New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set fixed packages versions in composer.json and .gitignore composer.lock #8382
Comments
composer.json
and remove composer.lock
@mgazdzik asked the same question several times and nothing has changed so I'd say that the answer is no (even though it would make my life easier as well). |
The answer in the screenshot (the one from Josh) is out of topic as long as you use
Piwik is an application, not a library, so yes we should commit composer.lock (which is what we are doing). I don't see why we should move away from that. I don't see a reason to use fixed versions, and see the following downsides:
Also keep in mind that the good practice of Composer is to commit the composer.lock file for applications (which we are doing). So I'd say it's good to stay with the official best practices. On the other side, I don't see problems with the current practice (but maybe there are). Could you please list them? |
@mnapoli There was a problem for me to use some custom vendors that I added in Matt, thanks for your answer - it's very good explanation of how it works for Piwik. |
It's still open for discussion though if we have particular issues. But your conflicts with composer.json will still be there even if we use fixed version numbers (as this file will stay committed anyway). |
@mnapoli Problem is that modified |
Versionning composer.lock in your project avoids a large memory load on the server. composer uses lots of memory when calculating dependencies, but not when just installing packages. |
I know that there is official Composer developers position that
composer.lock
is the best way to set fixed versions of vendors for project. But after working in many many different projects, I found that finally, it's much better just to use fixed versions numbers incomposer.json
and if you google it, you will find many people who think the same way.See http://stackoverflow.com/questions/12896780/should-composer-lock-be-committed-to-version-control
May be we should think about it one more time?
I already confused working with Composer in Piwik, because I add some debug libraries for my local use, and got many conflicts with
composer.lock
that is not listed in.gitignore
.The text was updated successfully, but these errors were encountered: