Contrib.social

Move some Package Manager validation into the pre-require and status check event listeners

Open on Drupal.org β†’
Created on 19 May 2025, 2 months ago

Problem/Motivation

This is a follow-up from ✨ Make Package Manager more friendly to local development by allowing stages to operate directly on the codebase in some situations Active .

The advent of a direct-write mode means that, when operating directly on the live site, PreApplyEvent is no longer dispatched because it doesn't make any sense. PreApplyEvent's purpose is to stop changes to the live site before they happen, but that's obviated by direct-write mode.

In direct-write mode, the place to stop changes before they happen is StatusCheckEvent, PreCreateEvent, and PreRequireEvent.

Proposed resolution

We need to audit all the validation that Package Manager does and determine if we want to move any PreApplyEvent listeners to the events I just mentioned, so that we are doing sensible validation in direct-write mode and normal (sandboxed) mode.

User interface changes

None.

Introduced terminology

None.

API changes

None anticipated.

Data model changes

None.

Release notes snippet

TBD but probably none needed.

πŸ“Œ Task
Status

Active

Version

11.0 πŸ”₯

Component

package_manager.module

Created by

πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @phenaproxima
  • Comment 2 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom catch

    Copying comment across from ✨ Make Package Manager more friendly to local development by allowing stages to operate directly on the codebase in some situations Active and bumping this to critical.

    I had a quick look for validators that would be affected by this change (e.g. not run at all if this is used). The three I could find were:

    EnabledExtensionsValidator
    DuplicateInfoFileValidator.php
    SandboxDatabaseUpdatesValidator

    EnabledExtensionsValidator seems like the main problem.

    https://www.drupal.org/project/pathauto/releases/8.x-1.11 β†’ removes a ctools dependency, and will remove it as a composer dependency in a major release. This means that when sites eventually update to pathauto 2.x, they'll need to either composer require drupal/ctools or uninstall it (unless they happen to have another module installed that depends on it).

    Automatic updates can't do any of that itself, so would need to rely on this validator to handle it (and then the site owner would be alerted they need to either install ctool explicitly or uninstall it before trying to update pathauto again, after which it would work), but that won't run in direct write mode. @phenaproxima pointed out that composer update --dry-run doesn't support machine readable output, so this might need a composer update --dry-run:json custom composer plugin in order to replace.

    However, neither that, nor SandboxDatabaseUpdatesValidator are relevant to project browser. After writing that I realised it might be relevant, because if you install a project that depends on pathauto 2.x, and you have pathauto 1.x installed, then composer might update you to pathauto 2.x even though the command in composer require which could also result in ctools removal.

    I think we need a follow-up to discuss this more, and maybe postpone implementing the API in project browser and especially automatic updates on that follow-up.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024