Action seems to upgrade the packages, despite `composer.lock` being present in the repo.

[MarcinOrlowski]

Action seems to upgrade the packages, despite composer.lock being present in the repo.
Here's the repo: https://github.com/MarcinOrlowski/php-lockpick/ GHA config: https://github.com/MarcinOrlowski/php-lockpick/tree/dev/.github/workflows (coverage and phpunit)

and here's example run: log.

If you look at Installing dependencies... step, then PHPUnit 9.6 is being installed. Then, out of sudden, in Running... step, PHPUnit 10 shows up. And this causes problems as 10 complains about the config file schema being outdated (as it was for v9).

[g105b]

(In case you saw my previous message, I just deleted it because it was inaccurate.)

Thank you for bringing this to my attention. I notice you're using php-actions/phpunit, which actually runs in a completely isolated container to your code. I believe this issue is more to do with a gap in the documentation, but I will try to update the docs to do a better job at explaining this.

The default behaviour of php-actions/phpunit is to run the latest version of PHPUnit. You can specify a version using the version input parameter, but if you want to run the exact version that's installed within your code, you can specify the vendored_phpunit_path to your vendor/bin/phpunit file.

This is not to say that your issue is invalid - I will keep it open until everything makes sense, but I expect we can update the docs to explain this better. Do you agree?

[MarcinOrlowski]

Thanks for the hint. Unfortunately there's known flaw in the phpunit action (link to issue #51) that makes these binaries in "vendor/bin" useless, as they do not have executable bit set.

I think you can close this ticket as by your explanation I am barking at wrong tree :) And given the linked issue, I believe in my case I shall drop that phpunit GHA in favor of plain shell run.

[MarcinOrlowski]

For a record I ditched the "phpunit" action completely so my steps are now just

    ...
    steps:
      - name: "Checkout repository..."
        uses: actions/checkout@v3

      # https://github.com/marketplace/actions/composer-php-actions
      - name: "Installing dependencies..."
        uses: php-actions/composer@v6
        with:
          version: 2
          php_version: "${{ matrix.php }}"
          dev: yes

      - name: "Running PHPUnit with Coverage..."
        run: |
          /usr/bin/env php vendor/bin/phpunit -c phpunit.xml.dist --coverage-clover coverage.xml