Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove composer.lock so that projects download latest component versions #56

Closed
wants to merge 2 commits into from
Closed

Remove composer.lock so that projects download latest component versions #56

wants to merge 2 commits into from

Conversation

boesing
Copy link
Member

@boesing boesing commented Sep 24, 2021

Q A
Bugfix yes

Description

Since composer.lock is not part of the .gitignore anymore, we can change that replacement and instead, removing the composer.lock at all to prevent users from having conflicts.

The composer.lock is used by this component for CI pipeline and thus should be removed while creating a new project.

Fixes #46

@boesing boesing added the Bug Something isn't working label Sep 24, 2021
@boesing boesing added this to the 3.8.1 milestone Sep 24, 2021
@boesing boesing linked an issue Sep 24, 2021 that may be closed by this pull request
Composer create project fails with dependency resolution error #46
Closed
@geerteltink
Copy link
Contributor

Why don't we remove the composer.lock file entirely? It should always run against the latest supported versions. We can add it to .gitignore and remove it from .gitignore when the project is created.

Just another idea... why don't we use the cronjob option in actions to check daily if it builds.

@Ocramius
Copy link
Member

Being an application, composer.lock is even more relevant, IMO

@geerteltink
Copy link
Contributor

Usually I would agree, in this case I think it makes more sense to run a daily cron action then having a lockfile. By running daily tests, you know very fast that the installer broke. You could even see in the action logs why, where and when it fails. Testing against the lockfile doesn't say much in this case because the latest dependencies are always used, within the given constrains.

@boesing
Copy link
Member Author

boesing commented Sep 30, 2021
edited
Loading

Just another idea... why don't we use the cronjob option in actions to check daily if it builds.
I would prefer having dependabot enabled so we regularly update dependencies here.

If we start as of now, I would also reduce the PHP version to exactly the latest stable version. There are always older versions which are installable with older PHP versions.
So we could change the skeleton projects to have tagged releases which will then lead to composer create-project to detect the highest possible version supported for those dependencies fulfilled by the environment which is creating the project.

Thoughts? Then I would be also fine with having a composer.lock available. But until we support multiple PHP versions, a composer.lock file have to be deleted as the composer.lock might not be compatible with multiple PHP versions.

@jslmorrison jslmorrison mentioned this pull request Jul 17, 2022
Closed
@boesing @Xerkus
bugfix: remove composer.lock so that projects download latest compo…
a56683b 
…nent versions

Signed-off-by: Maximilian Bösing <2189546+boesing@users.noreply.github.com>
@boesing @Xerkus
bugfix: ensure we re-create composer.lock file after deleting it
6340be1 
Signed-off-by: Maximilian Bösing <2189546+boesing@users.noreply.github.com>
@Xerkus Xerkus changed the base branch from 3.8.x to 3.12.x September 20, 2022 16:00
Ocramius
Ocramius requested changes Sep 20, 2022
View reviewed changes
Copy link
Member

@Ocramius Ocramius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO this shouldn't be done here.

We have tooling that upgrades the lock file daily, making sure that the latest & greatest works fine.

@Xerkus
Copy link
Member

Xerkus commented Sep 20, 2022

With this change when composer.lock is deleted during install? Does it solve inability to create project on php version incompatible with the lock file?

@froschdesign froschdesign removed this from the 3.8.1 milestone Nov 10, 2022
@boesing boesing closed this Dec 16, 2022
@boesing boesing deleted the bugfix/remove-composer-lock branch December 16, 2022 19:42
@samsonasik samsonasik mentioned this pull request Jan 31, 2023
Closed
@samsonasik
Copy link
Member

@Ocramius this skeleton update the composer.json dependency by choosing package to prefer (route, template, etc) so remove composer.lock should be fine? See issue #119

@settermjd
Copy link

I've been using PHP 8.1.25 a bit, lately, and this is consistently an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ocramius Ocramius Ocramius requested changes

Assignees
No one assigned
Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Composer create project fails with dependency resolution error
7 participants
@boesing @geerteltink @Ocramius @Xerkus @samsonasik @settermjd @froschdesign