Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README: update with information about Composer >= 2.2 #141

Merged
merged 3 commits into from
Jan 25, 2022
Merged

README: update with information about Composer >= 2.2 #141

merged 3 commits into from
Jan 25, 2022

Conversation

jrfnl
Copy link
Member

@jrfnl jrfnl commented Dec 23, 2021
edited
Loading

README: update with information about Composer >= 2.2

As of Composer 2.2.0, Composer plugins need to be explicitly allowed to run.

This updates the readme to inform users of this mechanism.

Ref: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution

README: update coding standards dev code sample

... to be a little more realistic for current dev.

🆕 README: add information about adding permission via CLI

@jrfnl
README: update with information about Composer >= 2.2
70cc897 
As of Composer 2.2.0, Composer plugins need to be explicitly allowed to run.

This updates the readme to inform users of this mechanism.

Ref: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution
@jrfnl
README: update coding standards dev code sample
1f79444 
... to be a little more realistic for current dev.
@jrfnl jrfnl requested a review from Potherca December 23, 2021 03:57
Potherca
Potherca previously approved these changes Dec 23, 2021
View reviewed changes
@Potherca
Copy link
Member

I was wondering if, based on this, we need to add --no-interaction anywhere in our pipelines? 🤔

@jrfnl jrfnl mentioned this pull request Dec 23, 2021
Closed
@jrfnl
Copy link
Member Author

jrfnl commented Dec 23, 2021
edited
Loading

I was wondering if, based on this, we need to add --no-interaction anywhere in our pipelines? 🤔

We don't (need to).

The thing is, when doing a composer install/update for this project itself, you don't get the question as this is a Composer plugin. The code of this plugin won't run on itself.
I tested as I wondered how this would work for projects which are Composer plugins, but the plugin is not run on itself and that behaviour is the same as before.

That's also why in the test scrips in the CI, there a separate call to composer install-codestandards to run the script.

Other than that, we use ramsey/composer-install in most places and that will always add --no-interactionto the command.

@jrfnl
Copy link
Member Author

jrfnl commented Dec 24, 2021

Reviewed the scripts now and found a few places we could add --no-interaction. Commit added to PR #140.

@Potherca
Copy link
Member

Good work!

@jrfnl
Copy link
Member Author

jrfnl commented Dec 29, 2021

Inspired by a similar README update I saw in the Composer Normalize README, I've added one more commit which shows the CLI command to add the permission.

@jrfnl
Copy link
Member Author

jrfnl commented Jan 24, 2022

Anything I can do to move this PR forward ?

@Potherca
Copy link
Member

It was mostly a lack of time that kept this standing still.

I had a deadline at work that kept me busy throughout the holidays, and I had to help the kids with school as we were in quarantine. This coming week the kids are back to school and I have time of from work (we made the deadline 🎉), so I plan on catching up here and in other projects.

@Potherca Potherca merged commit 09874cb into master Jan 25, 2022
@Potherca Potherca deleted the feature/readme-update-for-composer-2.2 branch January 25, 2022 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Potherca Potherca Potherca approved these changes

Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
Release v0.7.2
Development

Successfully merging this pull request may close these issues.
2 participants
@jrfnl @Potherca