Update laravel using bitbucket pipelines

Published 9 months ago by spyrosjeva

I was testing the functionality of bibucket pipelines and im looking to do the following, install the default enviroment and on every commit/push have laravel update itself with the composer update command and then if no error come from the test's upload to the production server with git ftp.

The problem im facing is with composer update, even if there is no new downloads from it afther its done git ftp gives me a message of "dirty repository" meaning that there are uncommited changes.

Is there a way to configure pipelines to commit and push those changes from the update?

Here is my .yml file

image: php:7.1.1
    - step:
          - apt-get update && apt-get install -y unzip
          - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
          - composer -V
          - composer install
          - composer update
          - apt-get -qq install git-ftp
          - git ftp init --user $ftp_username --passwd $ftp_password ftp://****/****/

@spyrosjeva You can’t do this, as it means your application is changing versions.

If you try and deploy one version, but then run composer update, then bugs may be introduced by an updated package. This is what a composer.lock file is for: it locks dependencies at known versions. Therefore, you should manually run composer update in your local environment, commit (so the new composer.lock file is committed), and then deploy.

9 months ago (996,910 XP)

@spyrosjeva What exactly is modified?


@bashy It’ll be their composer.lock file if they’re running a composer update.


@martinbean Yeap im aware that you can't do that for major updates like 5.4 to 5.5 but how about the minor upgrades (5.5.1,5.5.2 and on) never had any problems with them and they are also include bug fixes.

@bashy Have a look

(One Drive Link) https://1drv.ms/u/s!AqyM1_NYKkPlhQNvbB_E8SWepHmn


@spyridonas It doesn’t matter. A minor update is still going to update your composer.lock file. When you deploy, you deploy files in a known state.

9 months ago (996,910 XP)

@martinbean Think the content-hash changes even if no updates were changed? Maybe if small things change.


@bashy Possibly a timestamp or something is updated. But either way, an update should not be ran on deployment, otherwise you’re no deploying the code—and library versions—defined in your source repository. And if you’re deployment process updates a dependency from version A to version B, how do you get that back in to your repository? Your repository is still going to have version A committed in the lock file.


@martinbean yeap you where right is not possible after all so i need to do it manually thanks for the info, also is there a way or a server setup where i can update multiple apps at the same time, lets say i have updated or extended my base with more features (tested and ready) and i want to push this to all my multiple productions, is there a way?

Please sign in or create an account to participate in this conversation.