Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Composer mirrors are not used on patch install like private packagist #91

Closed
Morgy93 opened this issue Feb 18, 2022 · 9 comments
Closed

Composer mirrors are not used on patch install like private packagist #91

Morgy93 opened this issue Feb 18, 2022 · 9 comments

Comments

@Morgy93
Copy link

Morgy93 commented Feb 18, 2022

Composer mirrors are not used on patch install like private packagist

To Reproduce
Steps to reproduce the behavior:

  1. Download magento 2 (e.g. composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition <install-directory-name> | see: https://devdocs.magento.com/guides/v2.4/install-gde/composer.html#get-the-metapackage)
  2. Open composer.json and edit repositories to include your repo e.g.:
    "repositories": {
        "packagist.org": false,
        "private-packagist": {
            "type": "composer",
            "url": "https://repo.packagist.com/YOUR-COMPANY/"
        }
    },
  1. Run composer update to update repos for composer.lock
  2. Open composer.json again and add a patch e.g.:
    "extra": {
        "magento-force": "override",
        "patches": {
            "*": {
                "Apply MDVA-43395": {
                    "source": "patches/magento/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch",
                    "targets": [
                        "magento/framework",
                        "magento/module-email"
                    ]
                },
                "Apply MDVA-43443": {
                    "source": "patches/magento/MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch",
                    "targets": [
                        "magento/framework",
                        "magento/module-email"
                     ],
                     "after": "MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch"
                }
            }
        }
    }
  1. Be sure to not have credentials saved for repo.magento.com in the auth.json. It should only include the repo.packagist.com credentials.
  2. [VERY IMPORTANT] Run composer clear-cache so no cache is used for applying the patch. (Else it will work just fine because of the cached files from the download before)
  3. Run composer install or composer patch:apply

Expected
It should apply the patch or at least download the package from the private packagist.

Actual
It tries to download the package from repo.magento.com (which it should not)
image

Notes
This is probably somewhat related / "caused" by #71
@convenient
Copy link

Did you download and have these files present in your setup? So your system will be like

./patches/magento/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch
./patches/magento/MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch
./composer.json
./composer.lock

Maybe its thinking they're meant to be remote patches if they do not exist for you locally.

@Morgy93
Copy link
Author

Morgy93 commented Feb 18, 2022

Did you download and have these files present in your setup? So your system will be like

./patches/magento/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch
./patches/magento/MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch
./composer.json
./composer.lock

Maybe its thinking they're meant to be remote patches if they do not exist for you locally.

You don't have to. The download happens before the patch file check. This is also confirmed by #71

And a completely different error would then be thrown:
image
(The -vvv then says the file does not exist)

@convenient
Copy link

If you have not manually downloaded the patches and created them in those file paths I do not know where your system would get the patch files, you asked for the different config I had this would be the first one to try out.

@Morgy93
Copy link
Author

Morgy93 commented Feb 18, 2022

If you have not manually downloaded the patches and created them in those file paths I do not know where your system would get the patch files, you asked for the different config I had this would be the first one to try out.

Like I wrote before, I checked both cases. It doesn't matter if the patch files are available or not, because the download happens before applying the patch.
And if you run the download / use cache then a completely different error is thrown.

Maybe you can check composer config --list and composer config --global --list to see if credentials for repo.magento.com are available? Maybe you don't notice the download, because credentials are globally available. And/Or used from cache which can be checked with composer clear-cache

@convenient
Copy link

I've never had repo.magento.com credentials on this machine. I couldn't be talking to repo.magento.com if I tried :/

@Morgy93
Copy link
Author

Morgy93 commented Feb 18, 2022

I've never had repo.magento.com credentials on this machine. I couldn't be talking to repo.magento.com if I tried :/

Alright, could you please check the composer.lock for your magento/framework entry?
Maybe your url is different and points directly to some custom repo. E.g.:

        {
            "name": "magento/framework",
            "version": "103.0.3",
            "dist": {
                "type": "zip",
                "url": "https://repo.magento.com/archives/magento/framework/magento-framework-103.0.3.0.zip",
                "mirrors": [
                    {
                        "url": "https://repo.packagist.com/YOUR-COMPANY/dists/%package%/%version%/r%reference%.%type%",
                        "preferred": true
                    }
                ]
            },

Those are the only two things I could imagine happening here. If that's not the case either, I have to wait for official staff to check on this issue. 😁

@convenient
Copy link

@Morgy93 that's how it should look yes.

@vaimo-wilko
Copy link
Member

@Morgy93 perhaps you can look also at your vendor/composer/installed.json, whether the "mirrors" array is in the "dist" section of the "magento/framework" package, like shown above for composer.lock. (Also could you let me know which version of Composer you are using?)

Sadly I don't have a Private Packagist to test with, but in my initial testing (manually modifying composer.lock and installed.json), I can repeat your case if ... installed.json does not contain the mirrors section for the package. When I manually add that to installed.json, it then appears to pick the right place to download from (both with Composer 1 and Composer 2). So, I wonder if perhaps Composer never stores the mirrors section of a package in the installed.json file?

@Morgy93
Copy link
Author

Morgy93 commented Mar 14, 2022

@Morgy93 perhaps you can look also at your vendor/composer/installed.json, whether the "mirrors" array is in the "dist" section of the "magento/framework" package, like shown above for composer.lock. (Also could you let me know which version of Composer you are using?)

Sadly I don't have a Private Packagist to test with, but in my initial testing (manually modifying composer.lock and installed.json), I can repeat your case if ... installed.json does not contain the mirrors section for the package. When I manually add that to installed.json, it then appears to pick the right place to download from (both with Composer 1 and Composer 2). So, I wonder if perhaps Composer never stores the mirrors section of a package in the installed.json file?

I think we can take a shortcut here.
Been on 2.1.* before and updated to 2.2.* - I did not expect it to make a difference, since there is no requirement for this module, but it seems to work now. 🙄

I'll close this for now and will report back if I encounter any errors. Thanks very much for the help so far!

@Morgy93 Morgy93 closed this as completed Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@convenient @vaimo-wilko @Morgy93