Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Symfony Flex #625

Closed
Kocal opened this issue Aug 8, 2018 · 8 comments
Closed

Add support for Symfony Flex #625

Kocal opened this issue Aug 8, 2018 · 8 comments

Comments

@Kocal
Copy link

Kocal commented Aug 8, 2018

Hello,

Since Symfony Flex & Symfony recipes, we have a file symfony.lock which is updated whenever a Symfony-related package is updated.

That would be awesome to commit this file aswell with composer.json and composer.lock, thanks 🙂
@greysteil
Copy link
Contributor

Just digging into this. I'm having a hard time getting the symfony.lock file to update when I can the requirements in the composer.json file and call composer update. Am I missing something, or is symfony/flex still a bit rough around the edges?

@greysteil
Copy link
Contributor

My composer file is:

{
    "type": "project",
    "license": "proprietary",
    "require": {
        "symfony/flex": "^1.0",
        "beelab/tag-bundle": "v1.1.0"
    }
}

Calling composer install with that generates me a symfony.lock, but then when I update the requirement on beelab/tag-bundle to v1.3.0 and call composer update I get an updated composer.lock but no change to the symfony.lock.

@greysteil greysteil mentioned this issue Aug 8, 2018
Closed
@greysteil
Copy link
Contributor

PR with the beginnings of the work on this is here. My PHP tests are failing locally, but I think it's due to the composer version on my machine being out of date.

Next step is to add a test, likely using the dummy composer file above.

@Kocal
Copy link
Author

Kocal commented Aug 8, 2018
edited
Loading

I had "phpoffice/phpspreadsheet": "^1.2" in my composer.json.

This package has been updated from 1.3.1 to 1.4.0 by dependabot (only composer.lock has been changed).
Some times after, I had to run composer install and I saw my symfony.lock updated. I don't know if it's related 🤔

@greysteil
Copy link
Contributor

That definitely sounds related to me. I'm totally on-board with adding symfony.lock support, just want to make sure that I do it right.

@greysteil greysteil mentioned this issue Aug 9, 2018
Closed
@greysteil
Copy link
Contributor

FYI, I've asked the symfony/flex team what they recommend Dependabot does here. It's not totally clear to me that Dependabot should be updating the symfony.lock file as I don't yet understand its purpose, but I'll get to the bottom of it 🙂

@Kocal
Copy link
Author

Kocal commented Aug 9, 2018

Nice, good luck! 😛

@greysteil
Copy link
Contributor

OK, having spoken to the folks at symfony/flex I think the best approach is for Dependabot to not keep the symfony.lock up-to-date.

As I understand it, the symfony.lock is there to keep track of what post-install scripts have been run, when downloading packages using Composer. Dependabot can't run those scripts for you, as it doesn't clone your repo, so it's better that it leaves the symfony.lock alone, even if it is out-of-date.

Running composer fix-recipes after a Dependabot install should fix up any symfony.lock issues.

I'm open to revisiting this at any time if anyone can think of a better solution. The discussion with symfony/flex is here.

@greysteil greysteil mentioned this issue Mar 16, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greysteil @Kocal