测试拉取请求
Testing pull requests
我最近在我的 Laravel 项目中喜欢使用的一个包中发现了一个漏洞。该软件包是 Laravel 的日志查看器:https://github.com/ARCANEDEV/LogViewer。
我提出了一个关于漏洞的问题,所有者说我可以提出一个 Pull Request 来尝试纠正这个问题,我觉得我至少可以尝试一下。
我的问题是:有没有办法在测试环境中使用我的 Pull Request 的包版本,就好像我是通过 Composer 安装它一样?
本质上,除了实际的单元测试,有没有办法测试项目中的 运行 包?
根据研究和可用答案更新
经过大量谷歌搜索和阅读答案后,我尝试了以下方法:
- 分叉我要为其提出拉取请求的回购协议。叉子在这里:https://github.com/blorange2/LogViewer
- 将这个分叉的 repo 克隆到我的本地机器上并切换到与我当前版本 Laravel 兼容的分支(Laravel 5.6 是 v4.5)
- 更新我本地项目中的
composer.json 以获得 repositories 数组
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
整个事情看起来像这样:
{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": [
"framework",
"laravel"
],
"license": "MIT",
"type": "project",
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
"require": {
"php": "^7.1.3",
"alexusmai/laravel-purifier": "^0.5.0",
"arcanedev/log-viewer": "^4.5",
"artesaos/laravel-linkedin": "^1.3",
"barryvdh/laravel-dompdf": "^0.8.4",
"cartalyst/tags": "6.0.*",
"cornford/googlmapper": "^2.33",
"doctrine/dbal": "^2.9",
"fideloper/proxy": "^4.0",
"guzzlehttp/guzzle": "^6.3",
"guzzlehttp/psr7": "^1.4",
"happyr/linkedin-api-client": "^1.0",
"intervention/image": "^2.5",
"ixudra/curl": "^6.16",
"jdavidbakr/mail-tracker": "~2.1",
"laravel/framework": "5.6.*",
"laravel/scout": "^5.0",
"laravel/socialite": "^3.0",
"laravel/tinker": "^1.0",
"laravelcollective/html": "^5.6",
"laravolt/avatar": "^3.0",
"league/flysystem-sftp": "~1.0",
"maatwebsite/excel": "^3.1",
"maddhatter/laravel-fullcalendar": "^1.3",
"mews/purifier": "^2.1",
"php-http/curl-client": "^1.7",
"php-http/message": "^1.6",
"pusher/pusher-http-laravel": "^4.2",
"socialiteproviders/microsoft-graph": "^2.0",
"spatie/calendar-links": "^1.0",
"spatie/flysystem-dropbox": "^1.2",
"spatie/laravel-analytics": "^3.6",
"spatie/laravel-backup": "^5.9",
"spatie/laravel-medialibrary": "7.6.3",
"spatie/laravel-permission": "^2.12",
"teamtnt/laravel-scout-tntsearch-driver": "^3.0",
"thujohn/twitter": "^2.2",
"unisharp/laravel-filemanager": "~1.8",
"vimeo/laravel": "^5.0"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.2",
"filp/whoops": "^2.0",
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^2.0",
"phpunit/phpunit": "^7.0"
},
"autoload": {
"files": [
"app/Helpers/Helper.php"
],
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\Foundation\ComposerScripts::postAutoloadDump",
"@php artisan package:discover"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true
},
"minimum-stability": "dev",
"prefer-stable": true
}
我的主要项目位于以下路径(来自 运行ning pwd on Windows)C:\xampp\htdocs\projects\newable\newable-intranet
克隆的分支项目位于此处:C:\xampp\htdocs\projects\forks\LogViewer。
但是,运行ning composer update并没有使用本地版本,它只是使用:"arcanedev/log-viewer": "^4.5",
当您想在项目中使用自定义版本的库时,就像使用原始包一样,您可以修改 composer.json。
您可以添加custom package sources (aka repositories) to your composer.json for local development I prefer the path-repository:
{
"repositories": [
{
"type": "path",
"url": "../LogViewer"
}
],
"require": {
"arcanedev/log-viewer": "*",
...
},
...
}
因此,如果您的项目和 LogView 库并排位于同一工作区目录中,这将跳转到该工作区目录并进入库文件夹。它将在那里寻找 composer.json。然后您应该能够更新到您的自定义库,例如使用 composer require arcanedev/log-viewer:"*" or by manually changing the entry as shown above and then runcomposer 安装`。
让 composer 下载自定义版本有时会有点棘手,但总的来说这应该可行。如果它不会 "download" 您的版本,即符号链接本地文件夹,请尝试删除现有的供应商文件夹并再次 运行 composer install。您还可以将调试输出添加到 composer install -vvv 以查看是否找到并使用了存储库。
不太复杂的方法是删除项目的 vendor/ 文件夹中的原始库文件夹,然后手动放置指向自定义库的符号链接。当您所做的只是库代码中的一个小错误修复时,这通常就足够了,但是当您更改依赖项和版本要求时,我更喜欢第一种方法,因为它基本上模拟通过 composer 下载包,确保它在客户端项目中正确使用。
我最近在我的 Laravel 项目中喜欢使用的一个包中发现了一个漏洞。该软件包是 Laravel 的日志查看器:https://github.com/ARCANEDEV/LogViewer。
我提出了一个关于漏洞的问题,所有者说我可以提出一个 Pull Request 来尝试纠正这个问题,我觉得我至少可以尝试一下。
我的问题是:有没有办法在测试环境中使用我的 Pull Request 的包版本,就好像我是通过 Composer 安装它一样?
