This has been discussed multiple times in multiple questions on SO, but all the answers given refuse to work for me accept this answer:
Contributing to open source bundles from vendor directory?
I've tested this on multiple machines, so I'm pretty sure it's not an isolated incident.
But using the type "package" is considered bad practice I read. Can someone explain to me why this is not working? It won't load the forked repository!
{
"repositories":
[
{
"type": "vcs",
"url": "https://github.com/flyandi/lumen-doctrine.git"
}
],
"require": {
"nordsoftware/lumen-doctrine": "dev-master#dev"
}
}
update
So it turns out it has something todo with the stability of packages more about that here:
https://igor.io/2013/02/07/composer-stability-flags.html
I then tried this which works:
{
"repositories":
[
{
"type": "vcs",
"url": "https://github.com/flyandi/lumen-doctrine.git"
}
],
"require": {
"nordsoftware/lumen-doctrine": "dev-master#dev"
},
"prefer-stable" : true,
"minimum-stability": "dev"
}
What I don't understand is way the #dev flag doesn't work though? Can someone elaborate?
Composer tries to resolve into a stable set of packages by default.
It won't resolve, because the package you are fetching (via alias)
uses development dependencies itself. The dependency doctrine/orm of the package you are fetching lumen-doctrine is required in dev mode.
And the need for this development dependency bubbles up to your package.
When you add dev-master or dev-master#dev for nordsoftware/lumen-doctrine
it works only for this package.
The #dev makes explicit, what we already know because of the dev- prefix: its a request for a dev version, but it doesn't change the stability for all packages - and it doesn't set the stability for dependencies of the package.
The installation request for nordsoftware/lumen-doctrineis satisfiable by dev-master (and by a number of tagged versions).
The problem is that the package doctrine/orm is not satisfiable, because nordsoftware/lumen-doctrine dev-master requires doctrine/orm ~2.6#dev
Your options are:
set the minimum-stability of all packages to dev (you already have that)
or just add doctrine/orm and go lower in stability only on this package
by using ~2.6#dev or 2.6.x-dev
{
"repositories":
[
{
"type": "vcs",
"url": "https://github.com/flyandi/lumen-doctrine.git"
}
],
"require": {
"nordsoftware/lumen-doctrine": "dev-master",
"doctrine/orm": "~2.6#dev"
}
}
Related
I'm currently developing my own composer packages, but they failed trying to execute composer update.
This is my root composer.json:
{
...
"repositories": {
"bar": {
"type": "path",
"url": "packages/pinnokkio/bar",
"options": {
"symlink": true
}
}
},
"require": {
"php": "^8.0",
...
"pinnokkio/bar": "#dev"
},
...
}
This means, package pinnokkio/bar should be installed. And package pinnokkio/bar requires pinnokkio/foo as a dependency.
composer.json of pinnokkio/bar:
{
"name": "pinnokkio/bar",
...
"repositories": {
"foo": {
"type": "path",
"url": "../foo",
"options": {
"symlink": true
}
}
},
"require": {
"pinnokkio/foo": "#dev"
},
...
}
composer.json of pinnokkio/foo:
{
"name": "pinnokkio/foo",
"require": {
"php": "^8.0"
},
...
}
All in all, in my main composer.json, I'm going to require a package that requires pinnokkio/foo to run. And further upcoming packages all require pinnokkio/foo in order to run, but unfortunately, I'm getting this error trying to execute composer update. All packages are located in <root>/packages/:
Problem 1
- pinnokkio/bar[dev-feature-modules, dev-master] require pinnokkio/foo#dev -> could not be found in any version, there may be a typo in the package nam
e.
- Root composer.json requires pinnokkio/bar#dev -> satisfiable by pinnokkio/bar[dev-feature-modules, dev-master].
The repositories key is only read on the root composer.json.
As explained on the docs:
Repositories are not resolved recursively. You can only add them to your main composer.json. Repository declarations of dependencies' composer.jsons are ignored.
Resolving repositories recursively would be problematic. If multiple packages declared different repositories that included the same package, how would composer know which to use?
Also, this would open the door for dependencies hijacking your system by providing alternate repositories for known packages, and you'd end up installing untrusted packages in your system.
If you are installing multiple packages from a custom repositories, all the custom repositories need to be declared on the root configuration file.
Running into an issue with composer. I have a main project that im working on with some some small libraries I built that I want to more easily share between my projects. They are nowhere near release ready, so I do't want to add them to packagist, but when I require 1 that requires another, it will error unless I ad that custom repository as well on my master composer.json
also, the tertiary requirement can not resolve packagist libraries
Your requirements could not be resolved to an installable set of packages.
