#54695 closed task (blessed) (fixed)
CI: always use `--no-interaction` flag for Composer commands
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 6.1 | Priority: | normal |
| Severity: | normal | Version: | 5.9 |
| Component: | Build/Test Tools | Keywords: | has-patch commit |
| Focuses: | Cc: |
Description
All Composer commands used in CI should use --no-interaction to prevent them hanging in case interaction is expected.
Also see: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution
Change History (35)
This ticket was mentioned in PR #2084 on WordPress/wordpress-develop by jrfnl.
4 years ago
#1
- Keywords has-patch added
#2
@
4 years ago
GitHub PR 2084 addresses this issue.
Note: this issue is sideways related to #54686.
#3
follow-ups:
↓ 4
↓ 5
@
4 years ago
FYI: there's some discussion going on about whether an env variable should be set in the setupPHP action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
#4
in reply to:
↑ 3
@
4 years ago
Replying to jrf:
FYI: there's some discussion going on about whether an env variable should be set in the
setupPHPaction, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
Thanks! Holding off the commit for now based on that discussion.
#5
in reply to:
↑ 3
@
4 years ago
- Milestone 5.9 deleted
- Resolution set to reported-upstream
- Status changed from new to closed
Replying to jrf:
FYI: there's some discussion going on about whether an env variable should be set in the
setupPHPaction, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
https://github.com/shivammathur/setup-php/pull/547 was merged with an env var used in setupPHP and --no-interaction removed from the Composer commands. Looking at the merged fix:
By default,
COMPOSER_NO_INTERACTIONis set to1andCOMPOSER_PROCESS_TIMEOUTis set to0. In effect, this means that Composer commands in your scripts do not need to specify--no-interaction.
Closing this ticket as the change is unnecessary. Marking it as reported upstream as it was fixed there.
#6
follow-up:
↓ 7
@
4 years ago
- Milestone set to 6.0
- Resolution reported-upstream deleted
- Status changed from closed to reopened
Hmmm... I'm don't think the ticket should be closed (yet) as the issue in the WP builds has not been fixed (yet), though moving it to 6.0 is fine of course.
At this time, there is no upstream release available containing the upstream patch, so my patch is still an option.
Once a release from upstream has been tagged, we still won't benefit from it automatically as all actions used in the CI scripts are locked to a specific commit hash (for security).
So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:
- Review the new release once tagged.
- Update the commit hash of the action in all CI scripts.
- Remove any
--no-interactionarguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).
And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.
With that in mind, I'm re-opening.
#7
in reply to:
↑ 6
@
4 years ago
Replying to jrf:
So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:
- Review the new release once tagged.
- Update the commit hash of the action in all CI scripts.
- Remove any
--no-interactionarguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.
Looks like the upstream fix was included in setup-php 2.17.0 released on February 8, so these action steps can now be addressed.
This ticket was mentioned in Slack in #core by costdev. View the logs.
4 years ago
#9
@
4 years ago
- Milestone changed from 6.0 to 6.1
Per the discussion in the bug scrub, I'm moving this ticket to the 6.1 milestone.
@jrf Does PR 2084 implement all of the action steps, or does it need more work?
#10
@
4 years ago
From Juliette's comment on Slack:
- The current PR does the opposite of what would now be needed.
- I haven't kept an eye on whether the predefined GH Actions action runners have been updated in the workflows used by WP recent months or not.
- If so: the commit should be checked if the update of the action runner for
setup-phpalso removed the--no-interactionCLI args for Composer commands. - If not, that should probably be addressed as part of the ticket which updated the action runner and this ticket should be closed.
- If the action runners have not been updated for a while, now would be a good time.
This ticket was mentioned in PR #3333 on WordPress/wordpress-develop by desrosj.
3 years ago
#11
This is now configured by default in the setup-php action.
See https://github.com/shivammathur/setup-php/releases/tag/2.17.0.
Trac ticket: https://core.trac.wordpress.org/ticket/54695
#12
@
3 years ago
- Keywords commit added
- Owner set to desrosj
- Status changed from reopened to reviewing
The setup-php version has been at the needed version (2.17.0) since [53112], and at the latest version (currently 2.21.2) since [53940].
I've created a PR that removes all instances of --no-interaction from commands. The setup-php action now sets the COMPOSER_NO_INTERACTION environment variable to 1 by default, so this option is no longer needed.
3 years ago
#14
This Trac ticket was addressed in https://core.trac.wordpress.org/changeset/54313.
3 years ago
#15
Merged into Core in https://core.trac.wordpress.org/changeset/54313.
Adding
--no-interactionto "plain" Composer commands to potentially prevent CI hanging if, for whatever reason, interaction would be needed in the future.Trac ticket: https://core.trac.wordpress.org/ticket/54695