Problem/Motivation

We also might want to consider at some supporting any package if drupal/core-composer-scaffold provided a UI(PROBABLY MEANT API) like getAllScaffoldfiles() that would return all files across all packages that are allowed. Without this I don't think we can support it.

Link to the comment => https://www.drupal.org/project/automatic_updates/issues/3338346#comment-...

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

omkar.podey created an issue. See original summary.

omkar.podey’s picture

omkar.podey CreditAttribution: omkar.podey at Acquia commented
Issue summary: View changes
omkar.podey’s picture

omkar.podey CreditAttribution: omkar.podey at Acquia commented
Title: Support any package to scaffold files » [PP-1] Support any package to scaffold files
Status: Active » Postponed

Created a core issue #3350176: Create something like getAllScaffoldfiles() in core-composer-scaffold. and blocking this one on that.

omkar.podey’s picture

omkar.podey CreditAttribution: omkar.podey at Acquia commented
Related issues: +#3350176: Create something like getAllScaffoldfiles() in core-composer-scaffold.
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
CreditAttribution: tedbow at Acquia commented
Issue tags: +core-post-mvp
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
CreditAttribution: tedbow at Acquia commented
Issue summary: View changes
Issue tags: +Needs issue summary update

Needs a summary update to bring in more context. You should have to read the other issue to understand the basics of this issue

chrisfromredfin’s picture

chrisfromredfin
he/him/his
Primary language English
Location Portland, Maine
CreditAttribution: chrisfromredfin at Redfin Solutions, LLC commented
Related issues: +#3340355: [PP-1] Add support for scaffold files that aren't defined by Drupal core or the root composer.json

I believe this is related, or even a duplicate of #3340355: [PP-1] Add support for scaffold files that aren't defined by Drupal core or the root composer.json, which DOES have a good issue summary.

The issue here is that in #3338346: Do not allow drupal/core-composer-scaffold to be used by packages other than core we restricted use of plugins that are allowed to scaffold files to only the implicit ones.

Now that we're maturing, I was looking at things like "what would it take to get this running on, say, Pantheon hosting?" For one, Pantheon has pantheon-systems/drupal-integrations, which simply scaffolds three files in the sites/default folder.

So while knowing those files (via #3350176: Create something like getAllScaffoldfiles() in core-composer-scaffold.) would be nice, I wonder if there's also an option here to simply say, as a site owner "I know the scaffolding afforded by this plugin is safe, let's allow it to do what it does."

I imagine we could do this in a similar way as the composer plugins validator does, by adding some additional configuration that can be set:
https://git.drupalcode.org/project/automatic_updates/-/blame/3.0.x/packa...

tobybellwood’s picture

tobybellwood CreditAttribution: tobybellwood at amazee.io commented

I wonder if there's also an option here to simply say, as a site owner "I know the scaffolding afforded by this plugin is safe, let's allow it to do what it does."

This would be ace - amazee.io & Lagoon hosters use https://github.com/amazeeio/drupal-integrations (or a variant) to lever in settings.php/Drush files.

Being able to document the plugin as "automatic updates safe" either upstream or in-project would make it easier. Until then, we run it once on composer install, and then `composer config extra.drupal-scaffold --unset` to stop it interfering with automatic updates.

The alternative would be a modification to composer-scaffold to disable it from autorunning selectively - meaning only `composer drupal:scaffold` will actually change the files on disk