Closed Bug 1138596 Opened 8 years ago Closed 8 years ago

composer command in update.sh should install not update

Categories

(Websites :: wiki.mozilla.org, defect)

Product:
Websites
Component:
wiki.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ckoehler, Unassigned)

Details

(Whiteboard: [dev=2015-03-05][stage=2015-03-05][prod=2015-03-05]) 

Right now our update.sh script, which is used for deployment, runs 'composer update'. This command gets the latest versions of dependencies and updates the composer.lock file[1]. This is not appropriate for deployment because it could potentially change which versions of packages are installed.

Instead, we should use install[2], which will install only what is specified in composer.lock, ensuring we deploy only what we've tested.

[1] https://getcomposer.org/doc/03-cli.md#update
[2] https://getcomposer.org/doc/03-cli.md#install
https://github.com/mozilla/wiki.mozilla.org/commit/de9aeeb8a2e09f488515d9b887b57af75364d3ae
Whiteboard: [dev=2015-03-05] → [dev=2015-03-05][stage=2015-03-05][prod=2015-03-05]
This has been pushed to dev, stage and prod.

Note: In order to see the effect of this change, git pull needs to be run on command line prior to running tools/update.sh (because update.sh itself needs to be updated prior to being run).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.