guard failing in 3.18

[tacman]

I use this to make sure dumps don't happen in production. symfony/debug-bundle is not installed on production, symfony/twig-bundle is. Everything's updated to the latest code

    {% guard function dump %}
        {{ dump(article) }}
    {% endguard %}

When I run it in production, it fails, I see this message in the logs:

me":"2025-01-02T12:36:52.973795+00:00","extra":{}}
[PHP        ] {"message":"Authenticator does not support the request.","context":{"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\FormLoginAuthenticator"},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2025-01-02T12:36:52.973798+00:00","extra":{}}
[PHP        ] {"message":"Uncaught PHP Exception Twig\\Error\\SyntaxError: \"Did you forget to run \"composer require symfony/twig-bundle\"? Unknown function \"dump\" in \"app/article.html.twig\".\" at UndefinedCallableHandler.php line 112","context":{"exception":{"class":"Twig\\Error\\SyntaxError","message":"Did you forget to run \"composer require symfony/twig-bundle\"? Unknown function \"dump\" in \"app/article.html.twig\".","code":0,"file":"/home/tac/g/sites/magazine/vendor/symfony/twig-bridge/UndefinedCallableHandler.php:112"}},"level":500,"level_name":"CRITICAL","channel":"request","datetime":"2025-01-02T12:36:53.615001+00:00","extra":{}}

Of course, symfony/twig-bundle is installed. And this works fine in dev. And I think this used to work before the latest 7.2.2.

composer outdated
Activating installation...
Color legend:
- patch or minor release available - update recommended
- major release available - update possible

Direct dependencies required in composer.json:
doctrine/dbal                      3.9.3  4.2.1  Powerful PHP database abstraction layer (DBAL) with many features for database schema introspection and management.
phpunit/phpunit                    9.6.22 11.5.2 The PHP Unit Testing framework.

[fabpot]

Can you confirm that the templates are compiled without symfony/debug-bundle installed?

[tacman]

How can I tell that?

composer.json:

    "require-dev": {
        "symfony/debug-bundle": "^7.2",

bundles.php

return [
    Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
    Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],

    Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
    Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
    Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
    Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
    Symfony\UX\StimulusBundle\StimulusBundle::class => ['all' => true],
    Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
    Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],

[fabpot]

So, the bundle is available during template compilation, so the compiled template contains the dump call.

[tacman]

Should I be doing something differently? My idea was do avoid inadvertently allowing a dump() call in production, which has burned me, especially when I do something like

    {{ app.request.get('debug') ? dump(article) }}

I thought the better way to do it would be

    {% guard function dump  %}
        {{ app.request.get('debug') ? dump(article) }}
    {% endguard %}

Am I misunderstanding something about guard?

[fabpot]

The guard tag does its magic at compilation time, not at runtime. So you need to make sure the bundle is not available when the production template are compiled.

[tacman]

I always assumed that happened during cache:clear and debug-bundle isn't available then. Is there a way to explicitly compile the templates? Or when are the production templates compiled?

[fabpot]

That should work then but again only if you have dev deps installed, which doesn’t seem to be the case.