Declare explicit runtime dependency on `justinrainbow/json-schema`

Created on 21 August 2024, 4 months ago
Updated 19 September 2024, 3 months ago

Overview

Drupal\experience_builder\Plugin\Adapter\AdapterBase relies on justinrainbow/json-schema:

use JsonSchema\Constraints\Constraint;
use JsonSchema\Validator;

This ships with drupal/core-dev but is not declared as a dependency of XB. If you try to run XB without this package you get an error:

Error: Class "JsonSchema\Validator" not found in Drupal\experience_builder\Plugin\Adapter\AdapterBase->validateConformanceToJsonSchemaType() (line 53 of /var/www/html/web/modules/contrib/experience_builder/src/Plugin/Adapter/AdapterBase.php).

Proposed resolution

Either add justinrainbow/json-schema as a runtime dependency, or make it optional (see JSON:API in core which also uses this as an optional dependency).

User interface changes

๐Ÿ› Bug report
Status

Fixed

Component

Code

Created by

๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom longwave UK

Live updates comments and jobs are added and updated live.
  • Novice

    It would make a good project for someone who is new to the Drupal contribution process. It's preferred over Newbie.

Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @longwave
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States Kristen Pol Santa Cruz, CA, USA

    Yeah, just ran into that and @longwave told me to composer require drupal/core-dev which fixed that error.

  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    Hm.

    I was trying to stay closer to how JSON:API does it: better DX if you install this dev-only dependency.

    But here, making it optional would make it impossible to validate that the data stored by XB:

    • \Drupal\experience_builder\Plugin\Validation\Constraint\ValidComponentTreeConstraintValidator::validate() is XB's high-level validation logic, and it calls:
    • \Drupal\Core\Theme\Component\ComponentValidator::validateProps(), which validates the given props values fit into a component's props.
    • That logic looks like this:
        public function validateProps(array $context, Component $component): bool {
          // If the validator isn't set, then the validation library is not installed.
          if (!$this->validator) {
            return TRUE;
          }
      
    • IOW: it returns early if justinrainbow/json-schema is absent.

      So AFAICT this indeed requires the XB module to explicitly depend on that library.

      Thanks for surfacing this! ๐Ÿ™

  • ๐Ÿ‡ฆ๐Ÿ‡บAustralia larowlan ๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ.au GMT+10

    FYI if we make this a production requirement, we should add a hook_requirements warning people with jsonapi module and assertions enabled that their performance will go through the floor because of that module's response validator.

    I've been asked to audit sites for performance and found that combo in production ๐Ÿ˜ฑ

  • ๐Ÿ‡ณ๐Ÿ‡ฟNew Zealand danielveza Brisbane, AU

    Based on #4, if this does get in we should open a follow up to explore other options that aren't going to have performance regressions for unrelated parts of the site.

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom longwave UK

    Instead of the JSON:API validation magically happening when the package is installed maybe we should move it to a feature flag module (that explicitly depends on the package as well).

  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    Wow, VERY good call, @larowlan! ๐Ÿ‘

    @danielveza I don't see an alternative solution for this, because it's \Drupal\Core\Theme\Component\ComponentValidator that uses \JsonSchema\Validator โ€ฆ ๐Ÿค”

    I think #6 is the right call. Or better yet: have the JSON:API module add a , similar to core's recently added โ†’ ? ๐Ÿ˜Š

  • First commit to issue fork.
  • Pipeline finished with Success
    4 months ago
    Total: 4747s
    #272499
  • Pipeline finished with Success
    4 months ago
    Total: 314s
    #272568
  • Assigned to deepakkm
  • Status changed to Needs work 4 months ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia deepakkm
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    You added it as development dependency, not a runtime dependency. ๐Ÿ˜…

    P.S.: can you mark this issue next time when something is ready? ๐Ÿ™

  • ๐Ÿ‡ณ๐Ÿ‡ฟNew Zealand danielveza Brisbane, AU

    Pushed up an alternate approach based on the feature flag idea to 3469516-feature-flag.

