Skip to content

build(dependencies): scope dependencies in lib/Vendor #2136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2025
Merged

build(dependencies): scope dependencies in lib/Vendor #2136

merged 2 commits into from
Nov 4, 2025
+2,041 −119

Conversation

@blizzz
Copy link
Member

@blizzz blizzz commented Nov 3, 2025

fixes #2133

Introduces php-scoper to scope our production dependencies (incl. its dependencies 🙃)

Pretty much close to what I described at https://arthur-schiwon.de/isolating-nextcloud-app-dependencies-php-scoper once upon a time, with a few adjustments.

  1. Added a script to update a list of production dependencies as well as committed that list. The idea here is to have a bit of overview when a prod dependency changes, including their sub-dependencies. A Github workflow as added to check this. We could do this on-the-fly, I'd prefer to be a bit defensive in the beginning.
  2. I had to change the bin plugin to be a production dependency for the full flow to work (similar in other repos). This one is ignored from scoping and also ignore from release building.

ℹ️ When running this branch, or after merging to main, a composer install [--no-dev] becomes necessary.

@blizzz blizzz added dependencies Pull requests that update a dependency file 3. to review Waiting for reviews 2. developing Work in progress and removed 3. to review Waiting for reviews labels Nov 3, 2025
@blizzz blizzz force-pushed the fix/2133/scoping branch 3 times, most recently from 024f391 to e2496ad Compare November 3, 2025 20:23
@blizzz blizzz added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Nov 3, 2025
enjeck
enjeck reviewed Nov 4, 2025
View reviewed changes
composer.json
Comment on lines +49 to +64
"post-install-cmd": [
"composer bin all install --ansi",
"vendor/bin/php-scoper add-prefix --force",
"@php .lib-vendor-organizer.php lib/Vendor/ OCA\\\\Tables\\\\Vendor",
"cat .scoper-production-dependencies | uniq | xargs -I {} rm -Rf vendor/{} # Remove origins",
"cat .scoper-production-dependencies | cut -d / -f1 | uniq | xargs -I {} rmdir vendor/{} || true # Remove empty directories",
"composer dump-autoload -o"
],
"post-update-cmd": [
"composer bin all update --ansi",
"vendor/bin/php-scoper add-prefix --force",
"@php .lib-vendor-organizer.php lib/Vendor/ OCA\\\\Tables\\\\Vendor",
"cat .scoper-production-dependencies | uniq | xargs -I {} rm -Rf vendor/{} # Remove origins",
"cat .scoper-production-dependencies | cut -d / -f1 | uniq | xargs -I {} rmdir vendor/{} || true # Remove empty directories",
"composer dump-autoload -o"
]
Copy link
Contributor

@enjeck enjeck Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At what point does one run these new commands? After installing any new library?

Copy link
Member Author

@blizzz blizzz Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with composer install and composer update, and effectively also with composer require and uninstall. Cf. https://getcomposer.org/doc/articles/scripts.md

Copy link
Contributor

@enjeck enjeck Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oooh, cool. What about for scoper:update-deps? When do I run it?

Copy link
Member Author

@blizzz blizzz Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After installing, updating or removing a dependency. But CI will also tell you.

enjeck
enjeck reviewed Nov 4, 2025
View reviewed changes
enjeck
enjeck reviewed Nov 4, 2025
View reviewed changes
blizzz added 2 commits November 4, 2025 21:07
@blizzz
build(dependencies): scope dependencies in lib/Vendor
9cbe308 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@blizzz
fix(php-scoper): make it php 8.4 compatible
159912f 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@blizzz blizzz requested a review from enjeck November 4, 2025 20:40
@enjeck enjeck merged commit bd5a265 into main Nov 4, 2025
69 checks passed
@enjeck enjeck deleted the fix/2133/scoping branch November 4, 2025 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Koc Koc Koc approved these changes

@enjeck enjeck enjeck approved these changes

@benjaminfrueh benjaminfrueh benjaminfrueh approved these changes

@susnux susnux Awaiting requested review from susnux

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@silverkszlo silverkszlo Awaiting requested review from silverkszlo

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Scope (at least phpoffice/phpspreadsheet) dependency/ies

5 participants

@blizzz @Koc @enjeck @benjaminfrueh