Composer updated to v2?

[carestad]

Description
It seems that the composer version has been updated to v2 for runners now, which is causing a lot of distress since it isn't necessarily a plug-and-play upgrade. The virtual environment documentation has not been updated to reflect this, and it seems to be causing some issues (for us at least).

Is there a composer@v1 version still available or is the global composer now replaced with v2 for good?

Area for Triage:
PHP

Question, Bug, or Feature?:
Question

Virtual environments affected

• Ubuntu 16.04
• Ubuntu 18.04
• Ubuntu 20.04
• macOS 10.15
• macOS 11.0
• Windows Server 2016 R2
• Windows Server 2019

Expected behavior
Successful running of composer install in our existing Laravel project.

Actual behavior

composer install now fails due to dependencies not being ready for composer@v2.

Repro steps

1. Check out existing Laravel project
2. Run composer install

[carestad]

It seems this is due to the PHP installer script just downloads the most recent version of composer from its installer URL (as described here: https://getcomposer.org/download/), and the composer people have probably quite recently changed it so you get the v2 when doing that now.

Perhaps it could be an idea to just curl/wget the latest v1 and/or v2 instead?

I guess it is up to you guys what version comes pre-installed. In my opinion, maybe downloading a more specific version is safer, so you have better control over which versions of software you pre-install on your runners.

I'll just work around it for now and overwrite /usr/bin/composer in my own recipes, but if you want to keep v2 then the documentation should maybe be updated 🙂

[tyrann0us]

Workaround using shivammathur/setup-php:

- name: Force Composer v1
  uses: shivammathur/setup-php@v2
  with:
    tools: composer:v1

Also see https://github.com/marketplace/actions/setup-php-action#wrench-tools-support.

[al-cheb]

Hello, @carestad
As you mentioned above, we always try to install the latest version. If a deployment is not yet complete, we don't update documentation files in main branch. You can find a documentation file for current build or try to find a pr with delta - https://github.com/actions/virtual-environments/pulls (e.g. #1901):

[tyrann0us]

Not sure if this is clear or not: Contrary to the checkboxes ticked by @carestad, this issue not only affects Ubuntu 20.04, but also Ubuntu 18.04 (which is ubuntu-latest still).

[carestad]

Hello, @carestad
As you mentioned above, we always try to install the latest version. If a deployment is not yet complete, we don't update documentation files in main branch. You can find a documentation file for current build or try to find a pr with delta - actions/virtual-environments/pulls (e.g. #1901):

Aha! Nice to know. Thanks for the info. 👍

[carestad]

Not sure if this is clear or not: Contrary to the checkboxes ticked by @carestad, this issue not only affects Ubuntu 20.04, but also Ubuntu 18.04 (which is ubuntu-latest still).

That is true. The readme for 18.04 mentions this, and refers to this issue regarding that: #1816

[al-cheb]

The documentation files related to Ubuntu were updated in main branch.

[zauni]

As a temporary workaround it also helps to have a script section with sudo composer self-update --1 in it.

[Chrico]

As a temporary workaround it also helps to have a script section with sudo composer self-update --1 in it.

This will not work 100% safe, since the default User is "runner" and with sudo you'll write with a different User "root". This will change the folder permissions for Composer cache, which might causes problems for Composer and Composer Plugins which are trying to write to that cache folder.

sudo composer self-update --1
You are running composer as "root", while "/home/runner/.composer" is owned by "runner"

which results in:

Cannot create cache directory /home/runner/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache
Cannot create cache directory /home/runner/.composer/cache/files/, or directory is not writable. Proceeding without cache
Cannot create cache directory /home/runner/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache

[tyrann0us]

Am I the only one who finds it problematic that a "low-level API" like Composer has received a major upgrade on an existing operating system? I'm all for doing that on ubuntu-20.04, but Composer v2 breaks backward compatibility, so it should not be updated automatically on existing OSs IMHO.

The AWS CLI has not been updated to v2 either, although this version has been available for a long time.

[zauni]

@Chrico Good to know!
I tried this script section in a Azure pipeline and here it was okay. Or maybe we don't have plugins which use the cache folder. Or in Github Actions it would be okay to leave the "sudo" away, but in Azure it was needed.

[hanoii]

This will not work 100% safe, since the default User is "runner" and with sudo you'll write with a different User "root".

In relation to #1924 (comment) I am doing

    - name: Make sure we are using composer v1
      run: |
        sudo composer self-update --1
        sudo chown $USER $HOME/.composer

Early on steps: which should make it 100% safe. At least is working for me and I am using the cache.