-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider using a composer.lock file #1094
Comments
https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control Aditionally to comitting the lock file in the repository, the composer lock should be present in the tarball, to allow developers installing their own packages without hustle. |
Since we have droped php 7.x, we don't need to consider the problem that php 7.x and php 8.x gives different lock files. Should we commit a lock file to repo to make build reproducible? |
Yes please |
Doesn't the same apply to php 8.1 vs 8.2, etc, giving different lock files? |
According to my test, the lock file generated by php 8.2 can be used in php 8.3. But it can't be used by php 7.x. That's why I close my previous PR (At that time, baikal had not dropped php 7.x) I'll test if the lock file is compatible from 8.1 to 8.3. If so, I'll make a PR. |
Fix sabre-io#1094. I generate composer.lock using php 8.1, and I have verified that the composer.lock is compatible with php 8.1, 8.2, 8.3, 8.4. Besides, we should always generate composer.lock using the minimium php version that we support (For now it's php 8.1) to avoid compatibility issues.
@ByteHamster Yes, php 8.1 and php 8.2 generate different lock files. But the lock file generated by php 8.1 is compatible with php 8.2/8.3/8.4. Here, "compatible" means if we first generate So we can just generate the lock file using the minimum php version we support. |
Baikal version: 0.9.1+
Problem you are having:
The project is not using Composer Lockfile feature. A composer.lock file :
Also, not using a composer.lock file is severely old sub-standard practice for a PHP Composer project.
Suggested solution:
Use a composer.lock file from now on, starting with current or next version.
The person currently uploading the installation tarball should push its composer.lock file as it can be considered the current truth.
It must be removed from
.gitignore
.Using a composer.lock file doesn't prevent the current practice of making a tarball to continue.
Additional resources on this topic, as indicated by others in this thread :
https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
The text was updated successfully, but these errors were encountered: