mahara-contributors team mailing list archive

Thread
Date

[Bug 1959536] [NEW] Include composer.lock

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Gold <1959536@xxxxxxxxxxxxxxxxxx>
Date: Mon, 31 Jan 2022 01:39:52 -0000
Reply-to: Bug 1959536 <1959536@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

The composer.lock file should be committed to the repo.

This stores a known state for the packages installed with it and allows
for a `composer install` to be run rather than a `composer update`.  The
`composer install` will only download and install the explicit versions
the lock file specifies allowing the project to have a known trusted
state.

A Makefile target could be added to allow for a `composer update --dry-
run` to check for updates to libraries we use as well. This would give
an another signal for updates to these packages.

The Makefile should be updated to use `composer install` in places it is
currently using `composer update` as well.  This will speed up a lot of
the targets we currently have.

** Affects: mahara
     Importance: Low
     Assignee: Gold (gold.catalyst)
         Status: New


** Tags: composer

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1959536

Title:
  Include composer.lock

Status in Mahara:
  New

Bug description:
  The composer.lock file should be committed to the repo.

  This stores a known state for the packages installed with it and
  allows for a `composer install` to be run rather than a `composer
  update`.  The `composer install` will only download and install the
  explicit versions the lock file specifies allowing the project to have
  a known trusted state.

  A Makefile target could be added to allow for a `composer update
  --dry-run` to check for updates to libraries we use as well. This
  would give an another signal for updates to these packages.

  The Makefile should be updated to use `composer install` in places it
  is currently using `composer update` as well.  This will speed up a
  lot of the targets we currently have.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1959536/+subscriptions

Follow ups

[Bug 1959536] Re: Include composer.lock
From: Kristina Hoeppner, 2022-03-06