[Vtigercrm-developers] Composer
Prasad
prasad at vtiger.com
Sun Aug 15 17:19:04 GMT 2021
While working with RedBeanPHP, I found some advice on distancing
(runtime tight-coupling) with dynamic dependency management.
Arch Linux Incident
<https://sensorstechforum.com/arch-linux-aur-repository-found-contain-malware/>
and
more (read Composer section <https://redbeanphp.com/index.php?p=/install>)
Even with use of composer we will have the need to carefully
freeze the dependencies and optimize required files to reduce
the source file-size.
Regards,
Prasad
On Wed, Jul 28, 2021 at 11:47 AM Prasad <prasad at vtiger.com> wrote:
> Thank you all for sharing the feedback.
>
> Keep it coming.
>
> On Wed, Jul 28, 2021 at 10:23 AM nilay khatri <nilay.spartan at gmail.com>
> wrote:
>
>> My take:
>>
>> 1. Agree with Ruben let's start with some selected dependencies first,
>> which are currently actively maintained. I don't think we need to bundle
>> them with Vtiger.
>> 2. This is a general challenge. I am not fully aware, but cPanel for
>> example has been doing some work to introduce support for composer. In
>> general where composer is not available or you can not SSH, steps are
>> provided to setup locally and then upload the files via FTP. It is
>> generally well known thing to anyone who works on FTP only.
>> 3. The packages do not have standard format, one can put the files in src
>> other in dist as such there is no mechanism to do that. Moreover as per
>> composer philosophy, a package must contain all required tests, docs etc.
>> More on this here: https://github.com/composer/composer/issues/1750
>>
>> On Tue, Jul 27, 2021 at 11:12 PM Rubén A. Estrada Orozco <
>> rulotec1 at gmail.com> wrote:
>>
>>> Ok, I understand Parsad,
>>>
>>> I think we could proceed little by little. Moving only some well known
>>> libraries at first like PHPMailer which is actively being maintained.
>>> There are other libraries like CKFinder (if I recall the name correctly)
>>> which are still being used in vtiger but have been dead for a long time. I
>>> don't know what we should do about those. Find a replacement, I guess.
>>>
>>> About how it would work with commercial hosting companies. Maybe create
>>> a build with the dependent libraries already there, but move the libraries
>>> out of the code repository.
>>>
>>> About 3. I have no idea.
>>>
>>> Saludos
>>>
>>> Rubén
>>>
>>>
>>> On Tue, Jul 27, 2021 at 7:34 AM Prasad <prasad at vtiger.com> wrote:
>>>
>>>> Dear Ruben,
>>>>
>>>> There were many questions on the composer adoption for long-term:
>>>>
>>>> 1. Should we bundle the dependency (as they may vanish if not
>>>> maintained) or change rapidly
>>>> 2. How would composer work on hosting providers (who provide Cpanel
>>>> or FTP) based site management?
>>>> - Will two different builds - one-with and one-without
>>>> dependencies be maintained?
>>>> 3. Composer install brings in dependent docs/tests etc... Is there
>>>> a way to do optimal install?
>>>> - How to cut-down the size of package - can this be achieved?
>>>> Without this overall size of application zip will increase.
>>>>
>>>> This discussion thread was opened to gather feedback before planning
>>>> the way ahead.
>>>>
>>>> Regards,
>>>> Prasad
>>>>
>>>> On Tue, Jul 27, 2021 at 4:57 AM Rubén A. Estrada Orozco <
>>>> rulotec1 at gmail.com> wrote:
>>>>
>>>>> Composer was supposed to make it into 7.4.
>>>>> Would it be a priority for 7.5? I think this was one of the most voted
>>>>> changes when Uma asked for input for 7.4.
>>>>>
>>>>> Saludos
>>>>>
>>>>> Rubén
>>>>>
>>>>>
>>>>> On Fri, Jul 23, 2021 at 11:18 AM Prasad <prasad at vtiger.com> wrote:
>>>>>
>>>>>> Since we are talking about composer, what exactly do you want to do?
>>>>>>
>>>>>>
>>>>>> How would composer work on hosting providers (who provide Cpanel or
>>>>>> FTP) based site management?
