History: Composer Dependencies not on Packagist
Source of version: 26 (current)
Copy to clipboard
^ Solution: we picked https://asset-packagist.org/ The rest of this page is kept for posterity. ^ Goal: Discuss and determine a long term solution for managing dependencies that are not on Packagist.org !! Context * Tiki uses ((Composer)) to manage dependencies. * Tiki hosts a Satis instance at: https://composer.tiki.org/ * Problem: not everything Tiki uses is available on [http://Packagist.org|Packagist.org] and this forces us to maintain a long list at https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/doc/devtools/satis.json * We want to get the code from the source, and avoid any 3rd parties (for security and timely updates) !! Requirements !!! Essential * Needs to work with Satis: https://composer.tiki.org/ * Take advantage of Semantic Versioning / [https://blog.versioneye.com/2015/09/20/composer-stability-flags/|Composer Stability Flags] * Not having to install NodeJS and NPM !! Nice to have * Supported by VersionEye: https://blog.versioneye.com/2015/09/20/support-for-composer-asset-plugin/ !! Note * We should still try to get packages on Packagist.org because ** The more the libs are visible and used, the better the odds for improved support !! Options * https://asset-packagist.org * https://github.com/hiqdev/composer-asset-plugin * https://github.com/php-kit/composer-bower-plugin * https://packagist.org/packages/fxp/composer-asset-plugin * https://packagist.org/packages/beelab/bowerphp ** Mentioned here: http://symfony.com/doc/current/frontend/bower.html * use bower through node & npm (which we want to avoid) !! Pros & Cons Support List || | composer-asset-plugin|composer-bower|bower through node & npm is single command| | | no is php only|yes| | no works with Satis| | | supports Semantic Versioning / Composer Stability Flags| | | adds values in composer.json automatically|no| | adds values in installed.json automatically|yes| | || !! Suggests for libraries that we can influence We have to offer ready to use and compiled files to packagist. But some developers don't like to place these files with source code, because it can generate a lot conflicts when working as a team. A very nice solution is to use Travis to build from source and upload files to release section on github. The following -+ .travis.yml +- generate a jar file and upload it to github. * https://github.com/fabiomontefuscolo/openfire-tikitoken/blob/master/.travis.yml !! Examples of libs unavailable from Packagist.org !!! Success * --https://github.com/fullcalendar/fullcalendar/issues/2999-- solved https://packagist.org/packages/fullcalendar/ * --https://github.com/Mottie/tablesorter/issues/1355-- solved https://packagist.org/packages/mottie/tablesorter !!! Requests These are in various states (in process, blocked by technical issue, or ignored) * https://github.com/cozy/ViewerJS/issues/1 * https://github.com/SVG-Edit/svgedit/pull/174 * https://github.com/Spreadsheets/WickedGrid/issues/4 * https://github.com/openannotation/annotator/pull/661 * https://github.com/harvesthq/chosen/pull/2803 * https://github.com/openlayers/ol2/issues/1514 * https://github.com/mozilla/pdf.js/pull/9349 (see also https://yarnpkg.com/en/package/pdfjs-dist ) ** https://asset-packagist.org/package/search?query=pdf.js&platform=bower%2Cnpm !!! Refused * https://github.com/codemirror/CodeMirror/issues/1930 ** So maybe via https://asset-packagist.org/package/search?query=codemirror&platform=bower%2Cnpm !! Related links * ((VersionEye)) * ((Composer))