本质上,除了实际的单元测试,有没有办法测试项目中的 运行 包?
根据研究和可用答案更新
经过大量谷歌搜索和阅读答案后,我尝试了以下方法:
- 分叉我要为其提出拉取请求的回购协议。叉子在这里:https://github.com/blorange2/LogViewer
- 将这个分叉的 repo 克隆到我的本地机器上并切换到与我当前版本 Laravel 兼容的分支(Laravel 5.6 是 v4.5)
- 更新我本地项目中的
composer.json以获得repositories数组
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
整个事情看起来像这样:
{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": [
"framework",
"laravel"
],
"license": "MIT",
"type": "project",
"repositories": [
{
"type": "path",
"url": "../forks/LogViewer"
}
],
"require": {
"php": "^7.1.3",
"alexusmai/laravel-purifier": "^0.5.0",
"arcanedev/log-viewer": "^4.5",
"artesaos/laravel-linkedin": "^1.3",
"barryvdh/laravel-dompdf": "^0.8.4",
"cartalyst/tags": "6.0.*",
"cornford/googlmapper": "^2.33",
"doctrine/dbal": "^2.9",
"fideloper/proxy": "^4.0",
"guzzlehttp/guzzle": "^6.3",
"guzzlehttp/psr7": "^1.4",
"happyr/linkedin-api-client": "^1.0",
"intervention/image": "^2.5",
"ixudra/curl": "^6.16",
"jdavidbakr/mail-tracker": "~2.1",
"laravel/framework": "5.6.*",
"laravel/scout": "^5.0",
"laravel/socialite": "^3.0",
"laravel/tinker": "^1.0",
"laravelcollective/html": "^5.6",
"laravolt/avatar": "^3.0",
"league/flysystem-sftp": "~1.0",
"maatwebsite/excel": "^3.1",
"maddhatter/laravel-fullcalendar": "^1.3",
"mews/purifier": "^2.1",
"php-http/curl-client": "^1.7",
"php-http/message": "^1.6",
"pusher/pusher-http-laravel": "^4.2",
"socialiteproviders/microsoft-graph": "^2.0",
"spatie/calendar-links": "^1.0",
"spatie/flysystem-dropbox": "^1.2",
"spatie/laravel-analytics": "^3.6",
"spatie/laravel-backup": "^5.9",
"spatie/laravel-medialibrary": "7.6.3",
"spatie/laravel-permission": "^2.12",
"teamtnt/laravel-scout-tntsearch-driver": "^3.0",
"thujohn/twitter": "^2.2",
"unisharp/laravel-filemanager": "~1.8",
"vimeo/laravel": "^5.0"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.2",
"filp/whoops": "^2.0",
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^2.0",
"phpunit/phpunit": "^7.0"
},
"autoload": {
"files": [
"app/Helpers/Helper.php"
],
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\Foundation\ComposerScripts::postAutoloadDump",
"@php artisan package:discover"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true
},
"minimum-stability": "dev",
"prefer-stable": true
}
我的主要项目位于以下路径(来自 运行ning pwd on Windows)C:\xampp\htdocs\projects\newable\newable-intranet
克隆的分支项目位于此处:C:\xampp\htdocs\projects\forks\LogViewer。
但是,运行ning composer update并没有使用本地版本,它只是使用:"arcanedev/log-viewer": "^4.5",
当您想在项目中使用自定义版本的库时,就像使用原始包一样,您可以修改 composer.json。
您可以添加custom package sources (aka repositories) to your composer.json for local development I prefer the path-repository:
{
"repositories": [
{
"type": "path",
"url": "../LogViewer"
}
],
"require": {
"arcanedev/log-viewer": "*",
...
},
...
}
因此,如果您的项目和 LogView 库并排位于同一工作区目录中,这将跳转到该工作区目录并进入库文件夹。它将在那里寻找 composer.json。然后您应该能够更新到您的自定义库,例如使用 composer require arcanedev/log-viewer:"*" or by manually changing the entry as shown above and then runcomposer 安装`。
让 composer 下载自定义版本有时会有点棘手,但总的来说这应该可行。如果它不会 "download" 您的版本,即符号链接本地文件夹,请尝试删除现有的供应商文件夹并再次 运行 composer install。您还可以将调试输出添加到 composer install -vvv 以查看是否找到并使用了存储库。
不太复杂的方法是删除项目的 vendor/ 文件夹中的原始库文件夹,然后手动放置指向自定义库的符号链接。当您所做的只是库代码中的一个小错误修复时,这通常就足够了,但是当您更改依赖项和版本要求时,我更喜欢第一种方法,因为它基本上模拟通过 composer 下载包,确保它在客户端项目中正确使用。