hautelook/alice-bundle is gone?

[mrmkrs]

Hi,

Just noticed that https://github.com/hautelook/AliceBundle returns a 404. What happened? :)

[theofidry]

You can check the thread here: https://twitter.com/tfidry/status/1436090358950150145?s=20

Unfortunately I am not sure on the path to follow:

• some other repos appear to have been made private
• the GitHub Hautelook organisation removed everyone from the "people" section and the website linked is dead

I have pinged Hautelook Engineering twitter account but I did not get a reply so far

For context: I had contact with two Hautelook devs at the time I took over the project about ~6 years ago but (understandably) I am not part of the organisation neither did I have at any point admin rights within the GitHub or Packagist organisation. So unfortunately I do not have the access to fix the problem right now.

Meanwhile as mentioned in a thread, a temporary solution is to depend on my fork https://github.com/theofidry/AliceBundle and add the following to your composer.json:

    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/theofidry/AliceBundle"
        }
    ],

[mrmkrs]

Ah... thanks for your fast response!

[huedaya]

Thanks!

[CoalaJoe]

My build pipeline fails. Now I at least know what is going on and how to fix it. Thanks.

[yakobe]

😧

Thanks for the fork.

[Kocal]

Thanks @theofidry!

If people need the latest version 2.9.0 (which is not available with Theo's fork), you can find an up-to-date version at https://github.com/wamiz/hautelook-alice-bundle.

That's literally a copy-paste from our app vendor into a new git repository.

THO I would not recommended to use it since for security reason - since we (Wamiz organization) or me - are not official mainteners.

[theofidry]

@Kocal the tags have been pushed in the morning so they should be available on the fork

[Kocal]

Oh my bad, I was looking at the first tags v2.... and didn't see it:

It looks like the tag's nomenclature has changed:

Sorry for the bother, gonna drop my fork. Thanks!

[zexa]

@theofidry

I have pinged Hautelook Engineering twitter account but I did not get a reply so far

Can you link the tweet, please?

[theofidry]

Sure: https://twitter.com/tfidry/status/1436214884891611137?s=20

[qrtyzmng]

Can you increase the limit to (10 calls/hr) or smth. Current error: GitHub API limit (0 calls/hr) is exhausted, could not fetch https://api.github.com/repos/theofidry/AliceBundle/commits/96dc5d831485af2feb1fb26ae0b990fbcdba63dc. Create a GitHub OAuth token to go over the API rate limit.

It can be easily fixed by adding token but more handy will be to also increase limit.

[NicoHaase]

Can you increatse the limit to (10 calls/hr) or smth. Current error: GitHub API limit (0 calls/hr) is exhausted, could not fetch https://api.github.com/repos/theofidry/AliceBundle/commits/96dc5d831485af2feb1fb26ae0b990fbcdba63dc. Create a GitHub OAuth token to go over the API rate limit.

I can be easly fixed by adding token but more handy will be to also increase limit.

That's something you have to ask the Github support - @theofidry cannot change that

[ghost]

There seems to be more happening with Github today, because a simple composer update gave rate limit errors (on a completely different project, not related to this project at all).

[ruslan-polutsygan]

PHP world now has its own left-pad :smile:

[zexa]

Comparing left-pad to AliceBundle is borderline disrespectful, but okay.

[ruslan-polutsygan]

@zexa

[theofidry]

@qrtyzmng the fix is the one mentioned in the error message: you can configured a token for Composer to do the request to GitHub authenticated which increases the limit. See https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth

[hopeseekr]

So I run the Bettergist Collective which usually archives every single PHP package at least 2x a year. I didn't archive in 2021 because I'm working so much and there never seems to be much [psychological] support in the PHP community, but I do have a backup of this package from May 2020.

I have created a packagist package and everything. Latest version archived: v2.7.2.

https://github.com/bettergistco/hautelook.alice-bundle https://packagist.org/packages/bettergist/hautelook-alice-bundle

composer require bettergist/hautelook-alice-bundle

The entire 100 GB torrent of all PHP packagist packages as of December 2020 is floating around right here: https://github.com/bettergistco/PackagistArchive

[theofidry]

Quick update: it looks like Hautelook (the company) is merging (or been bought) by another company (nordstromrack) as some other repository maintainers have been notified that they may move to GitLab. I don't have direct contact with the dev teams of those companies (the ones that gave me ownership are no longer working there).

In any case, on Monday I'll try to get in touch with GitHub supports to see if we can do something there and if we cannot I'll work on making my fork the official. There is however quite a bit of history (issues & PRs) which would be a shame to lose so although it is not ideal, I prefer to take a few extra days to see if a recovery of any kind is possible.

