[CI] basic composer checks

sonatype-nexus-community / bach

Dependency vulnerability auditor for PHP

Apache License 2.0

14 stars 15 forks source link

Closed jkowalleck closed 3 years ago

jkowalleck commented 3 years ago

CI is currently clacking the following check

composer validate check if the composer.json (and composer.lock) are valid (and matching each other)
composer check-platform-reqs
needed to see if all requirements of the package are met in the CI system

this is a followup of #22

madpah commented 3 years ago

From my understanding - composer validate is really only required prior to us publishing to packagist (see #35)

I'm adding composer check-platform-reqs in PR #36.

FYI: @bhamail, @hboutemy

jkowalleck commented 3 years ago

@madpah at this point composer validate is used as a regression test to see if the composer.lock file is up to date and matches composer.json.

since https://github.com/sonatype-nexus-community/bach/pull/36/files#r697841516 was intriduced, it all makes no sence anymore. (bad idea?) the lock-file is already being ignored, so no need to check or validity ...

madpah commented 3 years ago

Understood @jkowalleck - will close this issue then. Thanks!