Should zip task should ignore `/vendor` directory commonly used for Composer packages?

Question

Should zip task should ignore `/vendor` directory commonly used for Composer packages?

daviedR opened this issue 2 years ago · comments

Hi there,

Thanks for creating this library!

I was exploring this library and found out that the default Zip task doesn't exclude /vendor directory which is commonly used for Composer packages. There are a lot of WordPress projects are using Composer packages, like WPCS, etc. So I think /vendor should be excluded on the Zip task.

Cory Hughart · Answer 1 · Tue Apr 05 2022 03:48:44 GMT+0800 (China Standard Time)

Please excuse me while I reveal some ignorance here—while I've definitely used Composer in the past, it's not a regular part of my workflow.

The purpose of the zip task is to export a production-ready package that can be installed as a WordPress plugin or theme. If your plugin's production code relies on Composer packages, but they are excluded from the zip archive, would the plugin function when installed from the zip?

I understand that you wouldn't want WPCS in the production archive, since it's a development tool. Does Composer differentiate between dependencies and dev dependencies like NPM does?

Regardless of how Composer is being used in a project, I wouldn't want to exclude any folder from a production zip unless it was specified as a src folder for a custom task. Even then, the config for the zip task has to be modified to tell it to check the task for a src folder to ignore (via the ignoreSrc array). Of course there are exceptions based on how the project is expected to be structured at a very basic level, ignoring package.json and lock files, node_modules (since JS should be compiled in the distributed files), and gulp files.

Let me know if I'm way off base.

David Rozando · Answer 2 · Tue Apr 05 2022 09:51:00 GMT+0800 (China Standard Time)

Hi @cr0ybot

Composer does differentiate dev dependencies (require-dev) and dependencies (require).

I understand your point of view. There's chance that a project requires some packages from Composer for its production version.

In my case, I only use Composer packages (e.g. WPCS, WP Theme Review) for development. So, I will modify the Zip task's config then.

Cory Hughart · Answer 3 · Thu Apr 21 2022 02:15:50 GMT+0800 (China Standard Time)

If there is a way for the zip task to ignore dev dependencies while including standard dependencies, then I think that's definitely something that could/should be built-in. Let's keep this issue open for now. PRs welcome!

Cory Hughart · Answer 4 · Fri May 06 2022 21:22:27 GMT+0800 (China Standard Time)

After some further research, it doesn't look easy, potentially not even practical, to try to detect dev dependencies and ignore only those.

I think one way to handle this would be to bring the composer install step into the workflow, which could then run the proper install command depending on the intent:

During 'dev' (default): composer install
During 'zip': 'composer install --no-dev'.

This would require a configurable composer task, I think.