Problem 1
- ethereal/simpleCache dev-master requires predis/predis ^1.1#dev -> no matching package found.
- ethereal/simpleCache dev-master requires predis/predis ^1.1#dev -> no matching package found.
- Installation request for ethereal/simplecache dev-master -> satisfiable by ethereal/simpleCache[dev-master].
Main Project composer.json:
{
"name": "ethereal/SimpleTable",
"type": "project",
"repositories": [
{
"type": "vcs",
"url": "https://github.com/mathus13/SimpleConfig.git"
}
],
"require": {
"php": ">=5.3.9",
"doctrine/dbal": "^2.6#dev",
"ethereal/SimpleConfig": "dev-master"
},
"require-dev": {
"phpunit/phpunit": "~4.8"
},
"autoload": {
"psr-4": {
"Ethereal\\": "lib"
}
}
}
config library: when running composer update in SimpleTable, Simple Cache will not be included unless explicitly required in SimpleTable.
{
"name": "ethereal/SimpleConfig",
"type": "project",
"version": "0.0.1",
"repositories": [
{
"type": "vcs",
"url": "https://github.com/mathus13/SimpleCache.git"
}
],
"require": {
"php": ">=5.3.9",
"ethereal/SimpleCache": "dev-master"
},
"require-dev": {
"phpunit/phpunit": "~4.8"
},
"autoload": {
"psr-4": {
"Ethereal\\": "lib"
}
}
}
cache library: when running composer update in SimpleTable, predis can not be resolved.
{
"name": "ethereal/simpleCache",
"type": "project",
"version": "0.0.1",
"require": {
"predis/predis": "^1.1#dev",
"php": ">=5.3.9"
},
"require-dev": {
"phpunit/phpunit": "~4.8"
},
"autoload": {
"psr-4": {
"Ethereal\\": "lib"
}
}
}
ethereal/SimpleTable depends on ethereal/SimpleConfig in dev stability, which depends on ethereal/SimpleCache in dev stability, which depends on predis/predis in dev stability (version 1.1 hasn't been released yet).
Packages included into the main package cannot define any stability, the only stability allowed is the one in the main package. And that is "stable" by default.
You made ONE exception from this rule by depending on "dev-master" for SimpleConfig", but this is not inherited.
You have multiple solutions:
Tag your software. Tags declare it more stable than "dev", and it generally is a good idea to only use tagged software in production.
Include ALL your own packages that are needed in the main package, even if they are not directly used. This will add exceptions from the general stability for them, and allow Composer to resolve any sub dependencies.
You can add "minimum-stability":"dev" to the main composer.json, but this will also allow all other packages to be installed from a branch. Using branches however is a very bad thing, because you cannot easily go back to the version that was working before you did the update - the branch pointer moves only forward. Only tags will point to the same software forever.
Adding "prefer-stable":true" is some sort of workaround for the problem that 3 introduces for packages that are already available in a stable release version. However you still have the problem of not being able to go back to your own packages' earlier versions, because you are using a branch.
If you are still developing these packages, depending on branches may seem necessary. However, a good package will be able to be developed and tested standalone, with barely any foreign code present apart from interface definitions (which will be used to mock everything), so putting all code together into a mixture of repos with branches checked out usually is an invitation for writing code that isn't cleanly separated.
If any of these packages is already done (I'd say "good enough"), tag it and depend on that version instead of a branch. You can always release new versions if you find bugs or want to add new features.
I have written a library that I want to use in another project. However, when I add the library dependency to my project I get the following error after running composer update -vvv:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for my/library dev-master -> satisfiable by my/library[dev-master].
- my/library dev-master requires doctrine/migrations dev-master -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
This error is very confusing to me since my project has my library as it's only dependency, i.e. my project composer.json looks like this:
{
"name": "my/project",
"type": "project",
"description": "My project",
"autoload": {
"psr-0": { "MyNamespace\\": ["src/", "tests/src/"] }
},
"repositories": [ {
"type": "vcs",
"url": "git#bitbucket.org:my/library"
} ],
"require": {
"php": ">=5.5",
"my/library": "dev-master"
},
"require-dev": {
"phpunit/phpunit": "3.*"
}
}
As you can see, pretty straight forward. The reason the version of my library is requiring dev-master is because master is currently the only branch I work on (I work alone, no need for other branches at the moment).
So far the only way for the resolve this problem is by adding the dependencies of my library composer.json to my project's composer.json which seems like an unnecessary step.
