Add "provide" information to composer.json #330
Conversation
|
Maybe |
|
From what I understand this solution doesn't deal with problems 1 and 3 from the bullet list. Since this plugin is replaced by foxy And bower is on its way out since 2017 I think the best solution for problem 2 is to remove bower altogether from this plugin and asset packagist. It will also give new room for solutions on mapping npm scoped packages. by having packages names like org-scope/package-name. As for Drupal I can't envision a proper solution to the third party asset management that doesn't involve adding a new packagist repo for npm assets on the composer template or adding assets to the Drupal packagist endpoint mirroring those on npm (like asset packagist). I think the latest is very unlikely since it involves The Drupal association. In general I feel people don't care about managing their frontend libraries with composer because their frontend people already uses other tools on the theme like webpack but I feel this problems needs to be resolved for contrib modules that rely on third party libraries. I'm at Drupal Dev Days Cluj, I will try to find you by asking on the pronovix desk and discuss further :) |
|
One of the primary issues is that composer was designed to be only a php dependency resolution tool, and in was never intended to be a generalized build tool that accounts for things like additional, non-php dependencies and assets that would be required for web frameworks. The requirements around how that should be managed have never really been fully articulated. Are we talking about frontend libraries or not, and are we considering just 'add this extra library - download this file from this url and place it in this spot in the filesystem' OR do we also need something robust like a true dependency calculation ("swagger-ui/swagger-ui-implementation": "^3.2",). Once we know what all the needs and wants are (and there are many, they've been piling up for a few years now), then we (The Drupal Association) can work on implementing a holistic solution that takes these kinds of assets into account. |
|
@mxr576 @ryanaslett You can read my comment in the issue drupal-composer/drupal-project#278. @rodrigoaguilera You were faster than me to answer :-) |
|
@ryanaslett Thank you for you comment here. It's great to know that someone from the Drupal association is aware of this issues :) I feel the focus should be about having better dependency management at least for the libraries at I don't want to pollute this project anymore. Where do you think is better to discuss this issues? |
|
Thanks for the quick reactions!
The "swagger-ui/swagger-ui-implementation" deals with 1-3 in a way that it adds Swagger UI as an actual dependency to our Drupal module but it does not specify any expectation about how and from where the Swagger UI gets installed. It could be added from its original GH repo with GIT subtree and registered as a package or installed from
Yes, you are right and this was the right decision from the Composer creators.
This is much like what the Libraries module did in Drupal 7 and it tries to do in Drupal 8, but there is no stable yet. Although, this module and this approach still do not solve the problem from the dependency management point of view. The Libraries module, just like our This PR only tries to introduce a pattern for common virtual package name for assets tries to solve the dependency problem. These virtual packages could be used to ensure someone/something has already installed an asset dependency before a Drupal module/theme gets installed. (Yes, it does not solve that currently there is no defacto standard in Drupal 8 for asset locations.) @rodrigoaguilera I understand this whole situation is not a problem of this library, but if this library and with that the asset-packagist.org repository does not start shipping these virtual package definitions we won't be able to build a standard around this. This functionality could be shipped by https://packages.drupal.org, but I do agree that it already does too much work and adding assets to that repo would just increase the problem in that end.
I completely agree with this but this would not solve the problem that this PR tries to solve. Sorry for polluting this project with problems of the Drupal community. This PR probably never be merged, but these conversations around it could help to solve this problem somewhere/somehow in a closer future :) |
Btw, as it used to be in Drupal ;-), "there is a module for that": https://www.drupal.org/project/vendor_stream_wrapper |
francoispluchino
force-pushed
the
master
branch
2 times, most recently
from
9a06cec
to
886ece0
Compare
Hi, first, thanks for this excellent library. Without this, I guess https://asset-packagist.org/ would not exist. :) 90% of the time I am working with Drupal, I am not sure whether you have heard about Drupal before. There is a problem that my colleagues and I are trying to solve, and I guess we are not the only one who is facing this problem day by day in the Drupal community. I also think we are not the only one with this problem in the PHP world, other frameworks, like Symfony, Yii could have the same problem.
Intro
In Drupal, we have smaller building blocks (libraries) called "modules" and "themes". A module could provide additional functionalities if it is enabled. A theme could change the look and feel of a site. Since Drupal 8, Drupal uses Composer to manage dependencies. Every Drupal module and theme could define its dependencies in its composer.json and Composer resolves them when a module or theme get installed. Drupal also has its "own Packagist" for Drupal components.
A Drupal module/theme could have external Javascript dependencies that should be installed by Composer. At this moment, the majority of the Drupal community has a preferred way to install JS dependencies. They register the asset-packagist in a Drupal installation's root composer.json and pulls dependencies from there although there are other possible options to install a JS dependency, like using the VCS or the path repository providers, etc.
Problem
We have a module that uses the Swagger UI library to render API specification in Drupal: https://github.com/Pronovix/swagger_ui_formatter. This module does not work if the library is not installed. We added sanity checks that validate in Drupal whether the library is available although it would be great if we could add the Swagger UI as an actual (Composer) dependency to the module.
Currently, we only have the following option: Add
npm-asset/swagger-uiorbower-asset/swagger-uias a dependency to our module. This could ensure when the module gets installed, the Swagger UI library also gets installed with it, but this solution could cause other problems:The requested package bower-asset/swagger-ui could not be found in any version, there may be a typo in the package name.If someone did not read our module's install steps that detail the asset-packagist repo has to be registered first (developers always read documentation ;P) then the developer stuck with the installation process and probably s/he will send a new bug report to our GH issue queue.bower-asset/swagger-uito our module's requirement, it could also happen that someone installs another module that requiresnpm-asset/swagger-ui. What happens? Best case, the same JS library gets installed to the same place twice, the later dependency overrides the files installed by the earlier one. Worst case, dependency hell.Proposed solution
If composer.json-s generated by asset-packagist would contain information about virtual packages that a certain JS package is compatible with, we could depend on the virtual package in Drupal modules/themes and we would not need to care about how and where a JS dependency gets installed.
This PR adds the following information to the
bower-asset/swagger-ui's composer.json:With this information in place, we could add: