Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Composer workflow: How to update composer.lock when I changed a dependence

The project is set-up via composer.phar install --prefer-source and contains quite some modules which are kept in git.

I manage all these modules and their git repositories in my IDE (PhpStorm) and so might commit some changes to some of the modules in the vendor/ folder - directly to the source git repository.

How can I make sure now, that my co-workers get my recent module version when doing a composer.phar install (composer.lock is in the repo)?

If I make a local composer.phar update it looks like the composer.lock is not updated, because I already have the latest version (as I just made the commit directly in the vendor folder)

like image 217
Alex Avatar asked Jun 27 '13 10:06

Alex


People also ask

How do I update my composer lock file?

lock file prevents you from automatically getting the latest versions of your dependencies. To update to the latest versions, use the update command. This will fetch the latest matching versions (according to your composer. json file) and update the lock file with the new versions.

How do I update my composer self-update?

If you installed Composer via your OS package manager, the self-update command may not be available. Use which composer to find its path (e.g. /usr/bin/composer ), then run the install script adding --install-dir /usr/bin --filename composer (adjusting the install dir to match your path) to the php composer-setup.

Is composer lock auto generated?

Now, when you are installing dependencies for the first time and once all the dependencies are resolved successfully, Composer will automatically generate a composer. lock file along with it.

How does a composer lock work?

composer. lock records the exact versions that are installed. So that you are in the same versions with your co-workers. So in a simple check list.


1 Answers

  1. Commit the changes in the modules repos you've updated.
  2. Push the changes to all respective remote repos.
  3. Tag the new changes with appropriate versions.
  4. Run composer update vendor1/package1 vendor2/package2 (or just composer update if you don't need to be explicit).
  5. Commit and push the updated composer.lock file.
  6. Your co-workers need to pull the updated composer.lock file and run composer install (install latest package versions from lock file).

If you have specified versions restrictions such as "vendor/package": "3.5.*" in your composer.json and you have tagged a new version like 3.6.0 you will need to update your composer.json file accordingly before step 4..


P.S. It is very good you use such a workflow with --prefer-source. Please do not use * or dev-master version restrictions in your composer.json. I would recommend always use versions even if they are in the zero major version range (0.X.X).

like image 84
Haralan Dobrev Avatar answered Sep 28 '22 01:09

Haralan Dobrev