[ci] fix blocked plugins #1145
[ci] fix blocked plugins #1145
Conversation
jrushlow
added
Status: Needs Work
jrushlow
added
Status: Needs Review
.github/workflows/ci.yaml
Outdated
| @@ -135,6 +135,9 @@ jobs: | |||
| - name: "Add PHPUnit matcher" | |||
| run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |||
|
|
|||
| - name: "No Plugins" | |||
| run: composer global config --no-plugins allow-plugins.symfony/flex false | |||
There was a problem hiding this comment.
I think we DO want Flex enabled - iirc, we install it to get a performance boost.
|
Note the allow-plugins could simply always be in composer.json. And the flex require could also perhaps be in require-dev always but maybe not, not sure why you add it dynamically, I'll leave that up to you :) |
|
Thanks Jordi - as it turns out we don't need to require flex anymore. This was actually an artifact from the old TravisCI days where doing a global require flex provided a perf boost in CI. Just for reference in the future; if we were to explicitly add flex, or any other package, to our allow-plugins in composer.json, would this mean that when a user added our package to their composer project - the plugins that we allowed here would be inherited and in their allow list? Or would they also have to explicitly add flex (or xyz package) to their allow-plugins as well? Not sure if that makes sense. Either way glad we could help identify a bug on your end and remove some legacy config on our end. |
|
No every project is fully in charge of which plug-ins are run to ensure a dependency can't sneak one on you. |
Ref'd in composer/composer#10925
Since Composer
2.3.9unless you explicitly allow/disallow a plugin (flexin our case), an error is thrown (halts our CI run) before any tests are actually ran.