#54695 closed task (blessed) (fixed)
CI: always use `--no-interaction` flag for Composer commands
Reported by: | jrf | Owned by: | desrosj |
---|---|---|---|
Milestone: | 6.1 | Priority: | normal |
Severity: | normal | Version: | 5.9 |
Component: | Build/Test Tools | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
All Composer commands used in CI should use --no-interaction
to prevent them hanging in case interaction is expected.
Also see: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution
Change History (35)
This ticket was mentioned in PR #2084 on WordPress/wordpress-develop by jrfnl.
3 years ago
#1
- Keywords has-patch added
#2
@
3 years ago
GitHub PR 2084 addresses this issue.
Note: this issue is sideways related to #54686.
#3
follow-ups:
↓ 4
↓ 5
@
3 years ago
FYI: there's some discussion going on about whether an env variable should be set in the setupPHP
action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
#4
in reply to:
↑ 3
@
3 years ago
Replying to jrf:
FYI: there's some discussion going on about whether an env variable should be set in the
setupPHP
action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
Thanks! Holding off the commit for now based on that discussion.
#5
in reply to:
↑ 3
@
3 years ago
- Milestone 5.9 deleted
- Resolution set to reported-upstream
- Status changed from new to closed
Replying to jrf:
FYI: there's some discussion going on about whether an env variable should be set in the
setupPHP
action, which could make this unnecessary: https://github.com/shivammathur/setup-php/pull/547
https://github.com/shivammathur/setup-php/pull/547 was merged with an env var used in setupPHP
and --no-interaction
removed from the Composer commands. Looking at the merged fix:
By default,
COMPOSER_NO_INTERACTION
is set to1
andCOMPOSER_PROCESS_TIMEOUT
is set to0
. In effect, this means that Composer commands in your scripts do not need to specify--no-interaction
.
Closing this ticket as the change is unnecessary. Marking it as reported upstream as it was fixed there.
#6
follow-up:
↓ 7
@
3 years ago
- Milestone set to 6.0
- Resolution reported-upstream deleted
- Status changed from closed to reopened
Hmmm... I'm don't think the ticket should be closed (yet) as the issue in the WP builds has not been fixed (yet), though moving it to 6.0 is fine of course.
At this time, there is no upstream release available containing the upstream patch, so my patch is still an option.
Once a release from upstream has been tagged, we still won't benefit from it automatically as all actions used in the CI scripts are locked to a specific commit hash (for security).
So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:
- Review the new release once tagged.
- Update the commit hash of the action in all CI scripts.
- Remove any
--no-interaction
arguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).
And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.
With that in mind, I'm re-opening.
#7
in reply to:
↑ 6
@
3 years ago
Replying to jrf:
So if we want to wait for the upstream fix before resolving this issue, the actions steps would be:
- Review the new release once tagged.
- Update the commit hash of the action in all CI scripts.
- Remove any
--no-interaction
arguments which already exist in Composer commands in the scripts to clean them up (as those are no longer needed).And then preferably commit the changes for 2+3 in one commit so it is well-documented/obvious for the next person why the arguments were removed.
Looks like the upstream fix was included in setup-php 2.17.0 released on February 8, so these action steps can now be addressed.
This ticket was mentioned in Slack in #core by costdev. View the logs.
2 years ago
#9
@
2 years ago
- Milestone changed from 6.0 to 6.1
Per the discussion in the bug scrub, I'm moving this ticket to the 6.1 milestone.
@jrf Does PR 2084 implement all of the action steps, or does it need more work?
#10
@
2 years ago
From Juliette's comment on Slack:
- The current PR does the opposite of what would now be needed.
- I haven't kept an eye on whether the predefined GH Actions action runners have been updated in the workflows used by WP recent months or not.
- If so: the commit should be checked if the update of the action runner for
setup-php
also removed the--no-interaction
CLI args for Composer commands. - If not, that should probably be addressed as part of the ticket which updated the action runner and this ticket should be closed.
- If the action runners have not been updated for a while, now would be a good time.
This ticket was mentioned in PR #3333 on WordPress/wordpress-develop by desrosj.
2 years ago
#11
This is now configured by default in the setup-php
action.
See https://github.com/shivammathur/setup-php/releases/tag/2.17.0.
Trac ticket: https://core.trac.wordpress.org/ticket/54695
#12
@
2 years ago
- Keywords commit added
- Owner set to desrosj
- Status changed from reopened to reviewing
The setup-php
version has been at the needed version (2.17.0) since [53112], and at the latest version (currently 2.21.2) since [53940].
I've created a PR that removes all instances of --no-interaction
from commands. The setup-php
action now sets the COMPOSER_NO_INTERACTION
environment variable to 1
by default, so this option is no longer needed.
2 years ago
#14
This Trac ticket was addressed in https://core.trac.wordpress.org/changeset/54313.
2 years ago
#15
Merged into Core in https://core.trac.wordpress.org/changeset/54313.
Adding
--no-interaction
to "plain" Composer commands to potentially prevent CI hanging if, for whatever reason, interaction would be needed in the future.Trac ticket: https://core.trac.wordpress.org/ticket/54695