Open Pazns opened 2 years ago
https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
Aditionally to comitting the lock file in the repository, the composer lock should be present in the tarball, to allow developers installing their own packages without hustle.
Baikal version: 0.9.1+
Problem you are having: The project is not using Composer Lockfile feature. A composer.lock file :
Also, not using a composer.lock file is severely old sub-standard practice for a PHP Composer project.
Suggested solution: Use a composer.lock file from now on, starting with current or next version.
The person currently uploading the installation tarball should push its composer.lock file as it can be considered the current truth. It must be removed from
.gitignore
.Using a composer.lock file doesn't prevent the current practice of making a tarball to continue.
Additional resources on this topic, as indicated by others in this thread : https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control