Specifying specific commit in update fails to update. #9847

Danack · 2021-04-24T18:16:42Z

TL:DR specifying specific sha on update fails to update the dependency to that version.

My composer.json:

{
    "name": "test/test",
    "description": "testing update",
    "type": "project",
    "require": {
        "phpopendocs/blank-project": "dev-main#2992e294e113aee9e144f468c4a44563bf25d0be"
    },
    "license": "MIT",
    "minimum-stability": "dev"
}

Output of composer diagnose:

# php composer.phar diagnose
Checking composer.json: WARNING
The package "phpopendocs/blank-project" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: FAIL
Missing pubkey for tags verification
Missing pubkey for dev verification
Run composer self-update --update-keys to set them up
Checking composer version: OK
Composer version: 2.0.12
PHP version: 7.4.16
PHP binary path: /usr/bin/php7.4
OpenSSL version: OpenSSL 1.1.1j  16 Feb 2021
cURL version: 7.52.1 libz 1.2.8 ssl OpenSSL/1.0.2u
zip: extension present, unzip not available

running composer update installs the version dev-main#2992e294e113aee9e144f468c4a44563bf25d0be as expected.

When I run this command:

php composer.phar update phpopendocs/blank-project=dev-main#301a83b393cb268e38b683b104ed323a38a42097 --no-cache -vvv

I get the following output:

# php composer.phar update phpopendocs/blank-project=dev-main#301a83b393cb268e38b683b104ed323a38a42097 --no-cache -vvv
Disabling cache usage
Reading ./composer.json (/var/app/temp/composer.json)
Loading config file ./composer.json (/var/app/temp/composer.json)
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/var/app/temp): git branch -a --no-color --no-abbrev -v
Failed to initialize global composer: Composer could not find the config file: /root/.config/composer/composer.json

Reading /var/app/temp/vendor/composer/installed.json
Running 2.0.12 (2021-04-01 10:14:59) with PHP 7.4.16 on Linux / 5.4.72-microsoft-standard-WSL2
Reading ./composer.lock (/var/app/temp/composer.lock)
Loading composer repositories with package information
Downloading https://repo.packagist.org/packages.json
[200] https://repo.packagist.org/packages.json
Downloading https://repo.packagist.org/p2/phpopendocs/blank-project.json
Downloading https://repo.packagist.org/p2/phpopendocs/blank-project~dev.json
[200] https://repo.packagist.org/p2/phpopendocs/blank-project.json
[200] https://repo.packagist.org/p2/phpopendocs/blank-project~dev.json
Updating dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.001 seconds
Analyzed 78 packages to resolve dependencies
Analyzed 79 rules to resolve dependencies
Nothing to modify in lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!

The exit code is 0 indicating no error:

# echo $?
0

And I expected this to happen:

The commit with sha 301a83b393cb268e38b683b104ed323a38a42097 to be installed.
An error message about "unknown version" and error exit code if the update command doesn't result in the specified version being installed.

In case it is of use, here is the composer lock file:

# cat composer.lock
{
    "_readme": [
        "This file locks the dependencies of your project to a known state",
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
    "content-hash": "2b288f00ec34428356add44468def9bd",
    "packages": [
        {
            "name": "phpopendocs/blank-project",
            "version": "dev-main",
            "source": {
                "type": "git",
                "url": "https://github.com/PHPOpenDocs/BlankProject.git",
                "reference": "2992e294e113aee9e144f468c4a44563bf25d0be"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/PHPOpenDocs/BlankProject/zipball/2992e294e113aee9e144f468c4a44563bf25d0be",
                "reference": "2992e294e113aee9e144f468c4a44563bf25d0be",
                "shasum": ""
            },
            "require-dev": {
                "danack/coding-standard": "0.1.0",
                "slevomat/coding-standard": "^4.8.4",
                "squizlabs/php_codesniffer": "^3.3.1",
                "yoast/yoastcs": "1.0"
            },
            "default-branch": true,
            "type": "library",
            "autoload": {
                "psr-0": {
                    "Blank\\": "src/"
                },
                "files": [
                    "src/functions.php"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "CC-BY-NC-4.0"
            ],
            "authors": [
                {
                    "name": "Danack",
                    "email": "danack@basereality.com"
                }
            ],
            "description": "A blank PHPOpenDoc project.",
            "support": {
                "issues": "https://github.com/PHPOpenDocs/BlankProject/issues",
                "source": "https://github.com/PHPOpenDocs/BlankProject/tree/main"
            },
            "funding": [
                {
                    "url": "https://github.com/Danack",
                    "type": "github"
                }
            ],
            "time": "2021-04-24T16:41:28+00:00"
        }
    ],
    "packages-dev": [],
    "aliases": [],
    "minimum-stability": "dev",
    "stability-flags": {
        "phpopendocs/blank-project": 20
    },
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": [],
    "platform-dev": [],
    "plugin-api-version": "2.0.0"
}

Also btw, updating the composer.json to reference "phpopendocs/blank-project": "dev-main#301a83b393cb268e38b683b104ed323a38a42097" correctly installs that version, so composer is able to find that version.

