Should stack.yaml.lock be checked into source control?

Question

Since stack v2, stack produces a stack.yaml.lock file.

Should this file be committed to source control, like stack.yaml? Or should it be .gitignored?

On the one hand it's generated content and isn't source, on the other hand it contains hashes of the dependencies from Hackage so it is necessary for a safe reproducible build..

Answer 1

Yes. This is part of the reason that lock files exist: reproducible builds.

These files can be stored in source control Users on other machines can reuse these lock files and get identical build plans given that the used local packages and local snapshots are the same on those machines

https://docs.haskellstack.org/en/stable/lock_files/#lock-files