Check missing-from-lock-file required packages when running install and fail when there are any (#11195)

2022-12-16 16:48:24 +01:00 · 2022-12-16 16:48:24 +01:00 · 6d1b36be3b
parent b1f3f8b8fa
commit 6d1b36be3b
6 changed files with 71 additions and 43 deletions
--- a/phpstan/baseline.neon
+++ b/phpstan/baseline.neon
@ -1020,21 +1020,11 @@ parameters:
 			count: 1
 			path: ../src/Composer/Command/UpdateCommand.php

-		-
-			message: "#^Only booleans are allowed in a negated boolean, array\\<Composer\\\\Package\\\\BasePackage\\> given\\.$#"
-			count: 1
-			path: ../src/Composer/Command/ValidateCommand.php
-
 		-
 			message: "#^Only booleans are allowed in an elseif condition, array\\<string\\> given\\.$#"
 			count: 3
 			path: ../src/Composer/Command/ValidateCommand.php

-		-
-			message: "#^Only booleans are allowed in an if condition, array\\<Composer\\\\Package\\\\BasePackage\\> given\\.$#"
-			count: 1
-			path: ../src/Composer/Command/ValidateCommand.php
-
 		-
 			message: "#^Only booleans are allowed in an if condition, array\\<string\\> given\\.$#"
 			count: 5
--- a/src/Composer/Command/ValidateCommand.php
+++ b/src/Composer/Command/ValidateCommand.php
@ -100,35 +100,7 @@ EOT
        }

        if ($locker->isLocked()) {
-            $missingRequirements = false;
-            $sets = [
-                ['repo' => $locker->getLockedRepository(false), 'method' => 'getRequires', 'description' => 'Required'],
-                ['repo' => $locker->getLockedRepository(true), 'method' => 'getDevRequires', 'description' => 'Required (in require-dev)'],
-            ];
-            foreach ($sets as $set) {
-                $installedRepo = new InstalledRepository([$set['repo']]);
-
-                foreach (call_user_func([$composer->getPackage(), $set['method']]) as $link) {
-                    if (PlatformRepository::isPlatformPackage($link->getTarget())) {
-                        continue;
-                    }
-                    if (!$installedRepo->findPackagesWithReplacersAndProviders($link->getTarget(), $link->getConstraint())) {
-                        if ($results = $installedRepo->findPackagesWithReplacersAndProviders($link->getTarget())) {
-                            $provider = reset($results);
-                            $lockErrors[] = '- ' . $set['description'].' package "' . $link->getTarget() . '" is in the lock file as "'.$provider->getPrettyVersion().'" but that does not satisfy your constraint "'.$link->getPrettyConstraint().'".';
-                        } else {
-                            $lockErrors[] = '- ' . $set['description'].' package "' . $link->getTarget() . '" is not present in the lock file.';
-                        }
-                        $missingRequirements = true;
-                    }
-                }
-            }
-
-            if ($missingRequirements) {
-                $lockErrors[] = 'This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.';
-                $lockErrors[] = 'Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md';
-                $lockErrors[] = 'and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require';
-            }
+            $lockErrors = array_merge($lockErrors, $locker->getMissingRequirementInfo($composer->getPackage(), true));
        }

        $this->outputResult($io, $file, $errors, $warnings, $checkPublish, $publishErrors, $checkLock, $lockErrors, true);
--- a/src/Composer/Installer.php
+++ b/src/Composer/Installer.php
@ -711,6 +711,13 @@ class Installer
                $this->io->writeError('<warning>Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run `composer update` or `composer update <package name>`.</warning>', true, IOInterface::QUIET);
            }