The text was updated successfully, but these errors were encountered:

Seldaek · 2021-04-26T12:23:21Z

Hm yeah I think that's an oversight of the inline-require-modification feature, that these #commit-ref references are not taken into account as being valid root package references. Should be fixable though.

* Include stdout as well as stderr if git stash/diff/.. fails, fixes composer#9720 * Remove version argument from why and enforce it for why-not command, refs composer#9693 * Fix compiler on Windows (composer#9730) * Preserve file permissions on Windows self-update (composer#9733) Windows file operations result in different file permissions depending if the file is copied or moved. A copy operation applies permissions from the destination folder (or file if it already exists and does not use inheritance), while a move operation generally preserves the source file permissions. Windows PHP `rename` uses MoveFileEx so if the user is running as an admin and the destination is in a common (non-user) location, then the permission for other users will be replaced by the admin user. Likewise for the UAC elevation feature, which uses the cmd.exe `move` command. This fix uses copy and delete operations on Windows, so that other users can continue to run composer.phar * Proxy handling docs and tweaks (composer#9735) * Fix functional tests to use the same PHP version as PHPUnit runs with * Add support for @php <abs path to binary from PATH>, fixes composer#9726 * Fix issue extracting archives into paths that already exist, fixes composer/installers#479 * Avoid using str_replace for dev-master replacement as that may be a valid part of a branch name, fixes composer#9739 * Fix php-proxying of binaries to avoid proxying phar files, fixes composer#9742 * Make sure that single files installed via file downloader get the executable bit set if they are a binary file, refs composer#9742 * Fix var shadowing * Fix unclear error when a package can be found in lock but not in the remote repo, fixes composer#9750 * Update release step to use php8 as it produces slightly different output wrt white-space, fixes composer#9746 * Bump phpstan to level 3 (composer#9734) Clean up PackageInterface/CompletePackageInterface, add missing methods, type things in solver as BasePackage, added CompleteAliasPackage, .. * Update GitHub token pattern GitHub is updating the format of auth tokens from `a-z0-9` to `A-Za-z0-9` ([notice](https://github.blog/changelog/2021-03-04-authentication-token-format-updates/)). I'm not sure why `.` is allowed, but I dare not to remove it. In this PR, the token validation regex is updated to allow `A-Za-z0-9` instead of the current all lower-case `a-z` and disallowed `_`. * Document GH token usage and also make sure we redact them in Process debug output, refs composer#9757 * Remove output "summary" from fund command. Fund does not provide this type of format. (composer#9748) * Clarify behavior of name in VCS repo, closes composer#9752 * Add --format json to search command (composer#9747) Co-authored-by: Jordi Boggiano <j.boggiano@seld.be> * Attempt working around Vagrant filesystem issues, added COMPOSER_RUNTIME_ENV env var (set to vagrant), fixes composer#9627 * Prefer @phpstan- annotations as that is what we run against * Fix phpdoc * Make full functional test output more reliable * Create pull_request_template.md * Only call sapi_windows_set_ctrl_handler() for CLI requests (composer#9771) * MaxFileSizeException should reject download job (composer#9778) * Also attempt working around Vagrant filesystem issues when installing plugins initially, refs composer#9627 * Add source package name to debug info when enabling plugins * Add dev mode env var for scripts run (composer#9793) Co-authored-by: Vitali Tsyrkin <vitalit@playtika.com> * Update github token pattern to match their latest updates * Update changelog * Tweak virtualbox detection and improve it by detecting vbox additions, refs composer#9627 * Update changelog * Fixed detection of hg version when localized, fixes composer#9753 * Fix type warning on php8.1, refs composer#9770 * Support --no-dev combined with --locked in outdated/show commands, fixes composer#9788 * Improve InstalledVersions docs slightly * Fix doctype annotations * Change root.dev-requirement to root.dev in installed.php as the root is not required per se, and this simply tracks the dev mode at install time * Fix tests * Make ComposerRepository::configurePackageTransportOptions() protected. (composer#9818) * Fix doctype annotations * Switch to composer/metadata-minifier, fixes composer#9727 * Add new dep to the