Closed mikk150 closed 1 month ago
Hi @mikk150, we are facing same issue, but with branch-alias. Need to do composer update <package>
. I think it's the same as you described.
Hi @mikk150
I investigated the issue and this bug happens because composer has hardcoded the regex to replace the dist url commit reference in his library.
Preg::isMatch('{^https?://(?:(?:www\.)?bitbucket\.org|(api\.)?github\.com|(?:www\.)?gitlab\.com)/}i', $this->getDistUrl())
....
$this->setDistUrl(Preg::replace('{(?<=/|sha=)[a-f0-9]{40}(?=/|$)}i', $reference, $this->getDistUrl()));
But I found a workaround for this issue, I'll change root composer metadata format to support mirrors
urls.
For example
// /packages.json
{
"packages": [],
"notify": "/downloads/%package%",
"notify-batch": "/downloads/",
"metadata-changes-url": "/metadata/changes.json",
"mirrors": [
{
"dist-url": "https://pkg8.loc/zipball/%package%/%reference%.%type%",
"preferred": true
}
],
"metadata-url": "/p2/%package%.json",
"available-packages": [ ],
"providers-lazy-url": "/p/%package%.json"
}
And composer.lock will be looks like this
{
"name": "phpstan/phpstan-src",
"version": "1.12.x-dev",
"source": {
"type": "git",
"url": "https://github.com/phpstan/phpstan-src.git",
"reference": "285ca8b7117a46008039adea0c4806c7d52f21dc"
},
"dist": {
"type": "zip",
"url": "https://pkg8.loc/zipball/phpstan/phpstan-src/2507e387c57b5b9577ee8d02226650880b731697.zip",
"reference": "285ca8b7117a46008039adea0c4806c7d52f21dc",
"mirrors": [
{
"url": "https://pkg8.loc/zipball/%package%/%reference%.%type%",
"preferred": true
}
]
},
Description
If I want to lock package that is being hosted in packeton to specific commit, it states that reference is commit I locked it to, but dist zip is still referencing to newest zip that packeton knows of
To reproduce:
Can you reproduce the bug on the Packeton demo site?
Yes
Database
MySQL
Screenshots
No response
How are you running Packeton?
Kubernetes cluster