Fixing the lock file

[janhartigan]

Hey @franzliedke thanks a lot for taking the time to put together the recent release.

However, I have noticed one significant issue with the newly-generated composer.lock file. Normally composer generates something like this:

{
    "name": "owner/repo",
    "version": "dev-master",
    "source": {
        "type": "git",
        "url": "git@github.com:owner/repo.git",
        "reference": "2cf2e58fc8b71f44dbcca306cf7e16a65a2d4e97"
    },
    ...
}

There would also be a dist with the zipped contents of the git repo.

With the new updates, the composer lock file now looks like this:

{
    "name": "owner/repo",
    "version": "dev-master",
    "dist": {
        "type": "path",
        "url": "../../path/to/repo/",
        "reference": "2cf2e58fc8b71f44dbcca306cf7e16a65a2d4e97",
        "shasum": null
    },
    ...
}

Trouble with this is that when we push the code up through the pipeline, our servers will try to install that composer.lock file and it won't be able to figure out how to grab the dist. Since you're already using this in a real project, I'm guessing there's some other approach that I'm missing. Let me know what you think.

[franzliedke]

Darn, that really is a problem I did not foresee. I probably did not notice this because I did not commit the lock file (yet) in the projects where I was using this.

I'll have to think about that one for a bit...

[tobyzerner]

I'm having a hard time thinking of a clean way to fix this. Should the onus be on the user to temporarily disable studio and then run composer update if they want to commit an updated lock file? Maybe Studio could automate this process (studio lock or something)

[RemiCollin]

I guess ideally Studio would hook in right after composer.lock file is created, right before generating autoload files. I don't have enough knowledge of the inner workings of composer to say if that's possible or not, though.

[franzliedke]

I haven't looked into the implementation yet, but if the entries in composer.lock are generated by the repository instances that Composer uses, we might be able to fix this by using our own repository implementation, as hinted at in #56.

[janhartigan]

@franzliedke that sounds like a great idea. So everyone is aware, these are the repositories in question:

https://github.com/composer/composer/tree/master/src/Composer/Repository

Looks like the default version is the ComposerRepository. The one that Studio is currently using is the PathRepository.

Man, looking at that ComposerRepository, that library desperately needs some refactoring work.

Edit: Actually I guess we have to be careful here as we should fall back to the repository that would it have used if Studio didn't exist. That might be something like a VCS repository (as is the case in our system).

[jonnywilliamson]

I'm having this exact same issue. I can't commit my lock file at the moment.

I have no suggestions as I don't have enough programming skill to come up with a solution, but thanks for looking into this.

[mnpenner]

So...until this is fixed, we have to manually edit studio.json, clear out the paths, run composer update on each of the repos, commit/push and then restore the paths?

studio scrap sounds like it wants to delete my whole project, I just wanted to temporarily unlink it.

[LavaToaster]

@mnpenner Out of curiosity, if you ran composer update --no-plugins does that work?

[janhartigan]

@mnpenner alternatively you can downgrade to an older version of studio (0.9.5). That's what we've done until it's fixed.

[warksit]

@Lavoaster yes totally, Have changed install scripts on production servers to composer update --no-plugins (and other flags such as --no-dev) and all good.

[janhartigan]

@warksit trouble with that is that composer update wasn't really intended to be run in a production environment.

[swt83]

I can't use version 0.9.5 bc Composer gives me some error:

  Problem 1
    - Installation request for franzl/studio 0.9.5 -> satisfiable by franzl/studio[0.9.5].
    - franzl/studio 0.9.5 requires composer-plugin-api 1.0.0 -> no matching package found.

The newer versions of this repo (anything post 0.9.5) don't seem to actually load the packages referenced in my studio.json file. So now I'm stuck.