Yii 2.0: Locking your Yii 2 project package versions with composer.lock

26 followers

Ok, you have installed a Yii 2 basic or advanced app for the first time and completed the post install steps. You have picked up a few extensions to install for the first time as well. You would already see a composer.lock file in your application root folder.

Here are a few tips on using this file to lock your package versions for future composer updates.

Let us consider you want to lock a specific bootstrap version for this package: yiisoft/yii2-bootstrap. It is assumed you already have installed the yiisoft\yii2-bootstrap extension for the first time.

STEP 1: Editing composer.lock

You would see an entry similar to this in your composer.lock file in your Yii 2 app root:

{
    "name": "yiisoft/yii2-bootstrap",
    "version": "dev-master",
    "source": {
        "type": "git",
        "url": "https://github.com/yiisoft/yii2-bootstrap.git",
        "reference": "86e22d908151de4fb93f898562afc3cc36ec96c1"
    },
    "dist": {
        "type": "zip",
        "url": "https://api.github.com/repos/yiisoft/yii2-bootstrap/zipball/86e22d908151de4fb93f898562afc3cc36ec96c1",
        "reference": "86e22d908151de4fb93f898562afc3cc36ec96c1",
        "shasum": ""
    },
    "require": {
        "twbs/bootstrap": "3.1.* | 3.0.*",
        "yiisoft/yii2": "*"
    },
    "type": "yii2-extension",
    "autoload": {
        "psr-4": {
            "yii\\bootstrap\\": ""
        }
    },
    "notification-url": "https://packagist.org/downloads/",
    "license": [
        "BSD-3-Clause"
    ],
    "authors": [
        {
            "name": "Qiang Xue",
            "email": "qiang.xue@gmail.com",
            "homepage": "http://www.yiiframework.com/",
            "role": "Founder and project lead"
        }
    ],
    "description": "The Twitter Bootstrap extension for the Yii framework",
    "keywords": [
        "bootstrap",
        "yii2"
    ],
    "time": "2014-05-05 12:12:21"
},

Now, to make the extension dependent on a specific bootstrap version (say 3.0 only), you can now change the following line in your composer.lock file:

"require": {
    "twbs/bootstrap": "3.0.*",
    "yiisoft/yii2": "*"
},

STEP 2: Future Composer Updates

You can repeat step 1 for locking dependencies for all your extensions (e.g. kartik-v/yii2-widgets, or any extension). But do a check on extension compatibility for each dependency version though.

The only thing to ensure is that future updates to packages through composer should now be done this way:

php composer.phar install

The above command installs/updates/removes everything to the state of the composer.lock file.

Info: The difference is you are not using php composer.phar update for updating if you want everything as per your composer.lock settings.

Be the first person to leave a comment

Please to leave your comment.