Description
We run composer symfony:recipes:install
in our CI pipeline to check that the symfony.lock
file doesn't have any updates that are missing from the PR, usually these originate from dependabot, if the symfony.lock
file has uncommitted changes after running flex we fail the build.
We've since discovered that the symfony:recipes:install
command will exit with an error if you are not authenticated with any of your repositories, however by the time it exits symfony.lock
has already been modified with the packages that are missing. If you run the command again it now passes even though the previous run failed, perhaps it should reverse the changes to symfony.lock
?
Could a new command that just checks if the symfony.lock
file is up to date and exits with an error if not, skipping the rest of the work that the symfony:recipes:install
command does, be added for use in CI pipelines?