Skip to content
Snippets Groups Projects
Commit cebbc05f authored by Wim Leers's avatar Wim Leers Committed by Adam G-H
Browse files

Issue #3350568 by Wim Leers, phenaproxima, catch, tedbow, TravisCarden: Drop...

Issue #3350568 by Wim Leers, phenaproxima, catch, tedbow, TravisCarden: Drop support for Composer 2.2, require Composer >=2.5.5
parent e939f093
No related branches found
No related tags found
No related merge requests found
......@@ -10,5 +10,4 @@ unwritable
filedate
unshallow
hhvm
tmpdir
proc_open
......@@ -9,6 +9,8 @@ build:
# Run code quality checks.
container_command.commit-checks:
commands:
# Update to Composer 2.5.5.
- composer self-update 2.5.5
# @todo Replace in favor of commit-code-check.sh once https://www.drupal.org/project/drupal/issues/3314100 lands.
- modules/contrib/automatic_updates/scripts/commit-code-check.sh --drupalci
halt-on-fail: true
......
......@@ -51,18 +51,14 @@ class ComposerInspector implements LoggerAwareInterface {
* A semantic version constraint for the supported version(s) of Composer.
*
* Only versions supported by Composer are supported: the LTS and the latest
* minor version. Those are currently 2.2 and 2.5.
* minor version. Those are currently (May 2023) 2.2 and 2.5, but will be 2.5
* and 2.6 later this year (December 2023): the 2.2 LTS ends in December 2023.
*
* @see https://endoflife.date/composer
*
* Note that Composer <= 2.2.11 is not supported anymore due to a security
* vulnerability.
*
* @see https://blog.packagist.com/cve-2022-24828-composer-command-injection-vulnerability/
*
* @var string
*/
final public const SUPPORTED_VERSION = '~2.2.12 || ^2.5';
final public const SUPPORTED_VERSION = '~2.5.5 || ^2.6';
/**
* Constructs a ComposerInspector object.
......@@ -261,12 +257,7 @@ class ComposerInspector implements LoggerAwareInterface {
catch (RuntimeException $e) {
// Assume any error from `composer config` is about an undefined key-value
// pair which may have a known default value.
// @todo Remove this in https://www.drupal.org/i/3350568.
switch ($key) {
// @see https://getcomposer.org/doc/04-schema.md#minimum-stability
case 'minimum-stability':
return 'stable';
case 'extra':
return '{}';
......@@ -473,36 +464,6 @@ class ComposerInspector implements LoggerAwareInterface {
return $invalidate;
}
/**
* Tries to convert a string value from ::getConfig() to a boolean.
*
* For boolean config values, `composer config` returns `true` or `false` as
* of Composer 2.5.5, but older versions return `1` or `0`. This function
* normalizes the discrepancy.
*
* You should call this method if you're calling ::getConfig() to retrieve a
* config value that will be, or may be a boolean (e.g., `allow-plugins`). See
* https://getcomposer.org/doc/06-config.md for documentation on all the
* possible config values that `composer config` can expose.
*
* @param string $value
* The value to convert. Must be one of '1', 'true', '0', or 'false'.
*
* @return bool
* The value, as a boolean.
*
* @see https://getcomposer.org/doc/06-config.md
*
* @throws \UnhandledMatchError
* If the given value cannot be converted to a boolean.
*/
public static function toBoolean(string $value): bool {
return match ($value) {
'1', 'true' => TRUE,
'0', 'false' => FALSE,
};
}
/**
* Returns the value of `allow-plugins` config setting.
*
......@@ -516,17 +477,12 @@ class ComposerInspector implements LoggerAwareInterface {
* @see https://getcomposer.org/doc/06-config.md#allow-plugins
*/
public function getAllowPluginsConfig(string $dir): array|bool {
// If `allow-plugins` is `false`, Composer 2.5.4 and earlier has no output.
$value = $this->getConfig('allow-plugins', $dir) ?? 'false';
$value = $this->getConfig('allow-plugins', $dir);
// Try to convert the value we got back to a boolean. If it's not a boolean,
// it should be an array of plugin-specific flags.
