Psalm patrol

[DanielBadura]

No description provided.

[DanielBadura]

Failing tests are not connected to the changes made but connected to psalm. Psalm requires https://github.com/composer/package-versions-deprecated which replaces https://github.com/Ocramius/PackageVersions. This is causing a missing dependency because the original one does not get installed anymore. Im not sure how to solve this and if this should be part of this PR.

Anyhow should package replacing via composer be part of this package knowledge?

[Ocramius]

@DanielBadura wouldn't worry too much about it: I think the CI pipeline needs a bit of an overhaul before moving forward.

Specifically, in order to maintain things more efficiently, we need:

• composer.lock that dependabot updates regularly (so at least we get relatively reproducible builds)
• github actions
• restricting to PHP 7.4

This patch should mostly be fine as-is

[DanielBadura]

https://www.youtube.com/watch?v=DzUCC9pfoNw

Are workflows already enabled?
Psalm level 1 is not completed yet but i would now update the baseline with the missing fixes.

[DanielBadura]

Now it should be ready for review @Ocramius 👍

[DanielBadura]

Rebased to get the composer.lock here to update it accordingly.
Just as an information: With this patch we loose the 100% coverage due to the new line in JsonLoader here: https://github.com/maglnet/ComposerRequireChecker/pull/206/files#diff-05424265c13240e6c7092781ce770688R38

I could not figure out how to test this case since is_readable is called before. But removing the is_readable in favor for the false check of file_get_contents will crash some tests so i thing its still needed.

[Ocramius]

@DanielBadura about that last bit, I'm wondering if we can replace it with an assertion? webmozart/assert makes those cases accessible, and roave/infection-static-analysis-plugin can then squish out mutants that aren't testable

[DanielBadura]

@Ocramius im not quite sure if i understood you correctly. I pushed some changes. With this we dont loose the file_get_contents false code path. Or do you mean with infection we dont need the 100% coverage?

[Ocramius]

Let's re-discuss this one after a rebase on top of #210 (and discussion there first!)

[DanielBadura]

Since #210 is merged now i will rebase this PR the next days

[DanielBadura]

So this is rebased now. Still getting the error mentioned before:

Failing tests are not connected to the changes made but connected to psalm. Psalm requires https://github.com/composer/package-versions-deprecated which replaces https://github.com/Ocramius/PackageVersions. This is causing a missing dependency because the original one does not get installed anymore. Im not sure how to solve this and if this should be part of this PR.

Anyhow should package replacing via composer be part of this package knowledge?

As this is targeting v3.0.0 now it would be feasible to drop composer 1 support and with it get rid of PackageVersion and get the package version via composer 2 api. WDYT @Ocramius ?

And if so - extra PR for dropping composer v1 or smash it into this one? :D

[Ocramius]

As this is targeting v3.0.0 now it would be feasible to drop composer 1 support and with it get rid of PackageVersion and get the package version via composer 2 api. WDYT @Ocramius ?

Sounds good to me. Beware that we still need #218 for that to work correctly, since composer-plugin-api is a bit fiddly (and obviously does not behave like a normal package -.-).

I would suggest reviewing that, and then we do yet another (sorry!) rebase here to squish out ocramius/package-versions.

[DanielBadura]

No problem at all :)
Waiting then for #218 & then we look again at this :)
Until then: Have a good weekend!

[Ocramius]

@DanielBadura this can now be rebased

[DanielBadura]

Alright, thanks for the notification 👍

[DanielBadura]

@Ocramius PR is rebased and PackageVersions is out in favor for the composer-runtime-api^2 as discussed above. So with this PR we drop composer 1 support.

This PR is from my side finished & ready :)

[Ocramius]

Excellent, thanks @DanielBadura!