Contrib.social

Write out packages.json instead of serving it dynamically

Open on Drupal.org β†’
Created on 16 February 2023, about 2 years ago
Updated 20 February 2023, about 2 years ago

https://www.drupal.org/packages/8/packages.json β†’ is currently served dynamically by Drupal, since Composer 1 changes something in provider-includes every time anything changes. To support signing this metadata with TUF, we need a static file.

While we are still supporting Composer 1, and this metadata is changing frequently, it should be okay to write out the file, cache it, and proactively purge our CDN cache when it changes. If this does prove to be problematic, there’s good precedent to degrade the Composer 1 experience to benefit Composer 2 hosting: https://blog.packagist.com/deprecating-composer-1-support/.

This will have the added benefits of serving the metadata from the CDN instead of bootstrapping Drupal, and saving us from generating it ~43 requests/minute.

Remaining tasks

  • Purge CDN when the metadata changes. This will allow us to measure how frequently it is changing.
  • Write out the file to the filesystem.
  • Remove the menu callback and any other special handling that might be in our CDN configuration.
✨ Feature request
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States drumm NY, US

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024