Include composer.lock
Bug #1959536 reported by
Gold
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Confirmed
|
Low
|
Gold | ||
Bug Description
The composer.lock file should be committed to the repo.
This stores a known state for the packages installed with it and allows for a `composer install` to be run rather than a `composer update`. The `composer install` will only download and install the explicit versions the lock file specifies allowing the project to have a known trusted state.
A Makefile target could be added to allow for a `composer update --dry-run` to check for updates to libraries we use as well. This would give an another signal for updates to these packages.
The Makefile should be updated to use `composer install` in places it is currently using `composer update` as well. This will speed up a lot of the targets we currently have.
| Changed in mahara: | |
| status: | New → Confirmed |
To post a comment you must log in.
