http://coldfusion.com logo
Join Slack
Powered by
I dunno if this is related to the above, but tilde...
# box-products
a
I dunno if this is related to the above, but tilde range constraints don't help me here. I have specified 
"fw1":"~4.2.0"
, which should only allow a maximum version of 
4.2.∞
, yet it just installed 
4.3.0
for me again. I'll try to just tie it down to a concrete 
4.2.x
and see what happens...
Nope. Still grabbed "4.3.0".
t
I think the issue is with how the package/version is set up on ForgeBox. I haven't published a ForgeBox package in a while, but part of the process is providing the contents of a box.json. If the location key is included in the json string, it will override where ForgeBox goes to pull the package. At least that's my understanding. So if the json tied to the package/version contains the same location key telling it to look at the develop branch, like the box.json in the branch itself, that could be why it is pulling 4.3.0 in.
πŸ‘ 1
a
Sounds error prone. But the *box stuff is usually pretty solid so there might be a reason for it. I'd've thought the version value in the box.json would be the single source of truth. Ah well: it's not the most significant barrier to progress for me today anyhow. And I got past it.
b
@Adam Cameron The issue is in the configuration of the package. The 
box.json
for the latest stable version of FW/1 on ForgeBox (4.2.0) has the following`
Copy code
"location": "framework-one/fw1#master",
Which basically means, "W_hen you install this version, this is where you go to find me_". However, if we go and look at what is on the 
master
branch in Github, we see the 
box.json
committed there doesn't match
Copy code
"version":"4.3.0",
https://github.com/framework-one/fw1/blob/master/box.json#L4 So the 
location
of the 
4.2.0
version of the package points to a place where the code for 
4.3.0
lives which causes the issue. CommandBox will favor whatever version the downloaded code claims to be regardless of what version it was supposed to be on ForgeBox (though the two should never differ).
In reality, the ForgeBox package location needs to stop pointing to the 
master
branch as it will mean older version of the package will also just install whatever is in that branch regardless of what version you pointed to.
a
I suspected it was something like that.
t
This is what I figured. I'll mention it in the fw1 channel so it can be corrected.
βœ… 1
a
Thanks pal.
b
The 
box.json
needs to point to a tag for each version
Copy code
"location": "framework-one/fw1#v4.2.0",
or, better yet, just use the inbuilt S3 storage that is available now (which is basically how npm works). Changing the 
box.json
to either remove the 
location
tag entirely or change it to
Copy code
"location": "forgeboxStorage",
will mean when Sean runs
Copy code
box publish
it will zip up exactly the code right then and put that zip file on S3 and there's no Git cloning involved, which makes it actually faster to install.
t
Pretty sure Steven Neiland is the only true maintainer now so I'll let him know. Not sure how/if he’s done anything with publishes to ForgeBox, but I'll help him get it sorted.
⭐ 1
b
It would appear the entire publish to forgebox was forgotten for 4.3.0, but I'm happy to help him get forgebox straightened out if he needs
⭐ 1
t
Thanks Brad I'll pass that along.
s
I've updated the location issue with the 4.2.0 release and will get 4.3.0 up on forgebox later tonight. Forgebox fell off my radar in terms of package management
@Adam Cameron That should be resolved for you now
⭐ 1
a
Thanks @sneiland! I need to finish up a blog article, but almost done, and will check in 30min or so.
Works perfect, thanks mate.
s
No problem
3 Views
Open in Slack
PreviousNext
Powered by