>>>>>>
>>>>>> You mentioned npm, are you guy’s touching frontend and
>>>>>>> migrating/integrating vue or some other library?
>>>>>>
>>>>>>
>>>>>> I wanted to check how npm dependencies and sub-dependencies are
>>>>>> handled for comparison.
>>>>>> Where some night-mares was cited due to version different in
>>>>>> child-dependencies. Hope such are not the
>>>>>> case with composer - but wanted to still check.
>>>>>>
>>>>>> Regards,
>>>>>> Prasad
>>>>>>
>>>>>> On Fri, Jul 23, 2021 at 9:19 PM Sukhdev Mohan <s.mohan at myti.it>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> 1. When creating composer.json you’re inserting all the
>>>>>>> dependencies and you can lock versions of the libraries you are importing.
>>>>>>> Also look at PSR 4 for namespaces: in the same composer.json you define the
>>>>>>> namespace for your app.
>>>>>>> 2. Yup, I’d leave it upon admin the decision to update. Vtiger
>>>>>>> can advise and don’t proceed with update with dependencies aren’t met.
>>>>>>> 3. If core depends on something that you need to import/install
>>>>>>> how can you proceed with installation/update? In other projects when you
>>>>>>> install through composer it handles dependencies and proceeds to install.
>>>>>>> May be also vtiger should create it’s composer install?
>>>>>>> 4. Composer doesn’t needs to be installed globally, if the user
>>>>>>> who downloads composer has RWX access he can launch composer and download
>>>>>>> the dependencies, which are PHP code and binary files. These may require
>>>>>>> some components that are missing in the standard php installation (ie.
>>>>>>> ioncube), so this is upon the single user.
>>>>>>>
>>>>>>>
>>>>>>> Since we are talking about composer, what exactly do you want to do?
>>>>>>>
>>>>>>> You mentioned npm, are you guy’s touching frontend and
>>>>>>> migrating/integrating vue or some other library?
>>>>>>>
>>>>>>> *Sukhdev Mohan*
>>>>>>> *Developer*
>>>>>>> On 23 Jul 2021, 16:39 +0200, Prasad <prasad at vtiger.com>, wrote:
>>>>>>>
>>>>>>> Team,
>>>>>>>
>>>>>>> I know I'm too late on this thread - did some homework using composer
>>>>>>> and npm packages got some questions that need assistance:
>>>>>>>
>>>>>>> 1. With composer - we are not expected to package the dependencies?
>>>>>>> Would admin expected to (composer install) command-line and then
>>>>>>> launch the install.php?
>>>>>>>
>>>>>>> 2. When a package need update in subsequent version of Vtiger
>>>>>>> Would admin be expected to (composer update) command-line and then
>>>>>>> launch the migration.php?
>>>>>>>
>>>>>>> 3. What if composer fails with unmet / unavailable packages -
>>>>>>> should install.php or
>>>>>>> migration.php check if all dependencies was installed?
>>>>>>>
>>>>>>> 4. How would composer work on hosting providers (who provide Cpanel
>>>>>>> or FTP) based site management?
>>>>>>>
>>>>>>> Regards,
>>>>>>> Prasad
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 13, 2013 at 2:47 AM Adam Heinz <amh at metricwise.net>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Has anyone on the vtiger team looked into the use of Composer to
>>>>>>>> supply dependencies? It would certainly make things a little more
>>>>>>>> flexible, reduce the size of the download, and discourage the light hacking
>>>>>>>> that tends to go on when you have the code checked into the main
>>>>>>>> development branch.
>>>>>>>>
>>>>>>>> http://getcomposer.org/
>>>>>>>>
>>>>>>>> I recently wired our systems up to use it to pull in the Sauce Labs
>>>>>>>> "sausage" Selenium web driver for our automated tests. Doing a bit more
>>>>>>>> research, it seems to be the *de facto* replacement for PEAR these
>>>>>>>> days.
>>>>>>>> _______________________________________________
>>>>>>>> http://www.vtiger.com/
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> http://www.vtiger.com/
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> http://www.vtiger.com/
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210815/467a13f9/attachment.html>
More information about the vtigercrm-developers
mailing list