Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove composer.lock file #117

Merged
merged 1 commit into from
Mar 22, 2021
Merged

Conversation

jrfnl
Copy link
Contributor

@jrfnl jrfnl commented Mar 22, 2021

Context

  • Improve (flexibility of) dev environment

Summary

This PR can be summarized in the following changelog entry:

  • Improve (flexibility of) dev environment

Relevant technical choices:

As per our discussion.

This project does not have run-time dependencies (require), only development dependencies (require-dev).

When a project has run-time dependencies, and especially when it is subsequently distributed in a manner without dependency management (i.e. zip file plugin distribution), it can be very important to make sure that the versions used of the run-time dependencies are locked to specific versions with which the plugin has been tested thoroughly.

However, that is not the case for this plugin, which only has dev dependencies. In that case, having a composer.lock can make things like running the tests on multiple different PHP version which require different versions of the underlying test tools more difficult.

With that in mind, I'm removing the composer.lock file and adding it to the .gitignore file to prevent it from being committed again.

If at some point in the future, any of the dev dependencies would need to be "locked" at a specific version (or range), that can be achieved by making the version constraint in the composer.json file stricter, i.e. using something like 2.3.* as a constraint instead of ^2.3.

If at some point in the future, a non-dev, run-time dependency would be introduced, the decision to remove the composer.lock file can be revisited.

Important notice for developers working on this plugin:

  • It is recommended to run a composer update after this PR has been merged.
  • It is recommended to always use composer update instead of composer install for this plugin whenever the composer.json file has been updated or whenever the dev has switched PHP version for the local dev environment.

Test instructions for the acceptance test before the PR gets merged

This PR can be acceptance tested by following these steps:

  • Check out this branch.
  • Run composer update and see the following updated dependencies being pulled in:
  - Upgrading dealerdirect/phpcodesniffer-composer-installer (v0.7.0 => v0.7.1): Extracting archive
  - Upgrading sirbrillig/phpcs-variable-analysis (v2.9.0 => v2.11.0): Extracting archive
  - Upgrading mockery/mockery (1.3.3 => 1.3.4): Extracting archive
  - Upgrading brain/monkey (2.5.0 => 2.6.0): Extracting archive
  - Upgrading phpcompatibility/phpcompatibility-paragonie (1.3.0 => 1.3.1): Extracting archive
  - Upgrading phpcompatibility/phpcompatibility-wp (2.1.0 => 2.1.1): Extracting archive
  - Upgrading symfony/polyfill-ctype (v1.20.0 => v1.22.1): Extracting archive
  - Upgrading webmozart/assert (1.9.1 => 1.10.0): Extracting archive
  - Upgrading symfony/yaml (v4.4.16 => v4.4.20): Extracting archive
  - Upgrading sebastian/code-unit-reverse-lookup (1.0.1 => 1.0.2): Extracting archive
  - Upgrading myclabs/deep-copy (1.10.1 => 1.10.2): Extracting archive
  • Run any of the dev tools, like composer check-cs or composer test and confirm that all still works as expected.

As per our discussion.

This project does not have run-time dependencies (`require`), only development dependencies (`require-dev`).

When a project has run-time dependencies, and especially when it is subsequently distributed in a manner without dependency management (i.e. zip file plugin distribution), it can be very important to make sure that the versions used of the run-time dependencies are locked to specific versions with which the plugin has been tested thoroughly.

However, that is not the case for this plugin, which only has dev dependencies. In that case, having a `composer.lock` can make things like running the tests on multiple different PHP version which require different versions of the underlying test tools **_more difficult_**.

With that in mind, I'm removing the `composer.lock` file and adding it to the `.gitignore` file to prevent it from being committed again.

If at some point in the future, any of the dev dependencies would need to be "locked" at a specific version (or range), that can be achieved by making the version constraint in the `composer.json` file stricter, i.e. using something like `2.3.*` as a constraint instead of `^2.3`.

If at some point in the future, a non-dev, run-time dependency would be introduced, the decision to remove the `composer.lock` file can be revisited.
@enricobattocchi
Copy link
Member

Everything's working fine! Merging.

@enricobattocchi enricobattocchi merged commit f28abd5 into develop Mar 22, 2021
@enricobattocchi enricobattocchi deleted the feature/remove-composer-lock branch March 22, 2021 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants