Git deployment fails due to changes made to composer.lock What to do?

Due to the situation you describe, I think you have performed an action that is not recommended on your server. If composer.lock has been modified on your server, you must have executed the “composer update” improperly. I explain.

On the remote server, production, The “composer update” command should not be executed. This command takes care of updating all dependencies to the newest possible version numbers. As a result of this command the dependencies are updated and the composer.lock file is also updated, defining the exact versions of all dependencies being installed. That composer.lock file should never be written to the server in production.

So, the composer update command should only be run on your development computer. When the project is uploaded, the composer.lock will be uploaded informing the server of the specific versions that have been installed on the dependencies.

On the other hand, on the production server you always have to install the dependencies with:

composer install

This “composer install” command relies on composer.lock to install what is really needed and as it is on the development computer. Also, composer install never modifies composer.lock, so you shouldn’t get problems like the one you describe when updating project code to newer versions with git pull.

This behavior is perfectly normal, since doing a “composer update” is a very expensive process in terms of CPU and RAM and it is very normal for the server to fail when running, because they are usually quite limited in resources. But really this would not be the only reason for not doing the “composer update”, but basically also because the dependencies should not be updated remotely, but first locally and, checking that everything works correctly, the normal thing would be to install it remotely later.

Related posts:

Related Posts