Replies: 3 comments 1 reply
-
|
It is a good practice for projects to ensure reproducible installs. In a library, the lock file would be used only for contributors installing dependencies when that library is the root package. And for most libraries, we actually don't want to have locked dependencies there. Instead, we want to install the latest (or sometimes lowest) version of the dependencies that are compatible with the current platform to test what our users would be using (and simplify a lot the management of running tests on a wide range of PHP versions). The few places where the public Symfony repos contain a project do have a committed lock file. See for instance the source code for the ux.symfony.com website or the demo project |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @stof for taking your time to write down this elaborated response :) I agree in the projects points of view to ensure reproducible installs. I'd say this is the most extended approach nowadays I see you are a member of Symfony, Doctrine and other great organizations so then maybe you can also explain to me: As opposite of Symfony ecosystem, doctrine/* ecosystem do has composer.lock files in their tag releases. Why? Regards. |
Beta Was this translation helpful? Give feedback.
-
|
In which tag releases ? Neither |
Beta Was this translation helpful? Give feedback.
-
|
You are right @stof. Yesterday I check the GitHub tags and assumed the composer.lock files were included to the release but they are not Thank you so much for your time and clarify to me all this mess Regards. |
Beta Was this translation helpful? Give feedback.
-
Hi people
Just wondering... why there is no composer.lock file at all in the symfony/* repos? I've check some branchs and tags but didn´t see that files
I've always thought it's a good practice but maybe I'm wrong about this
Any thoughts?
Regards.
Beta Was this translation helpful? Give feedback.
All reactions