Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Put composer.lock under version control #5578

Closed
4 tasks done
sebastianbergmann opened this issue Nov 27, 2023 · 8 comments
Closed
4 tasks done

Put composer.lock under version control #5578

sebastianbergmann opened this issue Nov 27, 2023 · 8 comments
Assignees
Labels
installation/composer type/build-automation Issues related to PHPUnit's build automation (GitHub Actions, etc.)

Comments

@sebastianbergmann
Copy link
Owner

sebastianbergmann commented Nov 27, 2023

This is not as simple as proposed in #5576 and also should to be done for the 8.5, 9.6, and 10.5 branches. At this point I do not expect another release from the 10.4 branch.

The PHAR build process for PHPUnit 8.5 and PHPUnit 9.6 performs composer require operations that, of course, modify the composer.json and composer.lock files. The build process needs to be adapter to also roll back the changes to composer.lock. (The composer.lock that is put into the PHAR for #5577 is the right one.)

  • 8.5
  • 9.6
  • 10.5
  • main
@sebastianbergmann sebastianbergmann added type/build-automation Issues related to PHPUnit's build automation (GitHub Actions, etc.) installation/composer labels Nov 27, 2023
@sebastianbergmann sebastianbergmann self-assigned this Nov 27, 2023
@sebastianbergmann
Copy link
Owner Author

This still needs to be backported to the 8.5 and the 9.6 branches.

@drupol
Copy link

drupol commented Nov 27, 2023

Just excellent, thanks <3 !

@drupol
Copy link

drupol commented Nov 27, 2023

I'm thinking about something to improve the CI and detect discrepancies between composer.json and composer.lock.

How about adding a step that does a composer validate --strict during the workflow?

@sebastianbergmann
Copy link
Owner Author

The build automation I use locally already has it (see https://github.com/sebastianbergmann/phpunit/blob/main/build.xml#L21). And yes, this will be added to GitHub Actions in due course.

@drupol
Copy link

drupol commented Nov 27, 2023

Excellent! All good :) Looking forward for the next tag to provide it in Nix!

@sebastianbergmann
Copy link
Owner Author

Done :)

@bobthecow
Copy link

Hi @sebastianbergmann, I hope you don't mind me resurrecting an old issue.

I had similar thoughts to your initial response about including composer.lock in version control for PsySH. I ended up adding a lockfile to GitHub releases, but am running into issues because phar-specific dependencies and polyfills are added during the release build, so the lockfile can't be verified against the composer.json in the repo.

I'm curious why you changed your mind on including it in version control, and how you resolved your version of this issue?

The PHAR build process for PHPUnit 8.5 and PHPUnit 9.6 performs composer require operations that, of course, modify the composer.json and composer.lock files.

@sebastianbergmann
Copy link
Owner Author

The composer.lock that is used while building the PHAR is added to the PHAR and available for inspection through php phpunit.phar --composer-lock. For PHPUnit 8.5 and PHPUnit 9.6, this is the modified composer.lock.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
installation/composer type/build-automation Issues related to PHPUnit's build automation (GitHub Actions, etc.)
Projects
None yet
Development

No branches or pull requests

3 participants