+            $missingRequirementInfo = $this->locker->getMissingRequirementInfo($this->package, $this->devMode);
+            if ($missingRequirementInfo !== []) {
+                $this->io->writeError($missingRequirementInfo);
+
+                return self::ERROR_LOCK_FILE_INVALID;
+            }
+
            foreach ($lockedRepository->getPackages() as $package) {
                $request->fixLockedPackage($package);
            }
--- a/src/Composer/Package/Locker.php
+++ b/src/Composer/Package/Locker.php
@ -15,7 +15,9 @@ namespace Composer\Package;
 use Composer\Json\JsonFile;
 use Composer\Installer\InstallationManager;
 use Composer\Pcre\Preg;
+use Composer\Repository\InstalledRepository;
 use Composer\Repository\LockArrayRepository;
+use Composer\Repository\PlatformRepository;
 use Composer\Util\ProcessExecutor;
 use Composer\Package\Dumper\ArrayDumper;
 use Composer\Package\Loader\ArrayLoader;
@ -496,4 +498,45 @@ class Locker

        return $datetime ? $datetime->format(DATE_RFC3339) : null;
    }
+
+    /**
+     * @return array<string>
+     */
+    public function getMissingRequirementInfo(RootPackageInterface $package, bool $includeDev): array
+    {
+        $missingRequirementInfo = [];
+        $missingRequirements = false;
+        $sets = [['repo' => $this->getLockedRepository(false), 'method' => 'getRequires', 'description' => 'Required']];
+        if ($includeDev === true) {
+            $sets[] = ['repo' => $this->getLockedRepository(true), 'method' => 'getDevRequires', 'description' => 'Required (in require-dev)'];
+        }
+
+        foreach ($sets as $set) {
+            $installedRepo = new InstalledRepository([$set['repo']]);
+
+            foreach (call_user_func([$package, $set['method']]) as $link) {
+                if (PlatformRepository::isPlatformPackage($link->getTarget())) {
+                    continue;
+                }
+                if ($installedRepo->findPackagesWithReplacersAndProviders($link->getTarget(), $link->getConstraint()) === []) {
+                    $results = $installedRepo->findPackagesWithReplacersAndProviders($link->getTarget());
+                    if ($results !== []) {
+                        $provider = reset($results);
+                        $missingRequirementInfo[] = '- ' . $set['description'].' package "' . $link->getTarget() . '" is in the lock file as "'.$provider->getPrettyVersion().'" but that does not satisfy your constraint "'.$link->getPrettyConstraint().'".';
+                    } else {
+                        $missingRequirementInfo[] = '- ' . $set['description'].' package "' . $link->getTarget() . '" is not present in the lock file.';
+                    }
+                    $missingRequirements = true;
+                }
+            }
+        }
+
+        if ($missingRequirements) {
+            $missingRequirementInfo[] = 'This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.';
+            $missingRequirementInfo[] = 'Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md';
+            $missingRequirementInfo[] = 'and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require';
+        }
+
+        return $missingRequirementInfo;
+    }
 }
--- a/tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock.test
+++ b/tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock.test
@ -1,5 +1,5 @@
 --TEST--
-Requirements from the composer file are not installed if the lock file is present
+Requirements from the composer file are not installed if the lock file is present, but fails on missing requirements
 --COMPOSER--
 {
    "repositories": [
@ -30,5 +30,13 @@ Requirements from the composer file are not installed if the lock file is presen
 }
 --RUN--
 install
+--EXPECT-OUTPUT--
+Installing dependencies from lock file (including require-dev)
+Verifying lock file contents can be installed on current platform.
+- Required package "newly-required/pkg" is not present in the lock file.
+This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.
+Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md
+and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require
+--EXPECT-EXIT-CODE--
+4
 --EXPECT--
-Installing required/pkg (1.0.0)
--- a/tests/Composer/Test/Fixtures/installer/root-requirements-do-not-affect-locked-versions.test
+++ b/tests/Composer/Test/Fixtures/installer/root-requirements-do-not-affect-locked-versions.test
@ -1,5 +1,5 @@
 --TEST--
-The locked version will not get overwritten by an install
+The locked version will not get overwritten by an install but fails on invalid packages
 --COMPOSER--
 {
    "repositories": [
@ -37,5 +37,13 @@ The locked version will not get overwritten by an install
 ]
 --RUN--
 install
+--EXPECT-OUTPUT--
+Installing dependencies from lock file (including require-dev)
+Verifying lock file contents can be installed on current platform.
+- Required package "foo/bar" is in the lock file as "1.0.0" but that does not satisfy your constraint "2.0.0".
+This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.
+Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md
+and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require
+--EXPECT-EXIT-CODE--
+4
 --EXPECT--
-Upgrading foo/baz (1.0.0 => 2.0.0)