    It should hopefully prevent us from needing to add this as a runtime dep and stop the JSON:API preformance regressions outlined in #4.

    That being said, I also agree with this in #7

    >Or better yet: have the JSON:API module add a JSON:API development mode, similar to core's recently added Twig development mode?

    We should open a core issue for this, it feels too easy to shoot yourself in the foot without realizing it and degrade your JSON:API performance. (As this issue has proved)

  • Pipeline finished with Failed
    4 months ago
    Total: 722s
    #272885
  • Pipeline finished with Success
    4 months ago
    Total: 558s
    #272894
  • Pipeline finished with Success
    4 months ago
    Total: 290s
    #273115
  • Issue was unassigned.
  • Status changed to Needs review 4 months ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia deepakkm
  • Pipeline finished with Success
    4 months ago
    Total: 519s
    #273153
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia deepakkm
  • Assigned to longwave
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    @danielveza I'm very sorry ๐Ÿ˜ญโ€ฆ but the feature flag doesn't make sense here, only for JSON:API. For JSON:API, it's a nice-to-have, just to know about compliance of JSON:API responses with the JSON:API spec.

    For XB, the JSON schema validation is critical: without it, \Drupal\experience_builder\Plugin\Validation\Constraint\ValidComponentTreeConstraintValidator::validate() becomes pretty much pointless.

    That's AFAICT also what @longwave proposed in #6: that it's Drupal core's JSON:API functionality that should be doing that validation behind a feature flag.

    Am I missing something here? Can you confirm, @longwave? ๐Ÿ™

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom longwave UK

    Yeah I meant that we should change core so JSON:API validation is explicitly enabled with a feature flag. I wonder even if it should just be a contrib module and the feature removed from core directly, but that is a product manager decision. Will open a core issue to discuss.

  • Status changed to RTBC 4 months ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom longwave UK

    Opened ๐Ÿ“Œ Move JSON:API validation to a feature flag or separate module Active to discuss the core change.

    For the time being, I think we should land MR!247 in XB, marking RTBC for that.

  • Status changed to Needs work 4 months ago
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ
  • Issue was unassigned.
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ
  • First commit to issue fork.
  • Status changed to Needs review 4 months ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia omkar-pd

    Made changes.

  • Pipeline finished with Success
    4 months ago
    Total: 286s
    #273358
  • Status changed to RTBC 4 months ago
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom f.mazeikis Brighton
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    2 out of 3 needed MR approvals, but @longwave approved it here at #18, so bypassing the GitLab CODEOWNERS check to be pragmaticโ€ฆ ๐Ÿ‘

  • Pipeline finished with Skipped
    4 months ago
    #273385
  • Status changed to Fixed 4 months ago
  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ
  • ๐Ÿ‡ณ๐Ÿ‡ฟNew Zealand danielveza Brisbane, AU

    My POC didn't take long so it's ok that it didn't make it in.

    The reason I thought a feature flag here could be valuable is that we have no guarantee that the core issue is going to get in before XB is considered production ready or early adopters start using it and I'd like to avoid future devs having pain when trying to track down what is most likely a quite annoying performance regression to figure out.

    Probably the softer approach for XB rather than the feature flag that removes it is a hook_requirements implementation that runs if JOSN:API is also enabled. I'll open a ticket.

  • ๐Ÿ‡ง๐Ÿ‡ชBelgium wim leers Ghent ๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡บ

    @danielveza That's a relief! ๐Ÿ˜ฎโ€๐Ÿ’จ

    I'd like to avoid future devs having pain when trying to track down what is most likely a quite annoying performance regression to figure out.

    That's totally fair.

    Probably the softer approach for XB rather than the feature flag that removes it is a hook_requirements implementation that runs if JOSN:API is also enabled. I'll open a ticket.

    I was going to suggest docs but โ€ฆ this is far better! ๐Ÿ‘๐Ÿคฉ Thank you! ๐Ÿ™

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024