Contrib.social

How to allow DrupalCI to downgrade packages from core's composer.lock versions when installing the contrib project under test?

Open on Drupal.org β†’
Created on 25 May 2023, over 1 year ago
Updated 26 May 2023, over 1 year ago

Problem/Motivation

  • Drupal 10.1's composer.json allows psr/http-message 1.x or 2.x, but its composer.lock is on 2.x.
  • https://www.drupal.org/project/openai β†’ has dependencies that require psr/http-message 1.x.
  • When DrupalCI tries to composer require drupal/openai, it errors β†’ with:
    openai-php/client[v0.4.0, ..., v0.4.1] require psr/http-message ^1.0.1 -> found psr/http-message[1.0.1, 1.1] but the package is fixed to 2.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    However the composer require command is run by DrupalCI, not by something that the contrib project under test defines.

Steps to reproduce

Proposed resolution

Is there something that can be added to a project's drupalci.yml file to resolve this? I filed this issue as a support request first, assuming there might be, but if there isn't, then perhaps this should be recategorized as a feature request to make this possible.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ’¬ Support request
Status

Active

Component

Testrunner Codebase

Created by

πŸ‡ΊπŸ‡ΈUnited States effulgentsia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @effulgentsia
  • Comment over 1 year ago β†’
    πŸ‡§πŸ‡ͺBelgium wim leers Ghent πŸ‡§πŸ‡ͺπŸ‡ͺπŸ‡Ί
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen

    If πŸ“Œ Remove psr/http-message from drupal/core-recommended Fixed this was committed should the error occur? Or is the downstream package not updated yet? We've received a few reports from users on 10.1 beta 1 of this that led me to that, but that was before the change was made.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States effulgentsia

    That issue isn't really related to this one other than that psr/http-message is involved in both. That issue only changes what's in drupal/core-recommended, which affects projects that use that, such as ones that install from drupal/recommended-project. However, when DrupalCI tests contrib projects, it does not use drupal/core-recommended for that.

    What this issue is about is the fact that if you start from an installation of Drupal core, you get a composer.lock file with psr/http-message at version 2.something. In order to then composer require drupal/openai you need to let Composer know that it can downgrade dependencies of that package from what's in that lock file if it needs to (within what's allowed by all other composer.json constraints). The way you would do this for a real site is run composer require drupal/openai -w. The question is how to pass that -w option (or some other way to do the equivalent) into DrupalCI.

    It's hard to imagine other contrib projects not having run into this before (with other dependencies, not just psr/http-message), so I suspect there's something you can add to drupalci.yml to do this, I just don't know what it is.

  • Comment over 1 year ago β†’
    πŸ‡¨πŸ‡­Switzerland berdir Switzerland

    I don't think you can, per #3334914-10: Testing is broken because simplesamlphp/composer-module-installer contains a Composer plugin which is blocked β†’ you can only customize the assessment stage per project.

    The only easy solution is to change openai-php/client to also support v2, like many other projects already did in minor updates.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024