Back

How do teams manage composer.lock and composer.json


alnutile posted 4 years ago

Just wondering what is a good workflow for a team to manage these files and the workflow. For example 2 developers 1 staging and 1 production server.

What to keep in git, what to push to staging and production etc.

emilsundberg replied 4 years ago Solution

We keep composer.lock in git and our when you start working you run a git pull, composer install and php artisan migrate.

If you need to add a package, add it to composer.json and run a composer update and then commit the new composer.lock and composer.json.

If you get a git conflict on composer.lock, ignore local changes and fetch the latest from git. Then run a composer update and commit in your new lockfile to make sure it includes everything.

On staging and production we always run composer install based on the latest lockfile in git.

dizeee replied 3 years ago

Just wanted to add that the reason you should do so is that if you don't include the composer.lock file in your repo you will need to update packages with composer update which consumes much more time than composer install at every run and same versions of packages across all installs are not guaranteed.


Sign in to participate in this thread!



We'd like to thank these amazing companies for supporting us