Stop explicitly catching missing env-var error in composer
#7675
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This removes explicitly catching errors about missing env vars. This is likely a bit controversial, so here's my thinking: 1. Dependabot at GitHub doesn't support injecting custom env vars. And for security reasons is unlikey to anytime soon: #4660 2. The primary use case was for `ACF Pro`, but that is no longer relevant since they now support private `composer` auth natively: #2001 (comment) 3. In general we've told users that if they need custom env vars for authentication reasons, they should instead ask their upstream providers to use the standard `composer` tooling, rather than a workaround. We aren't going to go out of our way to support non-standard tooling practices. 4. Setting env vars is still relevant for anyone who runs Dependabot standalone, but those are typically power users who are very comfortable debugging / reading the logs to realize the error is the lack of an env var. 5. Technically this could cause more internal alerts because removing this error changes those updates from being seen as "well-known user errors" to "unknown service errors" (which we internally alert on). However, I strongly suspect that very few users actually hit this problem... so if just a couple of repos are hitting it, that shouldn't be unduly affecting our metrics. 6. Currently unknown `composer` errors are hidden, but we should resolve that with a systemic solution rather than one-off-solutions for specific packages, which turns into a game of whack-a-mole: #6290 7. Composer error handling is a big mess in our code... it's copy/pasted several places, with `TODO` notes saying we should refactor/cleanup our error handling code. And we don't even know what's still relevant once we drop `composer` `1` as the error messages changed a bit. So any cleanup / simplification we can do of the error handling code makes our future refactoring easier. If we needed this generic error for other ecosystems, that'd make sense, but so far it's `composer` specific so until we need that, let's just remove it.
|
Turns out I need this error for other ecosystems. For example, this repo includes a Let me know if you disagree though! |
|
Makes sense to me to keep it. 👍 |
|
#8446 will start using this error class 👍. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This removes explicitly catching errors about missing env vars.
This is likely a bit controversial, so here's my thinking:
ACF Pro, but that is no longer relevant since they now support privatecomposerauth natively: Support using custom PHP environment variables to pass API key to paid plugins #2001 (comment)composertooling, rather than a workaround. We aren't going to go out of our way to support non-standard tooling practices.composererrors are hidden, but we should resolve that with a systemic solution rather than one-off-solutions for specific packages, which turns into a game of whack-a-mole: Expose composer error message when not resolvable #6290TODOnotes saying we should refactor/cleanup our error handling code. And we don't even know what's still relevant once we dropcomposer1as the error messages changed a bit. So any cleanup / simplification we can do of the error handling code makes our future refactoring easier.If we needed this generic error for other ecosystems, that'd make sense, but so far it's
composerspecific so until we need that, let's just remove it.