search

netz98 / n98-magerun

The swiss army knife for Magento developers, sysadmins and devops. The tool provides a huge set of well tested command line commands which save hours of work time. All commands are extendable by a module API.
http://magerun.net/
Other
1.44k stars 400 forks source link

support for install and update via phive #774

Open Flyingmana opened 8 years ago

Flyingmana commented 8 years ago

https://github.com/phar-io/phive is an phar installation and verification environment

it may still be experimental, but could be a new tool to centralize the management of global tools. It could reduce time and complexity to maintain an actual self-upgrade command (does it currently even check the phar if its legit?)

ktomk commented 8 years ago

Thanks for the suggestion. I like the idea. We also have some meta-issues open on that topic, one is a reproducible phar build so that building the phar from our sources is easier to follow and verify. While doing some research on the topic last year I already ran over Arnes' Autoload which has phar build capabilities - but we don't use it yet.

As for the self-update command we have, it works pretty well and I don't think it has an issue.

But all the other properties Phive comes with certainly is worth to consider. As Magerun is a CLI tool that is phar based, your suggestion is really interesting. So please write if you consider to play with it and Magerun.

pocallaghan commented 8 years ago

I've no direct experience with it but I've always heard good things about the box project when it comes to the packaging of a phar. @steverobbins may be able to provide some first hand experience as I believe he uses it for magescan.

Reading over the phive documentation it seems interesting, but I'm not entirely sure how it would fit into the workflow as it seems more of an external tool for application management like say apt-get or gem. If that's the case then it seems cool for people to be able to use, but it's not clear (to me at least) what exactly a project such as n98-magerun needs to do to allow installation via phive. As best I can tell it would require generation/hosting of a phive.xml file (like https://phar.phpunit.de/phive.xml) file that we would need to ask the people are phar.io to add to their repositories list. Obviously generation of this file would require that gpg or openssl signatures are generated (which I believe box supports). Is my understanding correct? Looking at the project I'm not sure how this would help with self-update though. I don't see any specific mechanism outside of 'install' and it's not immediately obvious what would happen if you install a new version when you currently have one installed (I tried installing PHPUnit with it and received a bunch of errors).

tkn98 commented 8 years ago

@pocallaghan: IIRC we tried box with Magerun but it didn't scale. Right now we use a Phing task that we also changed to fit the needs. But one thing is the packaging of the phar file and another is the "around". I think Phive looks pretty promising in that field and I'm personally open to it if it gets some tries.

ktomk commented 8 years ago

@Flyingmana: Can you make a small suggestion / example how a usage could look like to magerun? I just reviewed this a little and I think the suggestion is worth to give it some more traction.