Add php-tuf/composer-integration to core dependencies and governance — for experimental Automatic Updates & Project Browser modules

Created on 26 June 2023, almost 2 years ago

Updated 14 September 2024, 7 months ago

Problem/Motivation

TODO: this issue summary needs to provide more details, like 📌 Add php-tuf/composer-stager to core dependencies and governance — for experimental Automatic Updates & Project Browser modules Needs work does.

How to test

Use https://github.com/php-tuf/drupal-project. (See the instructions on that page.)

It sets up a regular Drupal project, with Drush, and using PHP-TUF protection for packages on the staging server of packages.drupal.org. This means you can only install a subset of all the packages available for Drupal -- the top 150 modules/themes -- but it's enough to build a basic site and test.

Remaining tasks

Committing this is likely blocked on 📌 Add php-tuf/php-tuf to core governance — for experimental Automatic Updates & Project Browser modules Needs work which is itself blocked on 🌱 Security review of secure signing components for package manager Active , but code reviews and other required tasks can be happening in parallel in the meantime.

📌 Task

Status

Needs work

Version

11.0 🔥

Component

Base →

Last updated about 5 hours ago

Maintained by
🇺🇸United States @effulgentsia
🇬🇧United Kingdom @catch
🇬🇧United Kingdom @alexpott
🇦🇺Australia @larowlan
🇺🇸United States @bnjmnm
🇫🇷France @nod_
🇪🇸Spain @ckrina
🇬🇧United Kingdom @justafish

Created by

🇺🇸United States effulgentsia

Live updates comments and jobs are added and updated live.

Needs framework manager review
It is used to alert the framework manager core committer(s) that an issue significantly impacts (or has the potential to impact) multiple subsystems or represents a significant change or addition in architecture or public APIs, and their signoff is needed (see the governance policy draft for more information). If an issue significantly impacts only one subsystem, use Needs subsystem maintainer review instead, and make sure the issue component is set to the correct subsystem.

Needs release manager review
It is used to alert the release manager core committer(s) that an issue significantly affects the overall technical debt or release timeline of Drupal, and their signoff is needed. See the governance policy draft for more information.

blocker

Needs issue summary update
Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

package manager alpha blocker

Comments & Activities

Issue created by @effulgentsia
Comment almost 2 years ago →
🇺🇸United States effulgentsia
Assigned to phenaproxima
Comment over 1 year ago →
🇺🇸United States tedbow Ithaca, NY, USA
@phenaproxima is working on updating the summary with instructions for how to test this using TUF metadata that is available in testing on drupal.org since the production TUF metadata is not ready yet
Comment over 1 year ago →
🇺🇸United States phenaproxima Massachusetts
Comment 7 months ago →
🇬🇧United Kingdom catch
Comment 5 months ago →
🇬🇧United Kingdom catch
Comment 5 months ago →
🇬🇧United Kingdom catch

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024