Friday, January 7, 2022

[FIXED] Composer.lock incompatibility with actually installed versions of packages on production server

      , ,      No comments   

Issue

I'm working on a project based on PHP7 and Laravel. Unfortunately, there was a problem with dependencies and package versions.

I guessed that the previous developer working on the project started updating packages by calling 

composer update

on his local dev environment.

Therefore, a new composer.lock file has been generated and everything has been pushed to the production server - however, the composer update command has not been called on the production...

There is a problem with the incompatibility of the PHP version and other errors in dependencies.

This is a very large project and I wouldn't like to migrate now to higher versions on the production server.

I am currently preparing a development environment and I care about maintaining the maximum compatibility of all package versions with what is on production.

By calling:

composer install

on local environment, I'm receiving a series of errors related to the incompatibility of the package versions.

Is there any way to regenerate / restore composer.json and composer.lock based on what is currently installed on the production server? Unfortunately, at this moment composer.lock on production doesn't completely reflect the current state of actually installed versions.

What is a safe and good way to recreate locally a cloned project from a repository on a production server - and maintain full compatibility of all package versions, the correct form of composer.json and composer.lock?

Thanks in advance for your help!


Solution

No, there is no way to recreate composer.json file based on what is already installed in /vendor. You can look for /vendor/composer/installed.json file as a reference for installed versions of all packages.

What you need to do in this case is:

  1. Make sure your local environment is exactly the same as your production one. You can fake it if needed in your composer.json too by using platform configuration.
  2. Your composer.lock file is of no use. Get /vendor/composer/installed.json file from your production. Delete your /vendor folder.
  3. Run composer install. Write down all packages that have issues and check provided solutions by Composer.
  4. Start downgrading the versions in your composer.json for packages that have issues based to the solutions provided by Composer. Be sure to look into those packages yourself - developers aren't always very strict with the way they maintain dependencies and versioning of their packages. You can always just take package version from production's /vendor/composer/installed.json and place that specific version in your composer.json.
  5. Repeat steps 3-4 until you can finally generate new composer.lock file. Make sure your composer.json and composer.lock files are tracked by your VCS and fixate the changes.


Answered By - d3jn

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...