Closed rdss-sknott closed 4 years ago
I'm kind of puzzled by the result of Scrutinizer. I am no expert for this system. It seams to me that Scrutinizer switched to a new build system in 2017 and did not update composer in it's old system. This results in Scrutinizer not being able to install composer-plugin-api higher than 1.0.0.
@francoispluchino I'm kind of stuck here. Shall I update the .scrutinizer.yml to switch over to the new build System? Shall I deactivate the check connected with the old composer installation? Should I just let go of the composer.lock issue?
The composer.lock
file is precisely present to guarantee the reproducibility of the tests regardless of when they are run. This greatly facilitates debugging when you update dependencies.
In 2012, the Composer team made a modification of the documentation to indicate that the composer.lock file was not mandatory for libraries (see the issue composer/composer#504 et le commit composer/composer@d0cfe35265310c4013d15fe71c8fe8366e2b221a). However the documentation continues to recommend its use to facilitate testing over time (see the documentation for the version 2.0 Alpha 1).
In addition, as you indicate, as well as the Composer documentation, this file is only used for the development of this project, so, it does not in any way affect its use in other projects. It is there by choice, so there is no need to delete it.
Thanking you for your contribution :-)
The composer.lock is not up to date with what would be installed following the settings of composer.json.
As the composer.lock will be ignored when foxy is installed as a library this does not affect the enduser. Only the restrictions of the composer.json matter. But if you 'composer install' in a development context of foxy the composer.lock forces installation of out of date libraries. This is resulting in a development environment which is not reflecting the enduser environment. In this case the diff is as follows
Therefore I hereby request to remove composer.lock.