Contrib.social

Match the version of drupal/core-* metapackages

Open on Drupal.org β†’
Created on 3 August 2020, about 4 years ago
Updated 12 August 2024, 26 days ago

Problem/Motivation

We have many meta packages to help projects run with the right set of dependencies:

These packages are released together and share the same versions.

Although these are independent packages, they are semantically and practically tied together. You might be able to use different versions of these packages (different minor, patch, but likely not a different major version), but usually, you encounter unexpected issues when these packages are not in sync.

For example, when creating a new project from drupal/recommended-project and you want to run tests, you are supposed to composer require drupal/core-dev. However, that package doesn't depend on core, so if you're not careful, you might end up with a different version of core-dev than the core version you are using, causing things to fall apart.

Moreover, even if the Updating Drupal core with Composer β†’ guide suggests running composer update "drupal/core-*" --with-all-dependencies to keep Drupal core and metapackages up to date on existing projects, this command does not guarantee that the versions of the installed metapackages will match. This command instructs Composer to try to update all matching packages, but conflicts and version constraints in other packages can prevent one or more matching packages from being updated. This issue is discussed in this Drupal Slack thread about failing PHPUnit tests due to an incorrect behat/mink version installed on projects after the Drupal 10.2.x to 10.3.x update.

Steps to reproduce

  1. composer create-project 'drupal/recommended-project:^8.9' d8_9_composer
  2. cd d8_9_composer
  3. composer require drupal/core-dev

You would expect to get drupal/core-dev for 8.9.x and have a working testable site. Instead, you see this:

Using version ^9.0 for drupal/core-dev
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Conclusion: don't install drupal/core-dev 9.0.2
    - Conclusion: don't install drupal/core-dev 9.0.1
    - Conclusion: don't install drupal/core-dev 9.0.0
    - Conclusion: don't install drupal/core-dev 9.0.0-rc1
    - Conclusion: don't install drupal/core-dev 9.0.0-beta3
    - Conclusion: don't install drupal/core-dev 9.0.0-beta2
    - Conclusion: don't install drupal/core-dev 9.0.0-beta1
    - Conclusion: don't install drupal/core-dev 9.0.0-alpha2
    - Conclusion: don't install drupal/core-dev 9.0.0-alpha1
    - Conclusion: don't install drupal/core-dev 9.1.x-dev
    - Conclusion: remove masterminds/html5 2.3.0
    - Installation request for drupal/core-dev ^9.0 -> satisfiable by drupal/core-dev[9.0.0, 9.0.0-alpha1, 9.0.0-alpha2, 9.0.0-beta1, 9.0.0-beta2, 9.0.0-beta3, 9.0.0-rc1, 9.0.1, 9.0.2, 9.0.x-dev, 9.1.x-dev].

For this to work, step #3 should be composer require 'drupal/core-dev:^8.9'.

Proposed resolution

As @stof suggested in this Composer discussion, we could use the self.version constraint to keep package versions in sync. Instead of using "drupal/core-recommended" : "self.version", we should use "drupal/core": "self.version" since both drupal/core-recommended and drupal/core-dev packages can and should depend on drupal/core.

Remaining tasks

  • Create a change record

User interface changes

N/A

API changes

N/A

Data model changes

N/A

Release notes snippet

N/A

✨ Feature request
Status

Needs review

Version

11.0 πŸ”₯

Component
ComposerΒ  β†’

Last updated 17 days ago

No maintainer
Created by

πŸ‡ΊπŸ‡ΈUnited States dww

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Assigned to mxr576
  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary
  • Merge request !8647Match package versions β†’ (Open) created by mxr576
  • Pipeline finished with Failed
    2 months ago
    Total: 498s
    #214825
  • Comment 2 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom joachim

    > The reason that we don't want to require drupal/core with self.version is that it makes upgrading harder.

    In what way?

    We now recommend that upgrading core be done with "composer update drupal/core*" which updates both packages simultaneously. Won't the dependency work ok with that?

  • Pipeline finished with Failed
    2 months ago
    Total: 170s
    #214861
  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary
  • Issue was unassigned.
  • Status changed to Needs review 2 months ago
  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary
  • Pipeline finished with Success
    2 months ago
    Total: 505s
    #214894
  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary

    > The reason that we don't want to require drupal/core with self.version is that it makes upgrading harder.

    In what way?

    I was thinking about why Greg said this and what I saw in https://www.drupal.org/files/issues/2020-08-03/3163114-6.patch β†’ ... so do we really expect and reality also confirms that within the same Drupal minor versions, these meta packages could be on different versions at any time and everything should work? Because if not, the current solution with self.version in the MR is the only way to move forward, if not, then we get back to patch 6 and only lock on major.minor.

  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary

    It occured to me that Greg's comment is 4 years old and maybe it is from those days when core-recommded did not allow patch version update of dependencies. In those days the concerns he raised regarding self.version was valid.

  • Status changed to Needs work 2 months ago
  • Comment 2 months ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".

    This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

  • Status changed to Needs review 2 months ago
  • Comment 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary

    Still mergable according to Gitlab.

  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States greg.1.anderson

    In what way?

    We now recommend that upgrading core be done with "composer update drupal/core*"

    I believe I answered this question elsewhere recently, but I am not sure where, so I will re-post here for context.

    During the development of Drupal 8.8.x, composer update drupal/core* failed to update, because Composer became confused by the chained strong constraints. One might think that strong constraints would make the dependency graph easier to resolve, because it branches to fewer variations, but for whatever reason, it was harder for Composer in the past. If modern Composer deals with it well, then this change is an improvement.

  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States greg.1.anderson

    If I recall correctly, the conflict statement that I recommended worked better (e.g. #9 can be rewritten to allow only one patch version). I don't recall if there was any reason we didn't add it; maybe just never got to it. We certainly did not want to encourage folks to mix different core versions.

  • Comment about 2 months ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary

    This was the Slack thread: https://drupal.slack.com/archives/C392CHBEW/p1720016380610809

    I also dumped it via Slackdump before it gets lost, see attachment.

    Thanks for looping back to this thread, I'll also do that early next week.

  • Comment about 2 months ago β†’
    πŸ‡©πŸ‡°Denmark ressa Copenhagen

    Thanks for saving the conversation before it was lost @mxr576!

    As we talked about in #2952616-17: Adopt CommonMark spec for Markdown files β†’ , an automated Slack dumper service would be awesome, pulling down and saving all the great Drupal conversations. A daily drupal.org/project/drupal issue could work as a data repository, consolidating the text for inclusion when searching in Drupal core issues :-)

    Drupal Slack Dump for 2024-07-03

  • Comment 26 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Besides a CR any next steps needed here?

  • Comment 26 days ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary

    Well, Greg expressed his opinion in the referenced Drupal Slack about why he would not rely on core-dev for running tests on downstream projects, but he did not mention that in #27.

    I think we are on the an agreement regarding:

    We certainly did not want to encourage folks to mix different core versions.

    I do not think that enforcing this with conflict or require would make a difference in Composer 2.7+... if there are strong concerns we can try figure that out somehow... without that we can merge the current approach and switch to other when it proved to be problematic.

  • Comment 26 days ago β†’
    πŸ‡­πŸ‡ΊHungary mxr576 Hungary
  • Pipeline finished with Success
    26 days ago
    Total: 505s
    #251839
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024