ramsey
(Optionally) run `composer validate` as part of the installation
My feature title
I'd like to make sure that my composer.lock is in sync with composer.json in CI.
Background/problem
While resolving a merge-conflict with two PRs changing composer.json, resulting in conflicting content-hash in composer.lock, the correct content-hash is neither of the original hashes. This lead to an an accidental bad merge, which composer reported as a warning in CI:
However this warning does not lead to a failed build and thus was missed.
Proposal/solution
composer validate will, amongst other checks, validate that the content-hash in composer.lock matches composer.json, ensuring that the two files are in sync. I'd like this command being run to make the CI fail in those cases.
Alternatives
None.
Additional context
None.
Apologies for the noise. I converted this to a discussion because I thought I could embed a poll in a comment that way, but I can't. I'll have to create a separate discussion that includes a poll for some options regarding this. 😄
I've created a poll in the discussions: https://github.com/ramsey/composer-install/discussions/267
This is my first time using polls on GitHub, so we'll see how it goes.
I just recalled that I'm already running composer validate, but the problem is that I use the --no-check-lock option:
https://github.com/ramsey/composer-install/blob/e52779489de843a9f022c7b8faa648b608b02c70/bin/composer_paths.sh#L12-L14
Probably should only add that if there is no lock file or if the command to run is an update because then lock file is also irrelevant.
