fix: Improve composer.lock behavior with ignore-cache (#260)

Fixes a bug where composer.lock is not honored if ignore-cache is set to
`true`. Also, the recently added require-lock-file option had not been
incorporated into tests and documentation, so added a test and docs (and
fixed small typo in CONTRIBUTING)

Fixes #259

Co-authored-by: Ben Ramsey <ben@ramsey.dev>

Author: flagbrad

CONTRIBUTING.md

@@ -81,7 +81,7 @@ When you do begin working on your feature, here are some guidelines to consider:
 * **Submit one feature per pull request.** If you have multiple features you
   wish to submit, please break them into separate pull requests.
 * **Write good commit messages.** This project follows the
-  [Conventional Commits][] specification and uses Git hooks to ensure all
+  [Conventional Commits][conv-commit] specification and uses Git hooks to ensure all
   commits follow this standard. Running `composer install` will set up the Git
   hooks, so when you run `git commit`, you'll be prompted to create a commit
   using the Conventional Commits rules.
@@ -117,3 +117,4 @@ composer test
 [issues]: https://github.com/ramsey/composer-install/issues
 [pull requests]: https://github.com/ramsey/composer-install/pulls
 [gh-flow]: https://guides.github.com/introduction/flow/
+[conv-commit]: https://www.conventionalcommits.org/

README.md

@@ -120,6 +120,8 @@ For example:
 
 #### ignore-cache
 
+Normally, ramsey/composer-install preserves composer's cache between jobs
+so that subsequent identically-invoked jobs execute faster.
 If you have jobs for which you wish to completely ignore the caching step, you
 may use the `ignore-cache` input parameter. When present, ramsey/composer-install
 will neither read from nor write to the cache.
@@ -175,6 +177,17 @@ even more specific, you can specify a suffix to be added to the cache key via th
 > [!WARNING]
 > Specifying a `custom-cache-key` will take precedence over the `custom-cache-suffix`.
 
+
+#### require-lock-file
+
+By default, if no composer.lock file is found in the working directory 
+ramsey/composer-install will invoke `composer update` regardless of the value of
+`dependency-versions`.
+
+If this is set to a value of `true`, ramsey/composer-install will fail in its
+execution if it does not find a lock file.
+
+
 ### Fork and private repositories
 
 Sometimes it's needed to use the `repositories` key in your `composer.json` to pull in forks, PRs with patches or private repositories. In this case, your GitHub Action may start failing with a `Could not authenticate against github.com` error message. To solve this, you need to add a GitHub Personal Access token, and this bit to your Action configuration:

action.yml

@@ -55,7 +55,6 @@ runs:
 
     - name: "Determine Composer paths"
       id: "composer"
-      if: steps.should-cache.outputs.do-cache == 1
       shell: "bash"
       run: |
         ${GITHUB_ACTION_PATH}/bin/composer_paths.sh \

bin/composer_paths.sh

@@ -45,7 +45,7 @@ if [ ! -f "${composer_lock}" ]; then
     composer_lock=""
 fi
 
-composer_version="$($composer_path --version)"
+composer_version="$($composer_path --version 2>/dev/null)"
 cache_dir="$($composer_path --working-dir="${working_directory}" config cache-dir)"
 
 echo "::debug::Composer path is '${composer_path}'"

tests/composer_install.bats

@@ -24,7 +24,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -43,7 +44,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --prefer-lowest --prefer-stable'$"
     assert_line --partial 'Updating dependencies'
@@ -62,7 +64,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi'$"
     assert_line --partial 'Updating dependencies'
@@ -81,7 +84,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -100,7 +104,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -119,7 +124,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -138,7 +144,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --prefer-lowest --prefer-stable --ignore-platform-reqs --optimize-autoloader'$"
     assert_line --partial 'Updating dependencies'
@@ -157,7 +164,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader'$"
     assert_line --partial 'Updating dependencies'
@@ -176,7 +184,8 @@ teardown() {
         '' \
         '' \
         '' \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -195,7 +204,8 @@ teardown() {
         '' \
         '' \
         "$PROJECT_ROOT/tests/fixtures/composer.phar" \
-        'composer.lock'
+        'composer.lock' \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer\.phar install --no-interaction --no-progress --ansi'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'

tests/composer_install_with_different_working_directory.bats

@@ -20,7 +20,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -39,7 +40,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --prefer-lowest --prefer-stable --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Updating dependencies'
@@ -58,7 +60,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Updating dependencies'
@@ -77,7 +80,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -96,7 +100,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'
@@ -115,7 +120,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --prefer-lowest --prefer-stable --ignore-platform-reqs --optimize-autoloader --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Updating dependencies'
@@ -134,7 +140,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Updating dependencies'
@@ -153,7 +160,8 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/with-lock-file" \
         '' \
         '' \
-        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock"
+        "$PROJECT_ROOT/tests/fixtures/with-lock-file/composer.lock" \
+        ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer install --no-interaction --no-progress --ansi --ignore-platform-reqs --optimize-autoloader --working-dir .*/fixtures/with-lock-file'$"
     assert_line --partial 'Installing dependencies from lock file (including require-dev)'

tests/composer_install_without_lock_file.bats

@@ -22,6 +22,7 @@ teardown() {
         "$PROJECT_ROOT/tests/fixtures/no-lock-file" \
         '' \
         '' \
+        '' \
         ''
 
     assert_line --index 0 --regexp "^::debug::Using the following Composer command: '.*/php .*/composer update --no-interaction --no-progress --ansi --working-dir .*/fixtures/no-lock-file'$"
@@ -36,3 +37,18 @@ teardown() {
     assert_file_exists "$PROJECT_ROOT/tests/fixtures/no-lock-file/composer.lock"
 }
 
+@test "results in an error when lock file isn't present and require-lock-file is 'true'" {
+    run ! composer_install.sh \
+        '' \
+        '' \
+        "$PROJECT_ROOT/tests/fixtures/no-lock-file" \
+        '' \
+        '' \
+        '' \
+        'true'
+
+    assert_line "::error title=Composer Lock File Not Found::Unable to find 'composer.lock'"
+
+    assert_dir_not_exists "$PROJECT_ROOT/tests/fixtures/no-lock-file/vendor"
+    assert_file_not_exists "$PROJECT_ROOT/tests/fixtures/no-lock-file/composer.lock"
+}