From 939c998bafcbace3cf85ae7820a8f0654e73b7c9 Mon Sep 17 00:00:00 2001
From: Tom Klingenberg <tklingenberg@lastflood.net>
Date: Mon, 11 Apr 2022 23:58:59 +0200
Subject: [PATCH] validate lock-file if configured (#10715, --check-lock)

if no lock-file is configured, turn lock file validation errors into
warnings (implicit --no-check-lock) unless those are explicitly promoted
via the new --check-lock option.

- `{"config": {"lock": false}}` is an implicit `--no-check-lock` for
  composer validate.
- `--check-lock` overrides an (implicit or explicit) `--no-check-lock`,
  always.

issue: #10715
---
 phpstan/baseline.neon                    | 10 ++++++++++
 src/Composer/Command/ValidateCommand.php |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/phpstan/baseline.neon b/phpstan/baseline.neon
index e8bb60c5cb57..bcf41c4b19f2 100644
--- a/phpstan/baseline.neon
+++ b/phpstan/baseline.neon
@@ -2375,6 +2375,11 @@ parameters:
 			count: 2
 			path: ../src/Composer/Command/ValidateCommand.php
 
+		-
+			message: "#^Only booleans are allowed in &&, mixed given on the right side\\.$#"
+			count: 1
+			path: ../src/Composer/Command/ValidateCommand.php
+
 		-
 			message: "#^Only booleans are allowed in a negated boolean, array\\<Composer\\\\Package\\\\BasePackage\\> given\\.$#"
 			count: 1
@@ -2410,6 +2415,11 @@ parameters:
 			count: 1
 			path: ../src/Composer/Command/ValidateCommand.php
 
+		-
+			message: "#^Only booleans are allowed in \\|\\|, mixed given on the right side\\.$#"
+			count: 1
+			path: ../src/Composer/Command/ValidateCommand.php
+
 		-
 			message: "#^Parameter \\#1 \\$function of function call_user_func expects callable\\(\\)\\: mixed, array\\{Composer\\\\Package\\\\RootPackageInterface, 'getDevRequires'\\|'getRequires'\\} given\\.$#"
 			count: 1
diff --git a/src/Composer/Command/ValidateCommand.php b/src/Composer/Command/ValidateCommand.php
index e66cbf23bbd7..c9650c560f03 100644
--- a/src/Composer/Command/ValidateCommand.php
+++ b/src/Composer/Command/ValidateCommand.php
@@ -45,6 +45,7 @@ protected function configure()
             ->setDescription('Validates a composer.json and composer.lock.')
             ->setDefinition(array(
                 new InputOption('no-check-all', null, InputOption::VALUE_NONE, 'Do not validate requires for overly strict/loose constraints'),
+                new InputOption('check-lock', null, InputOption::VALUE_NONE, 'Check if lock file is up to date (even config.lock is false, overrides --no-check-lock)'),
                 new InputOption('no-check-lock', null, InputOption::VALUE_NONE, 'Do not check if lock file is up to date'),
                 new InputOption('no-check-publish', null, InputOption::VALUE_NONE, 'Do not check for publish errors'),
                 new InputOption('no-check-version', null, InputOption::VALUE_NONE, 'Do not report a warning if the version field is present'),
@@ -95,6 +96,8 @@ protected function execute(InputInterface $input, OutputInterface $output)
 
         $lockErrors = array();
         $composer = Factory::create($io, $file, $input->hasParameterOption('--no-plugins'));
+        // config.lock = false ~= implicit --no-check-lock; --check-lock overrides
+        $checkLock = ($checkLock && $composer->getConfig()->get('lock')) || $input->getOption('check-lock');
         $locker = $composer->getLocker();
         if ($locker->isLocked() && !$locker->isFresh()) {
             $lockErrors[] = '- The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update` or `composer update <package name>`.';