Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Allow composer/installers (and other dependencies needing allow-plugins) when installing Composer libraries #908

Open
1 task done
tyrann0us opened this issue Jan 28, 2025 · 2 comments
Open
1 task done

Feature: Allow composer/installers (and other dependencies needing allow-plugins) when installing Composer libraries #908

tyrann0us opened this issue Jan 28, 2025 · 2 comments
Assignees
@shivammathur
Labels
enhancement New feature or request

Comments

@tyrann0us
Copy link

tyrann0us commented Jan 28, 2025
edited
Loading

Describe the feature

Right now, shivammathur/setup-php correctly sets up allow-plugins for Composer libraries that are installed directly via the tools option. However, if one of those tools has a dependency that itself needs allow-plugins—for example, composer/installers—it isn’t automatically allow-listed by the action. That leads to Composer blocking the plugin installation, causing errors such as:

composer/installers (installed globally) contains a Composer plugin which is blocked by your allow-plugins config.

It would be very helpful if shivammathur/setup-php could either automatically allow composer/installers whenever installing any Composer tool or detect sub-dependencies that need allow-plugins and handle them accordingly.

Please check the latest release

  • I have checked releases, and the feature is missing in the latest patch version of v2.

Underlying issue

composer/installers is blocked by the default allow-plugins config. If shivammathur/setup-php installs a Composer library that depends on composer/installers, the dependency is blocked by Composer’s stricter plugin policy, causing errors in CI.

Describe alternatives

  • Manually running composer global config --no-plugins allow-plugins.composer/installers true in every workflow.
  • Explicitly requiring composer/installers in the tools options.

Both approaches work but negate the convenience of the action automatically handling this.

Additional context

Are you willing to submit a PR?

Yes (Depending on which approach you prefer, if any, I can potentially submit a PR, although I haven't looked into your test logic yet.)
@tyrann0us tyrann0us added the enhancement New feature or request label Jan 28, 2025
@tyrann0us tyrann0us mentioned this issue Jan 28, 2025
Open
3 tasks
@shivammathur
Copy link
Owner

As a user while it might be convenient to go through the dependency tree and allow all plugins in the action, it negates the whole purpose of composer adding this feature.

It might be a good idea to introduce an env say COMPOSER_ALLOW_PLUGINS that takes a comma separated string of plugins to allow and the action adds them to the global allow plugins config.

@Biont
Copy link

Biont commented Feb 4, 2025

I can agree with your assessment @shivammathur
Being explicit probably stays o out of trouble. Would it perhaps be a little closer to the current conventions to configure this via YAML?

- name: Setup PHP with custom tools
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
    tools: 'vendor/custom-installer'
    # CSV format to be aligned with "tools" - but this could probably be a list as well?
    composer-allowed-plugins: 'composer/installers'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shivammathur shivammathur

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shivammathur @Biont @tyrann0us