Make WordPress Core

Opened 3 years ago

Closed 2 years ago

Last modified 19 months ago

#54695 closed task (blessed) (fixed)

CI: always use `--no-interaction` flag for Composer commands

Reported by: jrf's profile jrf Owned by: desrosj's profile desrosj
Milestone: 6.1 Priority: normal
Severity: normal Version: 5.9
Component: Build/Test Tools Keywords: has-patch commit
Focuses: Cc:

Description

All Composer commands used in CI should use --no-interaction to prevent them hanging in case interaction is expected.

Also see: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution

Change History (35)

This ticket was mentioned in PR #2084 on WordPress/wordpress-develop by jrfnl.


3 years ago
#1

  • Keywords has-patch added

Adding --no-interaction to "plain" Composer commands to potentially prevent CI hanging if, for whatever reason, interaction would be needed in the future.

Trac ticket: https://core.trac.wordpress.org/ticket/54695

#2 @jrf
3 years ago

GitHub PR 2084 addresses this issue.

Note: this issue is sideways related to #54686.

#3 follow-ups: @jrf
3 years ago

FYI: there's some discussion going on about whether an env variable should be set in the setupPHP action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547

#4 in reply to: ↑ 3 @SergeyBiryukov
3 years ago

Replying to jrf:

FYI: there's some discussion going on about whether an env variable should be set in the setupPHP action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547

Thanks! Holding off the commit for now based on that discussion.

#5 in reply to: ↑ 3 @hellofromTonya
3 years ago

  • Milestone 5.9 deleted
  • Resolution set to reported-upstream
  • Status changed from new to closed

Replying to jrf:

FYI: there's some discussion going on about whether an env variable should be set in the setupPHP action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547

https://github.com/shivammathur/setup-php/pull/547 was merged with an env var used in setupPHP and --no-interaction removed from the Composer commands. Looking at the merged fix:

By default, COMPOSER_NO_INTERACTION is set to 1 and COMPOSER_PROCESS_TIMEOUT is set to 0. In effect, this means that Composer commands in your scripts do not need to specify --no-interaction.

Closing this ticket as the change is unnecessary. Marking it as reported upstream as it was fixed there.

#6 follow-up: @jrf
3 years ago

  • Milestone set to 6.0
  • Resolution reported-upstream deleted
  • Status changed from closed to reopened

Hmmm... I'm don't think the ticket should be closed (yet) as the issue in the WP builds has not been fixed (yet), though moving it to 6.0 is fine of course.

At this time, there is no upstream release available containing the upstream patch, so my patch is still an option.

Once a release from upstream has been tagged, we still won't benefit from it automatically as all actions used in the CI scripts are locked to a specific commit hash (for security).

So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:

  1. Review the new release once tagged.
  2. Update the commit hash of the action in all CI scripts.
  3. Remove any --no-interaction arguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).

And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.

With that in mind, I'm re-opening.

#7 in reply to: ↑ 6 @SergeyBiryukov
3 years ago

Replying to jrf:

So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:

  1. Review the new release once tagged.
  2. Update the commit hash of the action in all CI scripts.
  3. Remove any --no-interaction arguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).

And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.

Looks like the upstream fix was included in setup-php 2.17.0 released on February 8, so these action steps can now be addressed.

This ticket was mentioned in Slack in #core by costdev. View the logs.


2 years ago

#9 @costdev
2 years ago

  • Milestone changed from 6.0 to 6.1

Per the discussion in the bug scrub, I'm moving this ticket to the 6.1 milestone.

@jrf Does PR 2084 implement all of the action steps, or does it need more work?

#10 @costdev
2 years ago

From Juliette's comment on Slack:

  • The current PR does the opposite of what would now be needed.
  • I haven't kept an eye on whether the predefined GH Actions action runners have been updated in the workflows used by WP recent months or not.
  • If so: the commit should be checked if the update of the action runner for setup-php also removed the --no-interaction CLI args for Composer commands.
  • If not, that should probably be addressed as part of the ticket which updated the action runner and this ticket should be closed.
  • If the action runners have not been updated for a while, now would be a good time.

This ticket was mentioned in PR #3333 on WordPress/wordpress-develop by desrosj.


2 years ago
#11

This is now configured by default in the setup-php action.

See https://github.com/shivammathur/setup-php/releases/tag/2.17.0.

Trac ticket: https://core.trac.wordpress.org/ticket/54695

#12 @desrosj
2 years ago

  • Keywords commit added
  • Owner set to desrosj
  • Status changed from reopened to reviewing

The setup-php version has been at the needed version (2.17.0) since [53112], and at the latest version (currently 2.21.2) since [53940].

I've created a PR that removes all instances of --no-interaction from commands. The setup-php action now sets the COMPOSER_NO_INTERACTION environment variable to 1 by default, so this option is no longer needed.

#13 @desrosj
2 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 54313:

Build/Test Tools: Remove unnecessary --no-interaction option from Composer commands.

As of version 2.17.0 of the shivammathur/setup-php action, the COMPOSER_NO_INTERACTION environment variable is configured by default. —-no-interaction will always be used.

Props jrf, hellofromTonya, SergeyBiryukov, costdev, desrosj.
Fixes #54695.

desrosj commented on PR #2084:


2 years ago
#14

This Trac ticket was addressed in https://core.trac.wordpress.org/changeset/54313.

#16 @jrf
2 years ago

Thanks for sorting this @desrosj !

#17 @desrosj
19 months ago

In 55516:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.

Merges [53736], [53737], [53940], [53947], [54039], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.9 branch.
See #55652, #56407, #54695, #56820, #56816, #56793, #56820, #57572.

#18 @desrosj
19 months ago

In 55517:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#19 @desrosj
19 months ago

In 55518:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#20 @desrosj
19 months ago

In 55519:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.6 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#21 @desrosj
19 months ago

In 55520:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.5 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#22 @desrosj
19 months ago

In 55521:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.4 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#23 @desrosj
19 months ago

In 55522:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.3 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#24 @desrosj
19 months ago

In 55523:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.2 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#25 @desrosj
19 months ago

In 55524:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 5.1 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#26 @desrosj
19 months ago

In 55525:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 5.0 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#27 @desrosj
19 months ago

In 55527:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.9 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#28 @desrosj
19 months ago

In 55528:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#29 @desrosj
19 months ago

In 55529:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.7 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#30 @desrosj
19 months ago

In 55530:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.6 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#31 @desrosj
19 months ago

In 55531:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.5 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#32 @desrosj
19 months ago

In 55532:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.4 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#33 @desrosj
19 months ago

In 55533:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.3 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#34 @desrosj
19 months ago

In 55534:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.2 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

#35 @desrosj
19 months ago

In 55535:

Build/Test Tools: Backport updates to GitHub Actions.

This backports several changesets to GitHub Actions workflows. These changesets:

  • address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
  • adds support for automatically retrying a failed workflow once.
  • removes workflow files that are not applicable to the branch.
  • backports some Docker environment related tooling updates for the sake of consistency across branches.

Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54650], [54651], [54674], [54750], [54852], [55152], [54651], [55487] to the 4.1 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.

Note: See TracTickets for help on using tickets.