"composer require" fails on 2.2 when unrelated dependency is constrainted to dev-master and .git subdir is unavailable

[AlbinoDrought]

My composer.json:

{
    "name": "example/repro-devmain",
    "type": "project",
    "license": "CC-0",
    "require": {
        "example/sample-dep": "dev-master",
        "example/sample-other-dep": "dev-master"
    },
    "require-dev": {
        "phpunit/phpunit": "^9"
    },
    "minimum-stability": "dev",
    "repositories": [
        {
            "type": "path",
            "url": "./lib/sample-dep"
        },
        {
            "type": "path",
            "url": "./lib/sample-other-dep"
        }
    ]
}

Output of composer diagnose:

Checking composer.json: WARNING
License "CC-0" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.2.9
PHP version: 8.1.4
PHP binary path: /usr/local/bin/php
OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022
cURL version: 7.80.0 libz 1.2.11 ssl OpenSSL/1.1.1n
zip: extension present, unzip present, 7-Zip present (7z)

When I run this command:

composer require --dev phpunit/phpunit:^9 -vvv

I get the following output:

Running 2.2.9 (2022-03-15 22:13:37) with PHP 8.1.4 on Linux / 5.10.96-1-MANJARO
Reading ./composer.json (/app/composer.json)
Loading config file ./composer.json (/app/composer.json)
Checked CA file /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/app): git branch -a --no-color --no-abbrev -v
Executing command (/app): git describe --exact-match --tags
Executing command (CWD): git --version
Executing command (/app): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (/app): hg branch
Executing command (/app): fossil branch list
Executing command (/app): fossil tag list
Executing command (/app): svn info --xml
Failed to initialize global composer: Composer could not find the config file: /tmp/composer.json

Reading /app/vendor/composer/installed.json
./composer.json has been updated
Reading ./composer.json (/app/composer.json)
Loading config file ./composer.json (/app/composer.json)
Executing command (/app): git branch -a --no-color --no-abbrev -v
Executing command (/app): git describe --exact-match --tags
Executing command (/app): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (/app): hg branch
Executing command (/app): fossil branch list
Executing command (/app): fossil tag list
Executing command (/app): svn info --xml
Failed to initialize global composer: Composer could not find the config file: /tmp/composer.json

Reading /app/vendor/composer/installed.json
Running composer update phpunit/phpunit
Reading ./composer.lock (/app/composer.lock)
Loading composer repositories with package information
Executing command (/app/lib/sample-dep/): git branch -a --no-color --no-abbrev -v
Executing command (/app/lib/sample-dep/): git describe --exact-match --tags
Executing command (/app/lib/sample-dep/): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (/app/lib/sample-dep/): hg branch
Executing command (/app/lib/sample-dep/): fossil branch list
Executing command (/app/lib/sample-dep/): fossil tag list
Executing command (/app/lib/sample-dep/): svn info --xml
Executing command (/app/lib/sample-other-dep/): git branch -a --no-color --no-abbrev -v
Executing command (/app/lib/sample-other-dep/): git describe --exact-match --tags
Executing command (/app/lib/sample-other-dep/): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (/app/lib/sample-other-dep/): hg branch
Executing command (/app/lib/sample-other-dep/): fossil branch list
Executing command (/app/lib/sample-other-dep/): fossil tag list
Executing command (/app/lib/sample-other-dep/): svn info --xml
Downloading https://repo.packagist.org/packages.json
[200] https://repo.packagist.org/packages.json
Info from https://repo.packagist.org: #StandWithUkraine
Writing /tmp/cache/repo/https---repo.packagist.org/packages.json into cache
Downloading https://repo.packagist.org/p2/phpunit/phpunit.json
Downloading https://repo.packagist.org/p2/phpunit/phpunit~dev.json
[200] https://repo.packagist.org/p2/phpunit/phpunit.json
Writing /tmp/cache/repo/https---repo.packagist.org/provider-phpunit~phpunit.json into cache
[200] https://repo.packagist.org/p2/phpunit/phpunit~dev.json
Writing /tmp/cache/repo/https---repo.packagist.org/provider-phpunit~phpunit~dev.json into cache
Found 155 package versions referenced in your dependency graph. 31 (20%) were optimized away.
Updating dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.001 seconds
Analyzed 124 packages to resolve dependencies
Analyzed 710 rules to resolve dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.000 seconds
Unable to find a compatible set of packages based on your non-dev requirements alone.
Your requirements can be resolved successfully when require-dev packages are present.
You may need to move packages from require-dev or some of their dependencies to require.

  Problem 1
    - Root composer.json requires example/sample-dep dev-master, found example/sample-dep[dev-main] but it does not match the constraint. Perhaps dev-master was renamed to dev-main?
  Problem 2
    - Root composer.json requires example/sample-other-dep dev-master, found example/sample-other-dep[dev-main] but it does not match the constraint. Perhaps dev-master was renamed to dev-main?


Installation failed, reverting ./composer.json and ./composer.lock to their original content.

And I expected this to happen:

Successful install/upgrade of dependency without interacting/modifying dev-master dependency.

Composer 2.1 successfully runs this command.

Here is a reproduction repo: https://github.com/AlbinoDrought/repro-composer-22-issue

See failing pipeline here: https://github.com/AlbinoDrought/repro-composer-22-issue/runs/5632965991?check_suite_focus=true

[AlbinoDrought]

If

    "require": {
        "example/sample-dep": "dev-master",
        "example/sample-other-dep": "dev-master"
    },

is changed to

    "require": {
        "example/sample-dep": "*",
        "example/sample-other-dep": "*"
    },

Then the commands work on Composer 2.1 and 2.2 without other changes. dev-master changes to dev-main in the lockfile, but that's not a major issue - same behaviour occurs for us on Composer 2.1 (but if there's a recommended config change for this too, I'd love to hear it!)

[Seldaek]

I cannot repro this with your repository by just running the Composer commands from the repro script. I don't use docker so that may be a factor. I assume it is caused by https://github.com/composer/composer/pull/10372/files and the fact you run inside Docker means the git repo information is not visible as it is run without a subdir, so within docker the .git is not visible.

I see the alias I tried to put in place in that PR does not work. I'll need to get rid of that I guess to avoid confusion.

In any case I think the solution here is to switch your require to dev-main, or to define a version explicitly in the path repos' composer.json (sample-dep & ..) so that the version is fixed/known and you can require that explicitly too in the top level composer.json.

[mbrodala]

To put it clearly: something like "version": "dev-master" in the composer.json of local path packages would ensure that Composer always uses dev-master as version for these, even e.g. during Git rebase.