Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Why "minimum-stability": "dev" ?
  • kenjiskenjis
    Fuel's composer.json has "minimum-stability": "dev". But why "dev"?

    Because of it, "dev-master" of a package which another package depends on installed and it does not work with because of API change.

    I removed     minimum-stability, stable version was installed and works fine.

    And now, oil create installs:
      - Installing psr/log (dev-master a78d650)
        Cloning a78d6504ff5d4367497785ab2ade91db3a9fbe11
    If I remove     minimum-stability:
      - Updating psr/log (dev-master a78d650 => 1.0.0)
        Checking out fe0936ee26643249e916849d48e3a51d5f5e278b

    I seems that we don't need     "minimum-stability": "dev".
    What do you think?
  • HarroHarro
    Unless you have specific requirements, when developing it is good practive to develop against the latest version. It basically means it checks out HEAD instead of a version.

    When releasing, it is good practice to change it and pin it to the version you developed against. Which until now we haven't done, but we should.
  • kenjiskenjis
    > One way to fix the problem would be to just lower your minimum-stability
    down to "dev". But that's usually a really bad idea, because it applies to all
    constraints and as a result you will get unstable versions of all packages.

    > So please, don't do that.

    https://igor.io/2013/02/07/composer-stability-flags.html


    To me, we should reomve "minimum-stability:dev" in Fuel's default composer.json.

    Because

    1. we get unstable versions of all packages.

    2. and in some cases, it breaks package dependency (eg, pacakge A depends on package B's specific version, but dev-master of B which API changes is installed)


    And I don't get the relation fixing version when releasing and "minimum-stability:dev".


  • sagikazarmarksagikazarmark
    You can also commit you composer.lock file in you repo, so when you do composer install, you will always get the same dependencies installed. You can do a composer update before version checks, so the lock file gets updated with the latest HEAD. This way you don't force developers to use one version.

    However, it is not recommended only in early development phases. Harro's comment is the recommended way.
  • kenjiskenjis
    I commit composer.lock and I think all other developers of my team should use "composer install" to use the exact same version of all packages.

    And if we want to use HEAD of some packages, we should set the version to "dev" in our project composer.json. But "minimum-stability:dev" may force to use HEAD to dependent packages.

    I don't understand Harro's way exactly. I want to ask for example.

    Now Fuel installs psr/log HEAD. HEAD is https://github.com/php-fig/log/commit/a78d6504ff5d4367497785ab2ade91db3a9fbe11. It is 4 months ago.
    And what do we do when we release my app? Do we change psr/log version to "1.0.0"?
    Version 1.0.0 is https://github.com/php-fig/log/commit/fe0936ee26643249e916849d48e3a51d5f5e278b.
    It is a year ago.

    Why do we have to use psr/log HEAD? To me it is enough to use 1.0.0 from the beginning.

  • HarroHarro
    What I mean is that (unless you have specific reasons not to) you develop against the latest version of the libraries you intend to use. Which depending on the library might be a tagged version (if that is actively used), a specific commit, or HEAD.

    When you release, you need to pin the libraries on the version you developed against, to avoid incompatibilities when newer versions are released. How you pin depends a bit on the library in question. For Psr\Log, pinning on version seems impractical given the age of the only tag used.

    But for Psr\Log specifically, I don't see any need of mentioning it in the composer.json at all, as Fuel doesn't use it. It's a dependency of Monolog, so Monolog's composer.json should define the version.
  • kenjiskenjis
    >
    But for Psr\Log specifically, I don't see any need of mentioning it
    in the composer.json at all, as Fuel doesn't use it. It's a dependency
    of Monolog, so Monolog's composer.json should define the version.

    Yes, Psr\Log is the package which Monolog depends on. And Monolog defines the version as below:

        "require": {
            "php": ">=5.3.0",
            "psr/log": "~1.0"
        },

    But Fuel installs dev-master a78d650, instead of version 1.0.0.

  • kenjiskenjis
    I think, we use composer.lock and "composer install" to pin the version. That's enough.

    What I say here is why Fuel has "minimum-stability: dev".

  • HarroHarro
    And what I replied was: "in a develop repo it should, in a master repo it should be pinned to the version you have developed against".

    So I will change that when I release 1.7.2.
  • kenjiskenjis
    Do you mean "minimum-stability: dev" in deveop branch, "minimum-stability: stable" in master branch?

  • HarroHarro
    Accepted Answer
    Yes. Or remove it all together, because it defaults to stable.
  • kenjiskenjis
    I got it. Thank you for your replies.

Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion