Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Composer v2 canonical settings #20201

Open
adamj88 opened this issue Feb 3, 2023 · 4 comments
Open

Support Composer v2 canonical settings #20201

adamj88 opened this issue Feb 3, 2023 · 4 comments
Labels
datasource:packagist manager:composer Composer (PHP) package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)

Comments

@adamj88
Copy link

adamj88 commented Feb 3, 2023
edited
Loading

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us what version of Renovate you run.

34.188

If you're self-hosting Renovate, select which platform you are using.

gitlab.com

If you're self-hosting Renovate, tell us what version of the platform you run.

No response

Was this something which used to work for you, and then stopped?

I never saw this working

Describe the bug

The Packagist data source currently uses a registryStrategy of hunt as defined here:

renovate/lib/modules/datasource/packagist/index.ts

Line 33 in 64fee7e

override readonly registryStrategy = 'hunt';

This searches registryUrls in order and then chooses the first matching registry selecting the relevant version to install, however, this is contrary to how Composer 2 handles its repositories priorities as detailed here: https://getcomposer.org/doc/articles/repository-priorities.md

In Composer 2 with the canonical options, it would be more saying, for repositories (registries) marked canonical true (which is the default) then use the hunt strategy maintaining their order, but if the package is not found in those then scan the canonical false with the merge strategy.

An example can be seen when searching for the facebook/facebook-for-magento2 package with the following configuration in composer.json (note: auth tokens required for repo.magento.com):

"repositories": [
  {
    "type": "composer",
    "url": "https://repo.magento.com/",
    "canonical": false
  }
]

Where we have the following packages available:

In the debug output in the logs below 1.4.4 is returned from repo.magento.com where as installing with composer would yield 1.4.6 from packagist.org.

A previous discussion for this issue can be found here: #20181

Relevant debug logs

Logs 
{
 "depType": "require",
 "depName": "facebook/facebook-for-magento2",
 "currentValue": "^1.4.4",
 "datasource": "packagist",
 "registryUrls": [
   "https://repo.magento.com/",
   "https://packagist.org"
 ],
 "depIndex": 9,
 "updates": [
   {
     "updateType": "pin",
     "isPin": true,
     "newValue": "1.4.4",
     "newVersion": "1.4.4",
     "newMajor": 1,
     "branchName": "renovate/pin-dependencies"
   }
 ],
 "warnings": [],
 "versioning": "composer",
 "registryUrl": "https://repo.magento.com",
 "currentVersion": "1.4.4"
}

Have you created a minimal reproduction repository?

Please see: https://github.com/adamj88/renovate-issue-20201
@adamj88 adamj88 added priority-5-triage status:requirements Full requirements are not yet known, so implementation should not be started type:bug Bug fix of existing functionality labels Feb 3, 2023
@rarkins rarkins added manager:composer Composer (PHP) package manager auto:reproduction A minimal reproduction is necessary to proceed datasource:packagist priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others and removed priority-5-triage labels Feb 4, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Feb 4, 2023

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

@rarkins rarkins added type:feature Feature (new functionality) and removed type:bug Bug fix of existing functionality labels Feb 4, 2023
@rarkins rarkins changed the title Composer v2 canonical settings not respected in registry strategy Support Composer v2 canonical settings Feb 4, 2023
@rarkins
Copy link
Collaborator

rarkins commented Feb 4, 2023

It seems we'll need to make registryStrategy configurable (at least internally)

@RahulGautamSingh RahulGautamSingh mentioned this issue Feb 5, 2023
Closed
@adamj88
Copy link
Author

adamj88 commented Feb 7, 2023

I have created a minimal reproduction repository here: https://github.com/adamj88/renovate-issue-20201

@rarkins
Copy link
Collaborator

rarkins commented Feb 10, 2023

Reproduction forked to https://github.com/renovate-reproductions/20201

@rarkins rarkins added reproduction:provided and removed auto:reproduction A minimal reproduction is necessary to proceed labels Feb 10, 2023
@rarkins rarkins added status:ready and removed reproduction:provided status:requirements Full requirements are not yet known, so implementation should not be started labels Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
datasource:packagist manager:composer Composer (PHP) package manager priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adamj88 @rarkins