minor #6217 DX: lock SCA tools for PR builds (keradus)

This PR was merged into the master branch. Discussion ---------- DX: lock SCA tools for PR builds We recently had an issue that master started to fail because on an update of PHPStan, starting detecting new issues. To avoid confusion for contributors, we suggested on maintainers meeting to lock the dev-tools and updated them occasionally (eg once per Q). Same time, for master build, that is observed mostly by maintainers, we can still look for bleeding-edge version of SCA tools Commits ------- e9a48fa DX: lock SCA tools for PR builds
PHP-CS-Fixer · Jan 12, 2022 · 3f7a35d · 3f7a35d
2 parents 8e73612 + e9a48fa
commit 3f7a35d
Show file tree

Hide file tree

Showing 4 changed files with 4,619 additions and 2 deletions.
diff --git a/.github/workflows/sca.yml b/.github/workflows/sca.yml
@@ -57,6 +57,12 @@ jobs:
       - name: Report versions
         run: composer info -D
 
+      ## We want to have a lock-file used on PR level, so contributors are not bothered by SCA complains unrelated to their changes,
+      ## and same time we want to be aware that we are complying with bleeding edge of SCA tools as maintainers observing the push hook.
+      - name: Unlock dev-tools
+        if: ${{ github.event_name != 'pull_request' }}
+        run: rm ./dev-tools/composer.lock
+
       - name: Install dev-tools
         uses: nick-invision/retry@v2
         with:

diff --git a/.gitignore b/.gitignore
@@ -2,7 +2,6 @@
 /.phpunit.result.cache
 /box.json
 /composer.lock
-/dev-tools/composer.lock
 /dev-tools/bin/
 /dev-tools/phpstan/cache/
 /dev-tools/vendor/