composer-php - Testing pull requests
问题描述
I recently discovered a vulnerability in a package that I like to use in my Laravel projects. The package is a log viewer for Laravel: https://github.com/ARCANEDEV/LogViewer.
I put in an issue about the vulnerability and the owner said I can put in a Pull Request to try and rectify the issue, and I feel I could at least try.
My question is: is there a way to use the version of the package with my Pull Request in a testing environment, as if I were installing it via Composer?
Essentially, away from actual unit tests, is there a way to test run a package in a project?
Updates given research and available answers
After much Googling and reading of answers I tried the following:
- Fork the repo I'm looking to make a pull request for. The fork is here: https://github.com/blorange2/LogViewer
- Clone this forked repo onto my local machine and switch to the branch that's compatible with my current version of Laravel (which is v4.5 for Laravel 5.6)
- Update the
composer.json
in my local project to have arepositories
array
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
With the whole thing looking like this:
{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": [
"framework",
"laravel"
],
"license": "MIT",
"type": "project",
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
"require": {
"php": "^7.1.3",
"alexusmai/laravel-purifier": "^0.5.0",
"arcanedev/log-viewer": "^4.5",
"artesaos/laravel-linkedin": "^1.3",
"barryvdh/laravel-dompdf": "^0.8.4",
"cartalyst/tags": "6.0.*",
"cornford/googlmapper": "^2.33",
"doctrine/dbal": "^2.9",
"fideloper/proxy": "^4.0",
"guzzlehttp/guzzle": "^6.3",
"guzzlehttp/psr7": "^1.4",
"happyr/linkedin-api-client": "^1.0",
"intervention/image": "^2.5",
"ixudra/curl": "^6.16",
"jdavidbakr/mail-tracker": "~2.1",
"laravel/framework": "5.6.*",
"laravel/scout": "^5.0",
"laravel/socialite": "^3.0",
"laravel/tinker": "^1.0",
"laravelcollective/html": "^5.6",
"laravolt/avatar": "^3.0",
"league/flysystem-sftp": "~1.0",
"maatwebsite/excel": "^3.1",
"maddhatter/laravel-fullcalendar": "^1.3",
"mews/purifier": "^2.1",
"php-http/curl-client": "^1.7",
"php-http/message": "^1.6",
"pusher/pusher-http-laravel": "^4.2",
"socialiteproviders/microsoft-graph": "^2.0",
"spatie/calendar-links": "^1.0",
"spatie/flysystem-dropbox": "^1.2",
"spatie/laravel-analytics": "^3.6",
"spatie/laravel-backup": "^5.9",
"spatie/laravel-medialibrary": "7.6.3",
"spatie/laravel-permission": "^2.12",
"teamtnt/laravel-scout-tntsearch-driver": "^3.0",
"thujohn/twitter": "^2.2",
"unisharp/laravel-filemanager": "~1.8",
"vimeo/laravel": "^5.0"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.2",
"filp/whoops": "^2.0",
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^2.0",
"phpunit/phpunit": "^7.0"
},
"autoload": {
"files": [
"app/Helpers/Helper.php"
],
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true
},
"minimum-stability": "dev",
"prefer-stable": true
}
My main project is located at the following path (from running pwd on Windows) C:\xampp\htdocs\projects\newable\newable-intranet
The cloned, forked project is located here: C:\xampp\htdocs\projects\forks\LogViewer
.
However, running composer update
does not use the local version, it just uses: "arcanedev/log-viewer": "^4.5",
解决方案
When you want to use a custom version of a library in your project like with the original package, you can modify the composer.json.
You can add custom package sources (aka repositories) to your composer.json for local development I prefer the path-repository:
{
"repositories": [
{
"type": "path",
"url": "../LogViewer"
}
],
"require": {
"arcanedev/log-viewer": "*",
...
},
...
}
So if your project and LogView-library are in the same workspace directory, side by side, this will jump up to that workspace-directory and go into the library folder. In there it will look for a composer.json
. You should then be able to update to your custom library, e.g. using composer require arcanedev/log-viewer:"*" or by manually changing the entry as shown above and then run
composer install`.
Making composer download the custom version can be a bit tricky from time to time, but in general this should work. If it won't "download" your version, i.e. symlink the local folder, try removing the existing vendor folder and running composer install
again. You can also add debug output to composer install -vvv
to see if the repository is found and used.
The less elaborate approach would be to remove the original library folder inside your project's vendor/ folder and instead place a symlink to your custom library manually. This is usually enough when all you do is a small bugfix inside the library's code, but when you change dependencies and version requirements I prefer the first approach as it basically simulates downloading the package through composer making sure it is properly usable in client projects.
推荐阅读
- css - 如何通过检查元素添加@keyframes 规则?
- sql - 计算前期间的总数,不包括回顾之前和参考年之后的计数
- python - 与敌人碰撞后的弹丸问题如何解决?
- go - 无法从并行目录同步 Go 包
- django - 使用 Django 和 Gunicorn 配置 Ngnix
- reactjs - 从本地机器加载图像并使用 react js 渲染
- python - 如何将推文复制到 python 中并打印出来?
- java - Activity setTitle 与 Toolbar setTitle 有什么区别
- c++ - 如何使用模板参数包实现 SFINAE 仅限于少数类型
- angular - 到 ContentChildren 的角度绑定宽度