$value = json_decode($value, TRUE, flags: JSON_THROW_ON_ERROR);
// Try to convert the value we got back to a boolean. If that can't be done,
// assume it's an array of plugin-specific flags and parse it as JSON.
try {
$value = static::toBoolean($value);
}
catch (\UnhandledMatchError) {
$value = json_decode($value, TRUE, flags: JSON_THROW_ON_ERROR);
}
// An empty array indicates that no plugins are allowed.
return $value ?: [];
}
......
......@@ -69,24 +69,6 @@ final class ProcessFactory implements ProcessFactoryInterface {
$env = $process->getEnv();
if ($this->isComposerCommand($command)) {
$env['COMPOSER_HOME'] = $this->getComposerHomePath();
// Work around Composer not being designed to be run massively in parallel
// which it may in the context of Package Manager, at least for tests. It
// is trivial to work around though: create a unique temporary directory
// per process.
// @see https://www.drupal.org/i/3338789#comment-14961390
// @see https://github.com/composer/composer/commit/28e9193e9ebde743c19f334a7294830fc6429d06
// @see https://github.com/composer/composer/commit/43eb471ec293822d377b618a4a14d8d3651f5d13
// @todo Remove this once Composer 2.5.5 is required in https://www.drupal.org/i/3350568 (2.5.5 is the first release to contain the upstream fix: https://github.com/composer/composer/releases/tag/2.5.5)
static $race_condition_proof_tmpdir;
if (!isset($race_condition_proof_tmpdir)) {
$race_condition_proof_tmpdir = sys_get_temp_dir() . '/' . getmypid();
// The same PHP process may run multiple tests: create the directory
// only once.
if (!is_dir($race_condition_proof_tmpdir)) {
mkdir($race_condition_proof_tmpdir);
}
}
$env['TMPDIR'] = $race_condition_proof_tmpdir;
}
// Ensure that the current PHP installation is the first place that will be
// searched when looking for the PHP interpreter.
......
......@@ -83,7 +83,7 @@ final class ComposerValidator implements EventSubscriberInterface {
$settings = [];
foreach (['disable-tls', 'secure-http'] as $key) {
try {
$settings[$key] = ComposerInspector::toBoolean($this->composerInspector->getConfig($key, $dir) ?: '0');
$settings[$key] = json_decode($this->composerInspector->getConfig($key, $dir));
}
catch (\Throwable $e) {
$event->addErrorFromThrowable($e, $this->t('Unable to determine Composer <code>@key</code> setting.', [
......
......@@ -217,10 +217,12 @@ class ComposerInspectorTest extends PackageManagerKernelTestBase {
*
* @covers ::validate
*
* @testWith ["2.2.12", null]
* ["2.2.13", null]
* ["2.5.0", null]
* @testWith ["2.2.12", "<default>"]
* ["2.2.13", "<default>"]
* ["2.5.0", "<default>"]
* ["2.5.5", null]
* ["2.5.11", null]
* ["2.6.0", null]
* ["2.2.11", "<default>"]
* ["2.2.0-dev", "<default>"]
* ["2.3.6", "<default>"]
......
......@@ -51,8 +51,8 @@ class LockFileValidatorTest extends PackageManagerKernelTestBase {
$inspector = $this->prophesize(ComposerInspector::class);
$arguments = Argument::cetera();
$inspector->getConfig('allow-plugins', $arguments)->willReturn('[]');
$inspector->getConfig('secure-http', $arguments)->willReturn('1');
$inspector->getConfig('disable-tls', $arguments)->willReturn('0');
$inspector->getConfig('secure-http', $arguments)->willReturn('true');
$inspector->getConfig('disable-tls', $arguments)->willReturn('false');
$inspector->getConfig('extra', $arguments)->willReturn('{}');
$inspector->getConfig('minimum-stability', $arguments)->willReturn('stable');
$inspector->getInstalledPackagesList($arguments)->willReturn(new InstalledPackagesList());
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment