132

I have a library foo/foo-lib which requires a specific commit from GitHub:

{
    "name": "foo/foo-lib",
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/KnpLabs/Gaufrette.git"
        }
    ],
    "require": {
        "knplabs/gaufrette": "dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e"
    }
}

and it works fine:

$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)                                 
  - Updating knplabs/gaufrette dev-master (2633721 => 2633721)
    Checking out 2633721877cae79ad461f3ca06f3f77fb4fce02e

Generating autoload files

but when I require that library in other project:

{
    "name": "bar/bar-app",
    "repositories": [
        {
            "type": "vcs",
            "url": "ssh://git.example.com/foo-lib"
        }
    ],
    "require-dev": {
        "foo/foo-lib": "dev-master"
    }
}

it yields dependency error:

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for foo/foo-lib dev-master -> satisfiable by foo/foo-lib[dev-master].
    - foo/foo-lib dev-master requires knplabs/gaufrette dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e -> no matching package found.

So my question is: how to correctly require the specific commit from GitHub in my library, so that it would be available in dependent packages?

Maciej Sz
  • 11,151
  • 7
  • 40
  • 56
  • 4
    Be aware that when requiring a commit, composer will not honor that commits requirements (cmoposer.json). Instead it computes the branch head requirement which will change over time. So this might work for a while, but will break for sure in the future. – estani Oct 08 '14 at 09:04

3 Answers3

192

You'll have to explicitly require the Gaufrette library at that hash, with a dev flag, in both your library and your application. Something like this should work in the application composer.json:

{
    "name": "bar/bar-app",
    "repositories": [
        {
            "type": "vcs",
            "url": "ssh://git.example.com/foo-lib"
        }
    ],
    "require-dev": {
        "foo/foo-lib": "dev-master",
        "knplabs/gaufrette": "dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e"
    }
}

From the documentation:

If one of your dependencies has a dependency on an unstable package you need to explicitly require it as well, along with its sufficient stability flag.

The documentation also suggests that you'll need to include the repository for Gaufrette in your bar/bar-app Composer file, though it sounds like this wasn't necessary in this case. I'm not sure why.

ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
  • I've already try this, doesn't work either. I think it may have something to do with Composer prefering Packagist over GitHub specifically? – Maciej Sz Jan 23 '14 at 19:06
  • Nope, I've checked with my local repositories - it's not a GitHub specific issue. – Maciej Sz Jan 23 '14 at 19:18
  • I'm fairly certain that I got this to work before. What if you add `"minimum-stability": "dev"` to the `bar/bar-app` requirements? – ChrisGPT was on strike Jan 23 '14 at 19:24
  • Adding `"minimum-stability": "dev"` got the Composer to work, but it broke all my other deps including the `Gaufrette`. It udpated everything to `dev`, and did not check out the commit I pointed out in `foo/foo-lib`. – Maciej Sz Jan 23 '14 at 19:29
  • 3
    It [looks like you're going to have to](https://getcomposer.org/doc/04-schema.md#package-links) explicitly require Gaufrette at that hash in both your library, and your application. "If one of your dependencies has a dependency on an unstable package you need to explicitly require it as well, along with its sufficient stability flag." Note that you can have some packages, e.g. Gaufrette, at `dev` stability, and default to `stable` for everything else. – ChrisGPT was on strike Jan 23 '14 at 19:35
  • Yep, just came to the same conclusion and it works. Suprisingly though I did not have to include the `repositories` entry for Guafrette. Why is that since, as you pointed out, they are not resolved recursively? Could you pleas update your answer? – Maciej Sz Jan 23 '14 at 19:37
  • 2
    Looks like GitHub is supported by Composer out of the box - I've just removed the `"url": "https://github.com/KnpLabs/Gaufrette.git"` from first package and it still works. – Maciej Sz Jan 23 '14 at 19:41
  • @MaciejSz, I will, but I [don't think that GitHub is supported out of the box](https://getcomposer.org/doc/05-repositories.md#repository). Could you clear your cache (i.e. delete `~/.composer/cache` if you're on something Unixy or something like `%APPDATA%\Composer` if you're on Windows) and try again to see if Gaufrette can be found? – ChrisGPT was on strike Jan 23 '14 at 20:48
  • `rm -rf ~/.composer/cache/ ; rm composer.lock ; rm -rf vendor/ ; composer install && cat composer.json` Outputs: `... "repositories": [], ...`. Works. Maybe it's chacking `source` from the `composer.json` on Packagist. – Maciej Sz Jan 23 '14 at 20:58
  • TL DR: "dev-master#2633721877cae79ad461f3ca06f3f77fb4fce02e" – NecipAllef Feb 20 '18 at 09:58
  • Unfortunately, there can be situations (due to the particular branch having changed its declared requirements in later commits) that referencing a particular commit doesn't work: https://github.com/composer/composer/issues/6366 ... https://github.com/composer/composer/issues/3705 – Abdull Dec 14 '21 at 10:41
30

Here is how you do it on the command line:

composer update knplabs/gaufrette:dev-master#2633721 --with-dependencies

You don't have to use the whole hash, a hash seven characters long seems to dothe trick. As mentioned above, your project will need to support dev - which it will complain about if not already set. Also, use --with-dependencies to get any dependencies of the one you are updating.

powpow12
  • 587
  • 8
  • 13
3

If you're making changes for a Git Repository by forking make sure that you use the The package name is actually defined in the package's own composer.json file - so even though I'd forked the package to my own joshuapaling github account, and the package was now residing at the URL https://github.com/joshuapaling/Cake-Resque.git, that had not influenced the package's name at all, from composers perspective.

A stupid error - but I'm new to composer, and it wasn't clear at first! So, I hope this helps someone else with the same problem.

Gayan Kalhara
  • 625
  • 7
  • 8