Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove composer.lock #9244

Merged
merged 2 commits into from
Mar 12, 2018
Merged

Remove composer.lock #9244

merged 2 commits into from
Mar 12, 2018

Conversation

pamil
Copy link
Contributor

@pamil pamil commented Mar 9, 2018

Q A
Branch? 1.0
Bug fix? no
New feature? no
BC breaks? no
Deprecations? no
Related tickets -
License MIT

Pros:

  • always testing against the latest versions of dependencies (so that you can do composer update without fear when having sylius/sylius as a dependency)
  • no weird problems with testing different Symfony versions (one of the scenarios: composer.lock comes with sylius-labs/associations-hydrator:v1.1.0 which supports symfony/symfony:^3.4, then it crashes when trying to require symfony/symfony:3.3.* for testing purposes)
  • less conflicts when merging branches 1.0 -> 1.1 -> master or rebasing PRs

Cons:

  • always testing against the latest versions of dependencies (so that your PR can fail because of a regression in a dependency)
  • takes more time for Travis

@pamil pamil added RFC Discussions about potential changes or new features. Maintenance CI configurations, READMEs, releases, etc. labels Mar 9, 2018
@pamil pamil added this to the 1.0 milestone Mar 9, 2018
@mbabker
Copy link
Contributor

mbabker commented Mar 9, 2018

always testing against the latest versions of dependencies (so that your PR can fail because of a regression in a dependency)

Try adding a build passing the --prefer-lowest flag to composer update. In some projects I have a build on the lowest supported PHP version with that flag and that'll force Composer to resolve dependencies matching the minimum defined in your composer.json file (and those of your dependencies). Theoretically you should then be safely testing against your project's minimums and the latest versions of everything (this is also a good way to find out if your minimum declarations are actually valid).

@pamil
Copy link
Contributor Author

pamil commented Mar 9, 2018

@mbabker if --prefer-lowest would apply only for the root requirements, then it would be an awesome solution. Right now it's not really usable, as every dependency (or a dependency of a dependency) with wrong constraints would make our test suite fail.

@mbabker
Copy link
Contributor

mbabker commented Mar 9, 2018

It's a hit-or-miss thing with that. On the one hand, it is resolving the lowest dependencies for everything (both root and transient dependencies) so it really is an accurate representation of "everything works on the lowest declared minimums". On the other hand, that flag makes things a lot more dependent on the full dependency tree being declared correctly, so if a transient dependency has a minimum that causes issues then it does fail your whole build (I've run into that one a lot on packages that have minimum dependencies to releases before PHP 7 support was added and those builds fail because transient minimums allow the earlier non-PHP 7 compatible releases to be installed still).

@pamil
Copy link
Contributor Author

pamil commented Mar 12, 2018

Yeah, with ~170 dependencies it's quite rare that all of them defines right dependencies requirements, but it's definitely an idea for the future to reconsider.

@pamil pamil merged commit f19cc4c into Sylius:1.0 Mar 12, 2018
@pamil pamil deleted the 1.0-remove-composer-lock branch March 12, 2018 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Maintenance CI configurations, READMEs, releases, etc. RFC Discussions about potential changes or new features.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants