[FIXED] How to update projects with composer support?

Issue

I hope the question is somehow explaining, what I want to do. If not, I'll try to give a more detailed explanation:

I am currently migrating a big project from SVN to Git. In this project, all the depencencies where stored in different folders and where commited to the SVN repo. I already learned, that you should not put the vendors folder in your repo. But how would I than update the depenencies? In another ressource I read, that you should only versioning the composer.lock file. How about the composer.json file?

Here is the strategy, I had in mind:

• Excluding the vendor folder in the .gitignore file
• Adding composer.json and composer.lock file to the repo
• Adding a composer_update.php file to use it in a post-receive hook

When we have to update some dependencies, we have than to do the following:

• Updating the composer.json file
• Running composer update locally to update the composer.lock file (or the composer_update.php script in your local dev instance)
• Pushing the changes to Stash/Bitbuckt/Github, which will than execute the composer_update.php script through the post-receive hook

Would you recommend something like this, or is there a better way to do it? I am sorry, but I am really new to composer.

Solution

You are supposed to commit both composer.json and composer.lock, as these two files are essential for Composer operation. I bet you misread on what not to commit - from all the things a run with Composer creates, you ONLY commit the lock file, and nothing else.

Answered By - Sven