testing of zend-mvc applications
zendframework/zend-uri 2.6.1 A component that aids in manipulating and validating » Uniform Resource Identifiers (URIs)
zendframework/zend-validator 2.10.2 provides a set of commonly needed validators
zendframework/zend-view 2.10.0 provides a system of helpers, output filters, and variable escaping
zfcampus/zf-api-problem 1.3.0 ZF2 Module providing API-Problem assets and rendering
zfcampus/zf-apigility 1.4.0 Apigility module for Zend Framework
zfcampus/zf-apigility-admin 1.6.0 Apigility Admin module
zfcampus/zf-apigility-admin-ui 1.3.11 Apigility Admin UI module
zfcampus/zf-apigility-doctrine 2.2.0 Apigility Doctrine module
zfcampus/zf-apigility-documentation 1.3.0 Apigility API documentation module
zfcampus/zf-apigility-provider 1.3.0 Apigility interfaces
zfcampus/zf-asset-manager 1.2.0 Composer plugin for copying module assets into application document roots.
zfcampus/zf-composer-autoloading 2.1.0 Sets up Composer-based autoloading for your Zend Framework modules
zfcampus/zf-configuration 1.3.3 Zend Framework module providing a REST resource for manipulating configuration
zfcampus/zf-console 1.4.0 Library for creating and dispatching console commands
zfcampus/zf-content-negotiation 1.4.0 ZF Module providing content-negotiation features
zfcampus/zf-content-validation 1.6.1 Zend Framework module providing incoming content validation
zfcampus/zf-deploy 1.3.0 Deployment tool for Zend Framework applications
zfcampus/zf-development-mode 3.2.0 Zend Framework development mode script
zfcampus/zf-doctrine-querybuilder 1.6.0 Apigility Doctrine QueryBuilder module
zfcampus/zf-hal 1.5.0 ZF2 Module providing Hypermedia Application Language assets and rendering
zfcampus/zf-mvc-auth 1.5.1 ZF2 Module providing Authentication and Authorization events and infrastructure
zfcampus/zf-oauth2 1.5.0 ZF module for implementing an OAuth2 server
zfcampus/zf-rest 1.5.0 ZF Module providing structure for RESTful resources
zfcampus/zf-rpc 1.4.0 ZF2 Module for simplifying the creation of RPC services
zfcampus/zf-versioning 1.3.0 ZF2 Module providing listeners and route prototypes for implementing API versioning
zfr/zfr-cors v1.5.0 Zend Framework 2 module that let you deal with CORS requests
Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428335538
It looks like you're on zend-component-installer 2.1.1, which is the latest.
Which means I cannot reproduce your issue - what I posted in here today was based on that same version, and I'm clearly getting different results.
Originally posted by @weierophinney at https://github.com/zendframework/zend-component-installer/issues/56#issuecomment-428362836
Closing, as unable to reproduce.
We need to document better that you need to run
composer install
with the--no-interaction
flag if decide not to inject module configuration in your application during installation, and/or remove it later.
It seems to me that it was missed to update the documentation.
I just ran into issues that are a direct consequence of this magic config modification when composer install --no-interaction
is used.
I'm not going to reiterate that this is unexpected behavior to some people, but instead focus on the documentation part.
What is mentioned in the documentation is the component-auto-installs
key under extra
, laminas
. To me it reads as if packages are never auto-installed if that key is missing or a given dependency is not listed under it. But after experiencing what this issue is about I now know that this assumption is wrong, and the documentation should be updated accordingly (probably in this very section).
Affects:
Just my 2 cents here:
From what I know is, the component-auto-installs
was initially created for the skeleton applications so that one does not have to manually accept installations of chosen components during composer create-project ...
.
@weierophinney might correct me if I'm wrong.
I've added the component-ignore-list
because of the issue mentioned here, especially since we somehow had to add laminas-db due to weird behavior of psalm analyzing our project going over validator component and suddenly exited with errors due to the lack of the laminas db component (as validator does extend classes from there).
The option --no-interaction
just forces CLI commands to choose default options when user input is required.
Since the default is put into <projectSpecificConfig>.php
instead of Do nothing
(or similar phrased), that is what is chosen from the commands/plugins perspective.
In https://github.com/laminas/laminas-component-installer/issues/80 is even requested that the pre-chosen config file should be more precisely depending on where the dependency is registered in the projects composer.json
(i.e. require-dev
or require
section).
IMHO, if projects do not want plugins to interact at all, --no-plugins
should be used along with --no-interaction
.
But regarding the documentation, I do not see that it says "components are not installed automatically", but I can see that this might be "weird behavior".
Fine with having documentation extended but IMHO thats just default behavior on how CLI commands work n general, not sure if that has to be documented but I do not mind if we do state that somewhere.
But regarding the documentation, I do not see that it says "components are not installed automatically", but I can see that this might be "weird behavior".
It doesn't say that but it is what I understand from reading the documentation top to bottom. Both the readme and the docs.laminas.dev documentation first explain how to install the package, then how to adapt packages utilizing it, and then we have the following headings:
So if the documentation prominently states how to enable auto-install, conversely the assumption is that without explicit action/config, auto-install will not happen ever.
You have the technical background to know that this is not true, and I had to learn it the hard way, but this is not how documentation should work (assuming people know things that play a role but are not mentioned explicitly).
Anyway, I only left the original comment to help improve the situation for other people who might run into this like I did.
Personally I will just remove this package dependency from all of our projects since I find it strange (borderline unacceptable) that a plugin modifies production code during composer install
. I know you can use --no-plugins
but that's maybe not what I want during a composer install
with dev dependencies enabled with the aim of running QA tools. You don't have to agree with me here, and I understand different people have different intentions/expectations. No-one is forced to use any package, so everyone can make their own choice. Just keep in mind that this choice/opinion of mine is not what this is about, it's about updating the documentation to an extent that makes clear how this package behaves in different circumstances.
This seems like a bug to me. I can add
--no-scripts
which gives desired outcome but, I still think this is a bug.Problem: Using
composer install --no-interaction
is injecting modules into modules.config.php.Desired Outcome: using command should choose the default which is listed as
Do Not Inject
Default is set to
Do not inject
but, getting all of these modules injected anyway. Note the changes to the modules.config.php file after running this.composer file being used:
Originally posted by @worthwhileindustries at https://github.com/zendframework/zend-component-installer/issues/56