Skip to content

fix: add composer.lock to the repository#1003

Merged
JohnVillalovos merged 1 commit intodevelopfrom
jlvillal/composer_lock
Feb 13, 2026
Merged

fix: add composer.lock to the repository#1003
JohnVillalovos merged 1 commit intodevelopfrom
jlvillal/composer_lock

Conversation

@JohnVillalovos
Copy link
Collaborator

@JohnVillalovos JohnVillalovos commented Feb 13, 2026

We are now running dependabot on a weekly basis and it will automatically do a PR to update the composer.lock file.

The Composer docs recommend to commit the lock file: https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control

Benefits mentioned are:

  • Reproducible installs: everyone (dev, CI, prod) gets the exact same dependency versions.
  • Fewer “works on my machine” issues.
  • Safer deploys: updates happen only when you intentionally run composer update.
  • Better debugging/auditing: lock diff shows exactly what dependency changed.
  • Faster, more stable CI pipelines.

Copilot AI review requested due to automatic review settings February 13, 2026 06:20
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds composer.lock to version control to make PHP dependency installs reproducible across developers, CI, and production, aligning the repo with Composer’s recommended workflow and enabling Dependabot to manage lockfile updates.

Changes:

  • Stop ignoring composer.lock so it can be committed and tracked.
  • Remove the CI step that runs composer update (which would otherwise churn the lockfile on every run).
  • Update contribution guidelines to require composer.lock updates alongside composer.json changes.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
composer.lock Added to the repository to lock dependency versions for reproducible installs.
.gitignore Removes the ignore rule for composer.lock so it can be tracked.
.github/workflows/lint-and-analyse-php.yml Removes the lockfile-updating step; CI now validates composer.json/composer.lock instead of mutating them.
CONTRIBUTING.md Adds guidance to keep composer.json and composer.lock in sync within the same PR.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JohnVillalovos JohnVillalovos force-pushed the jlvillal/composer_lock branch 2 times, most recently from 1edc042 to e918c0b Compare February 13, 2026 06:33
@JohnVillalovos JohnVillalovos marked this pull request as draft February 13, 2026 06:33
@JohnVillalovos JohnVillalovos force-pushed the jlvillal/composer_lock branch 2 times, most recently from 2d08b0e to 76a579a Compare February 13, 2026 06:39
@JohnVillalovos JohnVillalovos marked this pull request as ready for review February 13, 2026 06:40
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JohnVillalovos
fix: add composer.lock to the repository
04979e6 
We are now running dependabot on a weekly basis and it will
automatically do a PR to update the `composer.lock` file.

The Composer docs recommend to commit the lock file:
https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control

Benefits mentioned are:
  * Reproducible installs: everyone (dev, CI, prod) gets the exact same dependency versions.
  * Fewer “works on my machine” issues.
  * Safer deploys: updates happen only when you intentionally run composer update.
  * Better debugging/auditing: lock diff shows exactly what dependency changed.
  * Faster, more stable CI pipelines.
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 5 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JohnVillalovos JohnVillalovos merged commit febdc12 into develop Feb 13, 2026
17 checks passed
@JohnVillalovos JohnVillalovos deleted the jlvillal/composer_lock branch February 13, 2026 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JohnVillalovos