Skip to content

Commit 02a6bc9

Browse files
turegjorupclaude
andcommitted
Install dependencies before composer audit in CI
The composer-audit workflow job ran `composer audit` with no prior install. Because this bundle does not commit composer.lock, the audit had no resolved dependency set to scan. Add a `composer install` step first (mirroring the composer-normalized job) so the audit runs against the actually-resolved packages. Note: .github/workflows/composer.yaml is generated from itk-dev/devops_itkdev-docker; this fix should be upstreamed there too, or it will be lost on the next workflow sync. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 1defa13 commit 02a6bc9

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

.github/workflows/composer.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,4 +80,5 @@ jobs:
8080
docker network create frontend
8181
8282
- run: |
83+
docker compose run --rm phpfpm composer install
8384
docker compose run --rm phpfpm composer audit

0 commit comments

Comments
 (0)