1

I'm using packagist.org to publish some custom php packages in order to be installable (or rather required) via composer, but I have this some packages that require some build steps (for compiling CSS/JS).

The build process is done via github actions, on every tag release, and it spits a zip file. Like it is here: https://github.com/iamntz/carbon-fields-urlpicker/releases/latest

The goal here would be to have users to run composer require iamntz/carbon-fields-urlpicker and use the carbon-fields-urlpicker.zip within the release, not the git tag of that release.

Note that I'm aware of using composer by requiring the full URL of a zip. That's not what I'm looking, as it makes the installation process more cumbersome than it should.

I know that CSS/JS shouldn't sit into a php package, but it is what it is. If this changes anything, let's say we need to replace something on the PHP code before release.

Ionuț Staicu
  • 21,360
  • 11
  • 51
  • 58
  • Does this answer your question? [How to force composer to use zip instead of git clone?](https://stackoverflow.com/questions/13379908/how-to-force-composer-to-use-zip-instead-of-git-clone) – Nico Haase Mar 09 '23 at 15:14
  • @NicoHaase not really. I already mentioned into the post above that I'm aware of that posibility. I'm looking for a way of forcing _packagist_ to pick the zip file, not the end users. – Ionuț Staicu Mar 09 '23 at 15:30
  • 1
    As an end-user I don't appreciate package maintainers _enforcing_ a certain installation workflow on me. If I _want_ to specify `--prefer-dist` I will do that, and if you want to suggest that I do so you should make a note in your installation docs. Also, you do not need to produce your own `.zip` artifact for each build, as Github does that for you and Packagist should be picking up that artifact's URL and including it in the repo info. – Sammitch Mar 09 '23 at 20:47
  • @Sammitch actually that's what I want to avoid: to ask users to do a certain workflow. And I _DO_ need an artifact, as there is a build process involved. – Ionuț Staicu Mar 10 '23 at 06:25

1 Answers1

0

It seems that you can actually specify the ... dist key into your composer file and packagist will just pick up that instead!

You can see it here how it works:

https://github.com/iamntz/carbon-fields-urlpicker/blob/0d5014d078dc797af33829c9ad1aee2ae4074fd4/composer.json#L9

Ionuț Staicu
  • 21,360
  • 11
  • 51
  • 58
  • So, instead of putting the built JS and CSS files under version control, you need to adjust that URL on each new release? From my POV, I would take the first approach – Nico Haase Mar 10 '23 at 07:45
  • can you give more context on this decision? My needs rely in fact that I sometime receive a PR that includes TONS of changes into the compiled source, which kind of make impossible to just approve a PR (I can't just blindly approve a compiled JS as it may contain some malicious code as well) – Ionuț Staicu Mar 10 '23 at 11:19
  • I understand that problem - it could help to build them on your own, and not rely on the fact that any other contributer builds the assets properly? – Nico Haase Mar 10 '23 at 11:20
  • And now we're back to square one: how do I publish the package with the compiled assets while I don't enforce anything to potential contributors? :) – Ionuț Staicu Mar 10 '23 at 12:21
  • 1
    No, that hasn't been the initial question ;) But it should not be too hard to check out the branch anybody else created, run whatever build tool you need, and commit the result before merging the branch – Nico Haase Mar 10 '23 at 12:40