It’s possible to enable patching of dependencies, but it still requires the developer to be aware that the patches are required. That means that if a Drupal module requires a specific patch in another library, it won’t be applied. You still have to fork some projectsīy default, applying patches is a root-only configuration in composer.json. However, it was concerning that this was our solution so much of the time when we couldn’t quickly find a root cause. On the one hand, at least this was an option to get things up and running. Several times a week developers on our team would report having to do the same on their locals. For a long time we had an rm in our CI build scripts even though we were trying to improve build performance by caching vendor code. When patches fail to apply correctly, it can sometimes leave local vendor code in a broken state. Faith in rm -rf vendor web/core web/modules/contrib This can be especially tricky in situations where a security advisory has been published, and you’re under time pressure to get a release out the door. When an upstream release occurs, or a patch is merged, the whole process starts over. Then, a new patch has to be generated and included in composer.json. You have to apply one patch, and then apply each successive patch resolving conflicts at each step. If patches conflict with each other, resolving the conflicts is a lot of work. For example, on a recent Drupal 8 site we launched, we floated between 5 to 10 patches to Drupal core itself (with the actual set of patches changing over time). Some sites may require multiple patches to the same module or library. There’s an open issue to rewrite patching in PHP for composer-patches, which is a big undertaking. Trying to script these programs for use across the broad spectrum of systems is nearly impossible. For example, git apply has had many subtle changes over the years that break expectations when users are running old versions. Patch tools themselves ( git apply and patch) don’t have great APIs for programs to use. There was a configuration option we could set to override this, but it was many hours of debugging to figure it out. For example, we ran into a situation where a Drupal core Migrate patch that only added new files was being added to the wrong directory. While the widespread adoption of git has improved things, proper prefix detection is tricky. It’s a fact of life that different projects have different patch standards. ![]() “Just apply the patch” assumes consistent patch formatting Even if composer were modified to detect the change and rebuild the project’s dependency tree, that is a slow process and would impact composer update even more. Since composer-patches can only react to code after it’s installed it can’t see the updated require line in the module’s composer.json. For example, we needed to update the kevinrob/guzzle-cache-middleware library in the guzzle_cache module so we could use PHPUnit 6. Typically this is when a new API is added that the project now requires. Sometimes, a change to a library or module also requires changes to that project’s composer.json file. ❗ Note that we originally did this investigation in June of 2018, so some of these issues may be different or may be fixed today. However, when that time came, our team ran into several edge cases. My first Drupal 8 work was building a suite of modules and not whole sites, so it was a while until I actually used it day-by-day. I’m sure I wasn’t the only one who searched for “composer patches” and immediately found the composer-patches plugin. This left applying patches in a tricky place. Instead, these are left out of the site repository and installed with composer install instead. With Drupal 8’s adoption of Composer for site builds, not only did the number of third-party dependencies increase but a new best practice came along: /vendor (and by extension, /core and /modules/contrib) should not be committed to git. A variety of approaches came up for keeping track of the applied patches, such as a /patches directory containing copies of each patch or using drush make. Since we would commit Drupal modules to a site’s git repository, we could directly apply patches to the code and commit them. In Drupal 7, there was a fairly standard approach to this. So how do we get these changes onto sites before they’re released upstream? ![]() As PHP and JavaScript developers, our team deals with in-development bugs and new features daily. One of the significant advantages of using free and open-source software is the ability to fix bugs without being dependent on external teams or organizations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |