Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX Don't rely on inaccessible packages when fetching update info. #56

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

FIX Don't rely on inaccessible packages when fetching update info. #56

wants to merge 1 commit into from

Conversation

GuySartorelli
Copy link
Collaborator

@GuySartorelli GuySartorelli commented Dec 13, 2021
edited
Loading

Fixes #49

Composer wants to use information about all dependencies when reporting the most up-to-date version that meets the project's stability/version constraints and doesn't conflict with any other dependencies.
If a dependency is inaccessible (e.g. private repositories or IP-restricted hosting) composer will fail to declare a version candidate, which results in missing information even for some accessible packages.

By ommitting inaccessible repositories, we do at least get some version information, even if there is a change of compatibility issues.

All #49 is asking for is a way to suppress the below logging for specific packages. It looks like the only thing that we really need to do is check before logging if this is one of the repositories to suppress for - but the packages being checked for updates are not necessarily the packages that can't be fetched.

silverstripe-composer-update-checker/src/Extensions/CheckComposerUpdatesExtension.php

Lines 62 to 67 in ba8bae9

} catch (RuntimeException $ex) {
// If exceptions are thrown during execution, fail gracefully and allow the rest of the report
// generation to continue
$updates = [];
Injector::inst()->get(LoggerInterface::class)->debug($ex->getMessage());
}

Ultimately what is happening is this:

  • Composer gets a list of packages from the project's composer.json file.
  • Update checker, to find the latest version that can be used, asks for the "best candidate" version for each package.
  • Composer checks against all dependencies which checking for the "best candidate" for any conflicts.
  • To check all dependencies composer attempts to fetch repository information for each dependency
  • When composer fails to fetch repository information for a dependency, it throws an exception.

This means that the package it's trying to get update information for (which is not necessarily the same package that it can't fetch information for) doesn't get the update information stored against it in the report. This PR allows composer to use all the information it can access to give a version candidate. There is a chance of conflicts, but this is better than having no update information at all, IMO.

@GuySartorelli GuySartorelli mentioned this pull request Dec 13, 2021
Open
@GuySartorelli
Copy link
Collaborator Author

GuySartorelli commented Dec 13, 2021
edited
Loading

Oops, I forgot to update something.... I can't mark this as draft so consider this comment the "I am marking this as draft" button.
Edit: Found the "Convert to draft" link, but I've already made the changes now 😅

@GuySartorelli
fix: Don't rely on inaccessible packages when fetching update info.
23d7e5f 
Composer wants to use information about all dependencies when reporting the most up-to-date version that meets the project's stability/version constraints and doesn't conflict with any other dependencies.
If a dependency is inaccessible (e.g. private repositories or IP-restricted hosting) composer will fail to declare a version candidate, which results in missing information even for some accessible packages.

By ommitting inaccessible repositories, we do at least get _some_ version information, even if there is a change of compatability issues.
@GuySartorelli GuySartorelli force-pushed the fix/avoid-fetching-inaccessible-packages branch from 484b670 to 23d7e5f Compare December 13, 2021 22:17
@GuySartorelli
Copy link
Collaborator Author

Okay, ready for review.

@GuySartorelli GuySartorelli mentioned this pull request Apr 16, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: Configuration to ignore specific repositories (or repository hosts)
1 participant
@GuySartorelli