From 2ff95c8fd8a2d358927c7bd5c14d85410e164f70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9goire=20Paris?= <postmaster@greg0ire.fr>
Date: Thu, 30 Jan 2025 21:48:50 +0100
Subject: [PATCH] Allow locking the deps

On doctrine/website, which is a regular Symfony application, we put the
composer.lock under version control, as we should.
In order to be able to have the same experience in the CI as we have
locally, we should use the same version of the dependencies.
To that end, let's allow passing the dependency-versions option to
ramsey/composer-install on workflows that are reused on
doctrine/website.
---
 .github/workflows/coding-standards.yml | 7 ++++++-
 .github/workflows/phpstan.yml          | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml
index 2e84f7e..fdb6c75 100644
--- a/.github/workflows/coding-standards.yml
+++ b/.github/workflows/coding-standards.yml
@@ -13,6 +13,11 @@ on:
         description: "The version of the package being tested, in case of circular dependencies."
         required: false
         type: "string"
+      composer-dependency-versions:
+        description: "whether the job should install the locked, highest, or lowest versions of Composer dependencies."
+        default: "highest"
+        required: false
+        type: "string"
       composer-options:
         description: "Additional flags for the composer install command."
         default: "--prefer-dist"
@@ -43,7 +48,7 @@ jobs:
       - name: "Install dependencies with Composer"
         uses: "ramsey/composer-install@v3"
         with:
-          dependency-versions: "highest"
+          dependency-versions: "${{ inputs.composer-dependency-versions }}"
           composer-options: "${{ inputs.composer-options }}"
 
       # https://github.com/doctrine/.github/issues/3
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
index ab0d66b..a16c9d4 100644
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -13,6 +13,11 @@ on:
         description: "The version of the package being tested, in case of circular dependencies."
         required: false
         type: "string"
+      composer-dependency-versions:
+        description: "whether the job should install the locked, highest, or lowest versions of Composer dependencies."
+        default: "highest"
+        required: false
+        type: "string"
       composer-options:
         description: "Additional flags for the composer install command."
         default: "--prefer-dist"
@@ -42,7 +47,7 @@ jobs:
       - name: "Install dependencies with Composer"
         uses: "ramsey/composer-install@v3"
         with:
-          dependency-versions: "highest"
+          dependency-versions: "${{ inputs.composer-dependency-versions }}"
           composer-options: "${{ inputs.composer-options }}"
 
       - name: "Run a static analysis with phpstan/phpstan"