Code Monkey home page Code Monkey logo

composer-prefer-lowest's Introduction

Composer Prefer Lowest Validator

CI Latest Stable Version Minimum PHP Version License Coding Standards Total Downloads

This validator will strictly compare the specified minimum versions of your composer.json with the ones actually used by the prefer-lowest composer update command option.

This is useful for all libraries that want to make sure

  • the defined minimum of each dependency is actually still being tested
  • no silent regressions (like using too new methods of depending libraries) sneaked in

For details, see Why and when is this useful?. This has been built after Composer didn't have the motivation for it.

A total must-have for

  • frameworks
  • framework plugins/addons (and testing against the framework minors)
  • custom libraries to be used by apps/projects which have at least one dependency to other libraries

It is somewhat important for the involved packages to follow semver here. Otherwise some of the comparison might be problematic.

This is not so useful for projects, as here there is no need to test against anything than latest versions already in use. Also, if your library has no dependencies, you can skip prefer-lowest checks as well as this validation.

Local Test-Run

You want to give it a quick test-spin for one of your libraries? See what results it yields?

composer update --prefer-lowest --prefer-dist --prefer-stable
composer require --dev --update-with-all-dependencies dereuromark/composer-prefer-lowest
vendor/bin/validate-prefer-lowest

If there is no output, that's good. echo $? should return 0 (success).

CI Installation

It is recommended to run only for CI and composer update --prefer-lowest. As such, it suffices to add it conditionally here.

E.g. for Travis CI:

php:
  - 7.3
  - 8.1

env:
  global:
    - DEFAULT=1

matrix:
  include:
    - php: 7.3
      env: PREFER_LOWEST=1

before_script:
  - if [[ $PREFER_LOWEST != 1 ]]; then composer install --prefer-source --no-interaction; fi
  - if [[ $PREFER_LOWEST == 1 ]]; then composer update --prefer-lowest --prefer-dist --prefer-stable --no-interaction; fi
  - if [[ $PREFER_LOWEST == 1 ]]; then composer require --dev dereuromark/composer-prefer-lowest; fi

script:
  - if [[ $DEFAULT == 1 ]]; then vendor/bin/phpunit; fi
  - if [[ $PREFER_LOWEST == 1 ]]; then vendor/bin/validate-prefer-lowest; fi

You can, of course, also directly include it into require-dev. After manually running composer update --prefer-lowest locally, you can also test this on your local computer then:

vendor/bin/validate-prefer-lowest

It returns the list of errors and exits with error code 1 if any violations are found. Otherwise it returns with success code 0.

Prefer stable

Usually composer update --prefer-lowest suffices. Make sure you have "prefer-stable": true in your composer.json for this to work. Otherwise you might have to use the longer version as outlined above.

In general it is best to just use all flags for your CI script:

composer update --prefer-lowest --prefer-dist --prefer-stable --no-interaction

Majors only

If you want to only error the CI build for major constraint issues, use --majors-only/-m option:

vendor/bin/validate-prefer-lowest -m

The patch and minor issues will then be warnings only.

Display only

If you want to just display the result in your CI report without failing the build, you could do:

vendor/bin/validate-prefer-lowest || true

PHP version

In general: Use the minimum PHP version for prefer-lowest as defined in your composer.json.

This tool requires minimum PHP 7.3, as such make sure your library to test also runs on this (or higher) for the prefer-lowest CI job. At this point, with it being EOL already, you can and should not use any PHP version below 7.3 anyway, or provide support for it.

It is advised to also raise your composer.json entry for the min PHP version here. Use 7.3 or higher:

    "require": {
        "php": ">=7.3",

Local Composer Script Installation

For local testing, when you do not want to modify your composer.json file, you can simple add this composer script:

"scripts": {
    ...
    "lowest": " validate-prefer-lowest",
    "lowest-setup": "composer update --prefer-lowest --prefer-stable --prefer-dist --no-interaction && cp composer.json composer.backup && composer require --dev --update-with-all-dependencies dereuromark/composer-prefer-lowest && mv composer.backup composer.json",

Then run composer lowest-setup to set up the script and finally composer lowest to execute.

TODOs

  • Better version handling, especially around special cases like suffixes.

Help is greatly appreciated.

composer-prefer-lowest's People

Contributors

carusogabriel avatar dereuromark avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

spryker-sdk

composer-prefer-lowest's Issues

Whitelist certain warnings

Add a way to whitelist certain "version" errors as version warnings (="acceptable")
Could be a composer config key=>value pair or some metafile to read from.

Thoughts welcome.

For now, you can do it by declaring them in require-dev in a higher version that works for the prefer-lowest build.

Allow x.y.* syntax 

Fatal error: Uncaught UnexpectedValueException: Invalid version string "3.5.*" in /home/travis/build/cakephp/cakephp-codesniffer/vendor/composer/semver/src/VersionParser.php:172
Stack trace:
#0 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(182): Composer\Semver\VersionParser->normalize('3.5.*')
#1 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(57): ComposerPreferLowest\Validator->normalizeVersion('3.5.*')

Cannot use version ranges

We are hitting this error in cakephp-codesniffer with this version constraint:

"slevomat/coding-standard": ">=6.0 <6.2"

https://travis-ci.com/github/cakephp/cakephp-codesniffer/jobs/319510577

Fatal error: Uncaught UnexpectedValueException: Invalid version string "6.0 <6.2" in /home/travis/build/cakephp/cakephp-codesniffer/vendor/composer/semver/src/VersionParser.php:176
Stack trace:
#0 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(205): Composer\Semver\VersionParser->normalize('6.0 <6.2')
#1 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(111): ComposerPreferLowest\Validator->normalizeVersion('6.0 <6.2')
#2 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(62): ComposerPreferLowest\Validator->definedMinimum(Array, 'slevomat/coding...')
#3 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/src/Validator.php(42): ComposerPreferLowest\Validator->compare('/home/travis/bu...', '/home/travis/bu...', Array)
#4 /home/travis/build/cakephp/cakephp-codesniffer/vendor/dereuromark/composer-prefer-lowest/bin/vali in /home/travis/build/cakephp/cakephp-codesniffer/vendor/composer/semver/src/VersionParser.php on line 176

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.