From b82a0fb9923a66906ab7f5faf63f26aa0f229443 Mon Sep 17 00:00:00 2001 From: Jason Woods Date: Sun, 17 Jan 2021 12:27:22 +0000 Subject: [PATCH 1/2] Prevent unnecessary downloads of library packages - just update the json/lock files --- composer/helpers/v2/src/LibraryInstaller.php | 27 +++++++++ composer/helpers/v2/src/UpdateChecker.php | 2 +- composer/helpers/v2/src/Updater.php | 12 +++- .../file_updater/lockfile_updater_spec.rb | 55 +++---------------- 4 files changed, 47 insertions(+), 49 deletions(-) create mode 100644 composer/helpers/v2/src/LibraryInstaller.php diff --git a/composer/helpers/v2/src/LibraryInstaller.php b/composer/helpers/v2/src/LibraryInstaller.php new file mode 100644 index 00000000000..18b24ee6c71 --- /dev/null +++ b/composer/helpers/v2/src/LibraryInstaller.php @@ -0,0 +1,27 @@ +getConfig()->get('bin-dir'), '/'), $composer->getConfig()->get('bin-compat'), $fs); - $installationManager->addInstaller(new Installer\LibraryInstaller($io, $composer, null, $fs, $binaryInstaller)); + $installationManager->addInstaller(new LibraryInstaller()); $installationManager->addInstaller(new Installer\PluginInstaller($io, $composer, $fs, $binaryInstaller)); $installationManager->addInstaller(new Installer\MetapackageInstaller($io)); diff --git a/composer/helpers/v2/src/Updater.php b/composer/helpers/v2/src/Updater.php index 3b2cb7191b5..df8b2078fb3 100644 --- a/composer/helpers/v2/src/Updater.php +++ b/composer/helpers/v2/src/Updater.php @@ -7,6 +7,7 @@ use Composer\DependencyResolver\Request; use Composer\Factory; use Composer\Installer; +use Composer\Util\Filesystem; final class Updater { @@ -62,6 +63,15 @@ public static function update(array $args): array $io->loadConfiguration($config); } + $installationManager = new DependabotInstallationManager($composer->getLoop(), $io); + + $fs = new Filesystem(null); + $binaryInstaller = new Installer\BinaryInstaller($io, rtrim($composer->getConfig()->get('bin-dir'), '/'), $composer->getConfig()->get('bin-compat'), $fs); + + $installationManager->addInstaller(new LibraryInstaller()); + $installationManager->addInstaller(new Installer\PluginInstaller($io, $composer, $fs, $binaryInstaller)); + $installationManager->addInstaller(new Installer\MetapackageInstaller($io)); + $install = new Installer( $io, $config, @@ -69,7 +79,7 @@ public static function update(array $args): array $composer->getDownloadManager(), $composer->getRepositoryManager(), $composer->getLocker(), - $composer->getInstallationManager(), + $installationManager, $composer->getEventDispatcher(), $composer->getAutoloadGenerator() ); diff --git a/composer/spec/dependabot/composer/file_updater/lockfile_updater_spec.rb b/composer/spec/dependabot/composer/file_updater/lockfile_updater_spec.rb index fc6d62a68bd..d0684e1cd79 100644 --- a/composer/spec/dependabot/composer/file_updater/lockfile_updater_spec.rb +++ b/composer/spec/dependabot/composer/file_updater/lockfile_updater_spec.rb @@ -311,37 +311,8 @@ let(:project_name) { "env_variable" } context "that hasn't been provided" do - it "raises a MissingEnvironmentVariable error" do - expect { updated_lockfile_content }.to raise_error do |error| - expect(error).to be_a(Dependabot::MissingEnvironmentVariable) - expect(error.message).to eq("Missing environment variable ACF_PRO_KEY") - end - end - end - - context "that has been provided" do - let(:updater) do - described_class.new( - dependency_files: files, - dependencies: [dependency], - credentials: [{ - "type" => "git_source", - "host" => "github.com", - "username" => "x-access-token", - "password" => "token" - }, { - "type" => "php_environment_variable", - "env-key" => "ACF_PRO_KEY", - "env-value" => "example_key" - }] - ) - end - - it "runs just fine (we get a 404 here because our key is wrong)" do - expect { updated_lockfile_content }.to raise_error do |error| - expect(error).to be_a(Dependabot::DependencyFileNotResolvable) - expect(error.message).to include("404") - end + it "does not attempt to download and has details of the updated item" do + expect(updated_lockfile_content).to include("\"version\":\"5.9.2\"") end end end @@ -544,11 +515,8 @@ }] end - it "raises a helpful errors" do - expect { updated_lockfile_content }.to raise_error do |error| - expect(error).to be_a Dependabot::PrivateSourceAuthenticationFailure - expect(error.source).to eq("nova.laravel.com") - end + it "does not attempt to download and has details of the updated item" do + expect(updated_lockfile_content).to include("\"version\":\"v2.0.9\"") end end end @@ -577,11 +545,8 @@ ) end - it "raises a helpful errors" do - expect { updated_lockfile_content }.to raise_error do |error| - expect(error).to be_a Dependabot::GitDependencyReferenceNotFound - expect(error.dependency).to eq("monolog/monolog") - end + it "does not attempt to install it and has details of the updated item" do + expect(updated_lockfile_content).to include("\"version\":\"v1.6.0\"") end end @@ -609,12 +574,8 @@ ) end - it "raises a helpful errors" do - expect { updated_lockfile_content }.to raise_error do |error| - expect(error).to be_a Dependabot::GitDependencyReferenceNotFound - expect(error.dependency). - to eq("monolog/monolog") - end + it "does not attempt to install it and has details of the updated item" do + expect(updated_lockfile_content).to include("\"version\":\"v1.6.0\"") end end From d6e97a087f27bb86eadb2f40431974363238acb9 Mon Sep 17 00:00:00 2001 From: Jason Woods Date: Fri, 14 Jan 2022 19:46:18 +0000 Subject: [PATCH 2/2] Remove custom installation manager, disable all installs, and use locked repository to get installed packages --- composer/helpers/v2/src/LibraryInstaller.php | 27 -------------------- composer/helpers/v2/src/UpdateChecker.php | 15 +++-------- composer/helpers/v2/src/Updater.php | 13 ++-------- 3 files changed, 5 insertions(+), 50 deletions(-) delete mode 100644 composer/helpers/v2/src/LibraryInstaller.php diff --git a/composer/helpers/v2/src/LibraryInstaller.php b/composer/helpers/v2/src/LibraryInstaller.php deleted file mode 100644 index 18b24ee6c71..00000000000 --- a/composer/helpers/v2/src/LibraryInstaller.php +++ /dev/null @@ -1,27 +0,0 @@ -loadConfiguration($config); } - $installationManager = new DependabotInstallationManager($composer->getLoop(), $io); - - $fs = new Filesystem(null); - $binaryInstaller = new Installer\BinaryInstaller($io, rtrim($composer->getConfig()->get('bin-dir'), '/'), $composer->getConfig()->get('bin-compat'), $fs); - - $installationManager->addInstaller(new LibraryInstaller()); - $installationManager->addInstaller(new Installer\PluginInstaller($io, $composer, $fs, $binaryInstaller)); - $installationManager->addInstaller(new Installer\MetapackageInstaller($io)); - $install = new Installer( $io, $config, @@ -64,7 +54,7 @@ public static function getLatestResolvableVersion(array $args): ?string $composer->getDownloadManager(), $composer->getRepositoryManager(), $composer->getLocker(), - $installationManager, + $composer->getInstallationManager(), $composer->getEventDispatcher(), $composer->getAutoloadGenerator() ); @@ -72,6 +62,7 @@ public static function getLatestResolvableVersion(array $args): ?string // For all potential options, see UpdateCommand in composer $install ->setUpdate(true) + ->setInstall(false) ->setDevMode(true) ->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS) ->setDumpAutoloader(false) @@ -86,7 +77,7 @@ public static function getLatestResolvableVersion(array $args): ?string $install->run(); - $installedPackages = $installationManager->getInstalledPackages(); + $installedPackages = $composer->getLocker()->getLockedRepository(true)->getPackages(); $updatedPackage = current(array_filter($installedPackages, static function (PackageInterface $package) use ($dependencyName): bool { return $package->getName() === $dependencyName; diff --git a/composer/helpers/v2/src/Updater.php b/composer/helpers/v2/src/Updater.php index df8b2078fb3..3210ade81e0 100644 --- a/composer/helpers/v2/src/Updater.php +++ b/composer/helpers/v2/src/Updater.php @@ -7,7 +7,6 @@ use Composer\DependencyResolver\Request; use Composer\Factory; use Composer\Installer; -use Composer\Util\Filesystem; final class Updater { @@ -63,15 +62,6 @@ public static function update(array $args): array $io->loadConfiguration($config); } - $installationManager = new DependabotInstallationManager($composer->getLoop(), $io); - - $fs = new Filesystem(null); - $binaryInstaller = new Installer\BinaryInstaller($io, rtrim($composer->getConfig()->get('bin-dir'), '/'), $composer->getConfig()->get('bin-compat'), $fs); - - $installationManager->addInstaller(new LibraryInstaller()); - $installationManager->addInstaller(new Installer\PluginInstaller($io, $composer, $fs, $binaryInstaller)); - $installationManager->addInstaller(new Installer\MetapackageInstaller($io)); - $install = new Installer( $io, $config, @@ -79,7 +69,7 @@ public static function update(array $args): array $composer->getDownloadManager(), $composer->getRepositoryManager(), $composer->getLocker(), - $installationManager, + $composer->getInstallationManager(), $composer->getEventDispatcher(), $composer->getAutoloadGenerator() ); @@ -88,6 +78,7 @@ public static function update(array $args): array $install ->setWriteLock(true) ->setUpdate(true) + ->setInstall(false) ->setDevMode(true) ->setUpdateAllowList([$dependencyName]) ->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS)