Composer workflow: How to update composer.lock when I changed a dependence

Question

The project is set-up via composer.phar install --prefer-source and contains quite some modules which are kept in git.

I manage all these modules and their git repositories in my IDE (PhpStorm) and so might commit some changes to some of the modules in the vendor/ folder - directly to the source git repository.

How can I make sure now, that my co-workers get my recent module version when doing a composer.phar install (composer.lock is in the repo)?

If I make a local composer.phar update it looks like the composer.lock is not updated, because I already have the latest version (as I just made the commit directly in the vendor folder)

Answer 1

1. Commit the changes in the modules repos you've updated.
2. Push the changes to all respective remote repos.
3. Tag the new changes with appropriate versions.
4. Run composer update vendor1/package1 vendor2/package2 (or just composer update if you don't need to be explicit).
5. Commit and push the updated composer.lock file.
6. Your co-workers need to pull the updated composer.lock file and run composer install (install latest package versions from lock file).

If you have specified versions restrictions such as "vendor/package": "3.5.*" in your composer.json and you have tagged a new version like 3.6.0 you will need to update your composer.json file accordingly before step 4..

---

P.S. It is very good you use such a workflow with --prefer-source. Please do not use * or dev-master version restrictions in your composer.json. I would recommend always use versions even if they are in the zero major version range (0.X.X).