Include composer.lock
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Confirmed
|
Low
|
Gold |
Bug Description
The composer.lock file should be committed to the repo.
This stores a known state for the packages installed with it and allows for a `composer install` to be run rather than a `composer update`. The `composer install` will only download and install the explicit versions the lock file specifies allowing the project to have a known trusted state.
A Makefile target could be added to allow for a `composer update --dry-run` to check for updates to libraries we use as well. This would give an another signal for updates to these packages.
The Makefile should be updated to use `composer install` in places it is currently using `composer update` as well. This will speed up a lot of the targets we currently have.
Changed in mahara: | |
status: | New → Confirmed |