How can I resolve this dependency issue?
It looks to me as if it is a stability issue. Add the following two lines to your composer.json:-
"minimum-stability": "dev",
"prefer-stable": true,
ref:- minimum-stability & prefer-stable
Hopefully that will sort out your problem.
I have a library foo/foo-lib which requires a specific commit from GitHub:
{
"name": "foo/foo-lib",
"repositories": [
{
"type": "vcs",
"url": "https://github.com/KnpLabs/Gaufrette.git"
}
],
"require": {
"knplabs/gaufrette": "dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e"
}
}
and it works fine:
$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Updating knplabs/gaufrette dev-master (2633721 => 2633721)
Checking out 2633721877cae79ad461f3ca06f3f77fb4fce02e
Generating autoload files
but when I require that library in other project:
{
"name": "bar/bar-app",
"repositories": [
{
"type": "vcs",
"url": "ssh://git.example.com/foo-lib"
}
],
"require-dev": {
"foo/foo-lib": "dev-master"
}
}
it yields dependency error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for foo/foo-lib dev-master -> satisfiable by foo/foo-lib[dev-master].
- foo/foo-lib dev-master requires knplabs/gaufrette dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e -> no matching package found.
So my question is: how to correctly require the specific commit from GitHub in my library, so that it would be available in dependent packages?
You'll have to explicitly require the Gaufrette library at that hash, with a dev flag, in both your library and your application. Something like this should work in the application composer.json:
{
"name": "bar/bar-app",
"repositories": [
{
"type": "vcs",
"url": "ssh://git.example.com/foo-lib"
}
],
"require-dev": {
"foo/foo-lib": "dev-master",
"knplabs/gaufrette": "dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e"
}
}
From the documentation:
If one of your dependencies has a dependency on an unstable package
you need to explicitly require it as well, along with its sufficient
stability flag.
The documentation also suggests that you'll need to include the repository for Gaufrette in your bar/bar-app Composer file, though it sounds like this wasn't necessary in this case. I'm not sure why.
Here is how you do it on the command line:
composer update knplabs/gaufrette:dev-master#2633721 --with-dependencies
You don't have to use the whole hash, a hash seven characters long seems to dothe trick. As mentioned above, your project will need to support dev - which it will complain about if not already set. Also, use --with-dependencies to get any dependencies of the one you are updating.
If you're making changes for a Git Repository by forking make sure that you use the
The package name is actually defined in the package's own composer.json file - so even though I'd forked the package to my own joshuapaling github account, and the package was now residing at the URL https://github.com/joshuapaling/Cake-Resque.git, that had not influenced the package's name at all, from composers perspective.
A stupid error - but I'm new to composer, and it wasn't clear at first! So, I hope this helps someone else with the same problem.
I have the following json configs for composer.phar. Unfortunately, I get this error, and I don't understand why:
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for myproject/cmsapp dev-master -> satisfiable by myproject/cmsapp[dev-master].
- myproject/cmsapp dev-master requires zendframework/zendframework dev-master -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.
cms config:
{
"name": "myproject\/cms",
"description": "myproject CMS Tool",
"license": "GPL",
"keywords": [
"myproject",
"cms",
"framework",
"zf2"
],
"homepage": "http:\/\/avadon.com\/myproject\/cms\/",
"require": {
"php": ">=5.3.3",
"myproject/cmsapp": "dev-master"
},
"repositories": {
"myproject/cmsapp": {
"type": "git",
"url": "https:\/\/github.com\/myproject\/cmsapp.git"
}
}
}
cmsapp config:
{
"name": "myproject/cmsapp",
"repositories": {
"zendframework/zendframework": {
"type": "git",
"url": "https://github.com/zendframework/zf2.git"
}
},
"require": {
"php": ">=5.3.3",
"zendframework/zendframework" : "dev-master"
}
}
Can anyone try and explain to me this error?
You are using a software from a development branch. This will only be allowed if you configure your composer.json to accept development software. Usually you shouldn't do this.
Especially including the development branch from Zend framework is likely to break your software more than once if large enough updates occur. If you want the latest and greatest, you'd still have to call composer update all the time to fetch the newest commits, so it's less error-prone to simply require something like "2." for "any version 2 framework", or maybe even stricter "2.3." for a released, working version of the 2.3 version line.
The same would be true for your own software - do tag it!
But if you want to experience unintentional software incompatibilities yourself, you can add a "minimum-stability":"dev" to your cms config's composer.json and include all development versions of the world.