tests * Change default preferred-install to dist, add --prefer-install=auto|dist|source to allow specifying auto (composer#9603) Fixes composer#9546 Fixes composer#9674 * Add warning when loading plugins of type composer-installer as they are unlikely to function correctly and should be upgraded to the composer-plugin type * Fix output listing some updates that do not really happen when updating mirrors/--lock, fixes composer#9812 * Make sure update mirrors/--lock keeps the release date of the original reference when dev versions have newer commits, refs composer#9812 * Fire POST_FILE_DOWNLOAD event for metadata fetched by ComposerRepository. * Clean stuff up and deprecate old usages for PostFileDownloadEvent * Add repository instance to Pre/PostFileDownloadEvent metadata * Added link to composer.org docs on ProcessTimedOutException (composer#9796) * ComposerRepository::asyncFetchFile() does not pass the downloaded URL to PostFileDownloadEvent (composer#9827) * Update 00-intro.md * Upgrade to xdebug-handler 2 (composer#9832) This adds support for Xdebug3 modes and changes the default behaviour from always restarting if Xdebug is loaded, to only restarting if Xdebug is active. Xdebug is considered active if it is loaded, and for Xdebug3, if it is running in a mode other than `xdebug.mode=off`. * Fix source links, fixes composer#9836 * Allow PreFileDownloadEvent to carry transport options for metadata (composer#9831) * Use jsonc highlighting * "composer init --autoload" - Interactive generates PSR-4 autoloader in composer.json (composer#9829) - Generates PSR-4 autoload entry in composer.json. - Run dump-autoload, if no dependencies are set * Fix install step at the end of init command * Fix install step at the end of init command * Merge pull request from GHSA-h5h8-pc6h-jvvx * Fix external process calls to avoid user input being able to pass extra parameters * Tweak some fixes * Merge pull request from GHSA-h5h8-pc6h-jvvx * Fix external process calls to avoid user input being able to pass extra parameters * Tweak some fixes * Update changelog * Update changelog * Add basic source/dist validation * Allow ints in source/dist reference * Also make sure type is correct for preg_match * BinaryInstaller: install full binaries on WSL when bin-compat=auto (composer#9855) * Hint at a branch rename if we detect dev-master can not be found but dev-main or dev-default exists, fixes composer#9850 * Also condense dev-* versions if there are many, refs composer#9850 * Introduce a cross-platform safe version of is_readable to support UNC / wsl$ paths on Windows (composer#9861) * Fix handling of inline-update-constraints with refs or stability flags, fixes composer#9847 * Link to GitLab documentation for auth (composer#9833) Co-authored-by: Jordi Boggiano <j.boggiano@seld.be> * Avoid leaving the event stack in a dirty state if an event listener throws, fixes composer#9846 * Fix invalid interface usage * Fix type issues with root package interface * Also handle throwable on supported php versions * Fix EOL of text files (composer#9877) * Fix update fork changes * Add skipping svn downloader * Revert skipping in svn downloader Co-authored-by: Jordi Boggiano <j.boggiano@seld.be> Co-authored-by: Nils Adermann <naderman@naderman.de> Co-authored-by: John Stevenson <john-stevenson@blueyonder.co.uk> Co-authored-by: Ayesh Karunaratne <ayesh@aye.sh> Co-authored-by: ochorocho <jochen.roth@b13.com> Co-authored-by: Brandon Kelly <brandon@pixelandtonic.com> Co-authored-by: Stephan <glaubinix@users.noreply.github.com> Co-authored-by: vitman <vitalyhome@tut.by> Co-authored-by: Vitali Tsyrkin <vitalit@playtika.com> Co-authored-by: Adam <adam@phenaproxima.net> Co-authored-by: Markus Staab <markus.staab@redaxo.de> Co-authored-by: Antoine Makdessi <amakdessi@me.com> Co-authored-by: Andreas Scheibel <contact@camya.com> Co-authored-by: Markus Staab <47448731+clxmstaab@users.noreply.github.com> Co-authored-by: timrizzi <tim.rizzi@gmail.com> Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>

Seldaek added this to the 2.0 milestone Apr 26, 2021

Seldaek added the Bug label Apr 26, 2021

Seldaek closed this as completed in a844fce May 4, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Sponsors

Specifying specific commit in update fails to update. #9847

Specifying specific commit in update fails to update. #9847

Danack commented Apr 24, 2021

Seldaek commented Apr 26, 2021

Specifying specific commit in update fails to update. #9847

Specifying specific commit in update fails to update. #9847

Comments

Danack commented Apr 24, 2021

Seldaek commented Apr 26, 2021