Meanwhile my fork is up to date (code-wise) and there is a bunch of people (a few already in this thread) with various forks so no one should be completely blocked by this issue.

[hopeseekr]

We might want to consider my Bettergist archive, tho, as a fully coherent backup strategy for every mission-critical packagist package.

I currently track over 11,000 disappeared packages since I started the archive in 2019. That's roughly 5% of the still-existing packages.

Since it's available via a torrent, we could end up having a concise historical snapshot of the majority of the PHP opensource ecosystem at precise intervals.

[janklan]

@hopeseekr would that fix the problem of loosing metadata attached to the Github repo Theo pointed out in https://github.com/nelmio/alice/issues/1089#issuecomment-917613494?

[theofidry]

Update: packagist will now pick the fork instead of the Hautelook repo so the VCS fix is no longer necessary, doing composer update hautelook/alice-bundle should fix it. Im still checking with GitHub support to retrieve the issues?PRs though

[tacman]

PHP world now has its own left-pad

Thanks for the reference, I hadn't seen this when it happened. https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

[hugoalexmartins]

Hello, I'm still not able to replace the package, I tried to upgrade the nelmio/alice and everything

- Installation request for hautelook/alice-bundle ^2.9 -> satisfiable by hautelook/alice-bundle[2.9.0, 2.x-dev].
- Can only install one of: nelmio/alice[3.x-dev, v3.4.1].
- Can only install one of: nelmio/alice[v3.4.1, 3.x-dev].
- Can only install one of: nelmio/alice[3.x-dev, v3.4.1].
- Conclusion: install nelmio/alice 3.x-dev
- Installation request for nelmio/alice v3.4.1 -> satisfiable by nelmio/alice[v3.4.1].

What should I do?

[ghost]

composer remove hautelook/alice-bundle

add the repo to composer.json

    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/theofidry/AliceBundle"
        }
    ],

then reinstall again

composer require-dev hautelook/alice-bundle

This worked perfect for me, but my project was quite recent, so no really outdated dependencies. And this was before the default repo should be theofidry's.

So I don't know if this is needed or a good idea right now, but it worked fine for me.

[alexislefebvre]

@ait-jorismak Théo wrote that you don't need to do this: https://github.com/nelmio/alice/issues/1089#issuecomment-918412004

[theofidry]

I got a reply from GitHub' support: they will unfortunately not help for migrating issues or anything from the private repository and there is no sign of hautelook/nordstormRack caring. So I'm now asking to see if it's possible to make my fork the new network root.

[zexa]

@theofidry I'd like you to enable issues on theofidry/AliceBundle.

If we do somehow get access to hautelook/AliceBundle we could look into github's API to see if there's a way to export the issues into json and then replicate those issues via a bot.

[theofidry]

@zexa done

[theofidry]

Hautelook has now removed access from the private repository so I'll ask GitHub to unmark theofidry/AliceBundle as a fork and make it the new official.

[janklan]

What a great way to solve all the issues in one bold move. Look at you go, Hautelook. Good marketing.

Thanks @theofidry!

[ghost]

so I'll ask GitHub to unmark theofidry/AliceBundle as a fork and make it the new official

Is this done, or any other news on this?

Or will a composer require --dev hautelook/alice-bundle on new projects automatically take your repo now?

[theofidry]

Is this done, or any other news on this?

No GitHub kinda closed the issue without taking action I need to open another one.

Or will a composer require --dev hautelook/alice-bundle on new projects automatically take your repo now?

Since I have ownership of the packagist package and it is already redirecting to my repository, there is no need for it to change. In other words it will remain hautelook/alice-bundle for Composer

[willbrid]

Hello, i have applied all of the recommendations presented above (updating my composer.json file) to install this package. However I am using php 8.0.13 and when I try to install this package I have an error :

/composer.json has been updated
Running composer update hautelook/alice-bundle
Loading composer repositories with package information
Updating dependencies                                 
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - hautelook/alice-bundle[v2.1.0, ..., v2.5.1] require php ^7.1 -> your php version (8.0.13) does not satisfy that requirement.
    - hautelook/alice-bundle[v2.6.0, ..., 2.7.3] require php ^7.2 -> your php version (8.0.13) does not satisfy that requirement.
    - hautelook/alice-bundle 2.8.0 requires php ^7.3 -> your php version (8.0.13) does not satisfy that requirement.
    - hautelook/alice-bundle 2.9.0 requires psr/log ^1.0 -> found psr/log[1.0.0, ..., 1.1.4] but the package is fixed to 2.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    - Root composer.json requires hautelook/alice-bundle ^2.1 -> satisfiable by hautelook/alice-bundle[v2.1.0, ..., 2.9.0].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

Installation failed, reverting ./composer.json and ./composer.lock to their original content.

Please What should I do ?

Content of my composer.json :

{
    "type": "project",
    "license": "proprietary",
    "minimum-stability": "stable",
    "prefer-stable": true,
    "require": {
        "php": ">=7.2.5",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "api-platform/core": "^2.6",
        "composer/package-versions-deprecated": "1.11.99.4",
        "doctrine/annotations": "^1.0",
        "doctrine/doctrine-bundle": "^2.5",
        "doctrine/doctrine-migrations-bundle": "^3.2",
        "doctrine/orm": "^2.10",
        "nelmio/cors-bundle": "^2.1",
        "nesbot/carbon": "^2.55",
        "phpdocumentor/reflection-docblock": "^5.3",
        "symfony/asset": "5.3.*",
        "symfony/console": "5.3.*",
        "symfony/dotenv": "5.3.*",
        "symfony/expression-language": "5.3.*",
        "symfony/flex": "^1.3.1",
        "symfony/framework-bundle": "5.3.*",
        "symfony/http-client": "5.3.*",
        "symfony/property-access": "5.3.*",
        "symfony/property-info": "5.3.*",
        "symfony/proxy-manager-bridge": "5.3.*",
        "symfony/runtime": "5.3.*",
        "symfony/security-bundle": "5.3.*",
        "symfony/serializer": "5.3.*",
        "symfony/twig-bundle": "5.3.*",
        "symfony/validator": "5.3.*",
        "symfony/yaml": "5.3.*"
    },
    "config": {
        "optimize-autoloader": true,
        "preferred-install": {
            "*": "dist"
        },
        "sort-packages": true
    },
    "autoload": {
        "psr-4": {
            "App\\": "src/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "App\\Tests\\": "tests/"
        }
    },
    "replace": {
        "symfony/polyfill-ctype": "*",
        "symfony/polyfill-iconv": "*",
        "symfony/polyfill-php72": "*"
    },
    "scripts": {
        "auto-scripts": {
            "cache:clear": "symfony-cmd",
            "assets:install %PUBLIC_DIR%": "symfony-cmd"
        },
        "post-install-cmd": [
            "@auto-scripts"
        ],
        "post-update-cmd": [
            "@auto-scripts"
        ]
    },
    "conflict": {
        "symfony/symfony": "*"
    },
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/theofidry/AliceBundle"
        }
    ],
    "extra": {
        "symfony": {
            "allow-contrib": false,
            "require": "5.3.*"
        }
    },
    "require-dev": {
        "phpunit/phpunit": "^9.5",
        "symfony/browser-kit": "5.3.*",
        "symfony/css-selector": "5.3.*",
        "symfony/maker-bundle": "^1.36",
        "symfony/phpunit-bridge": "^6.0",
        "symfony/stopwatch": "5.3.*",
        "symfony/web-profiler-bundle": "5.3.*"
    }
}

[babeuloula]

@willbrid Hello, can you copy/paste your composer.json please ?

[willbrid]

@willbrid Hello, can you copy/paste your composer.json please ?

Thank for your reply. I have updated the content of my issue. So you can see my composer.json file.

[ghost]

A quick look around makes me think you require 2.9 to have it officially say php8 is supported. I think you have a version constraint preventing it from updating higher.

I don't know where your alice-bundle dependency is coming from though, it's not listed directly. I'm guessing api-bund;e?

[theofidry]

@willbrid HautelookAliceBundle is not compatible with PHP 8 yet. I am working on it though

[ghost]

IF your alice-bundle is being pulled in through api-platform, isn't it kinda weird that api-platform claims they are php8.0 compatible since 2.6, but are pulling in a dependency which isn't?

[pierredup]

isn't it kinda weird that api-platform claims they are php8.0 compatible since 2.6, but are pulling in a dependency which isn't?

ApiPlatform doesn't depend on AliceBundle. It mentions how to use it in the docs, which you can still do on 2.6 and php < 8.0

I don't know where your alice-bundle dependency is coming from though, it's not listed directly

The error message in the composer resolution specifies Root composer.json requires hautelook/alice-bundle ^2.1, so I'm guessing this error happens when running composer require hautelook/alice-bundle.

[ghost]

oh stupid.. of course, you don't have it yet in your project, you're trying to add it :).