Semicolon & Sons

Cache build process based on the lock file instead of dependencies

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the testing category.

Last Updated: 2024-07-26

My circleCI build passed when I changed the version of laravel/contentful, a critical package even thought the code wasn't working. This meant that somehow the wrong version of the package was available to it (via caching) whereas it should not have been. Here was my code for circleCI:

- restore_cache:
    keys:
      - php-dependencies-{{ checksum "composer.json" }}
- run: composer install --no-interaction --prefer-dist
- save_cache:
    paths:
      - ./vendor
    key: php-dependencies-{{ checksum "composer.json" }}

The issue was my cache was based on composer.json which, at least in this codebase, only specified version number constraints loosely. I wanted to cache based on the .lock file instead:

- restore_cache:
    keys:
      - php-dependencies-{{ checksum "composer.lock" }}
- run: composer install --no-interaction --prefer-dist
- save_cache:
    paths:
      - ./vendor
    key: php-dependencies-{{ checksum "composer.lock" }}

Lesson

Cache based on lock files, not based on looser version specifications for dependencies.

Get Episode Alerts and Freebies

We publish a video once every week, on Sundays. Every 2nd video is completely free to watch.

If you'd like, we can remind you via email when a new episode is released. We'll also keep you up to date about the top-secret game we're developing for learning programming.

Semicolon & Sons

© 2024 Semicolon & Sons. All rights reserved.