allow_list
Configuration
{
"name": "company/project",
"extra": {
"violinist": {
"allow_list": []
}
}
}
An array of packages to explicitly allow when updating packages with violinist. Defaults to nothing, which means all available updates will be attempted. This means that putting one package on the allow list will block all other updates from being attempted, while having zero packages on the allow list will not filter any of the updates.
Note! When using in combination with blocklist, the updates will first be filtered through the allow list, and then it will apply block list rules. This means you can explicitly allow
symfony/*
while still addingsymfony/yaml
to the block list.
Note! This option has no effect if used in combination with always_update_all.
Explanation
Some projects only want to allow updates to specific packages. This can be because you use other tools or processes to update the rest of your dependencies, or maybe you only care about updating one or some of the packages in your project.
If you want to add a project to the allow list, you can add some extra information into your composer.json.
Example
Say you wanted violinist to only update vendor/package1
in your project, even if you had a bunch of other dependencies. And say your composer.json looks something like this:
{
"name": "company/project",
"description": "My awesome project",
"require": {
"vendor/package1": "^1.4.0",
"vendor/package2": "^1.4.0",
"vendor/package3": "^1.4.0",
"vendor/package4": "^1.4.0",
"vendor/package5": "^1.4.0",
"vendor/package6": "^1.4.0",
"vendor/package7": "^1.4.0"
}
}
To make sure violinist only even tries to update vendor/package1
you simply add the following to your composer.json:
{
"name": "company/project",
"description": "My awesome project",
"require": {
"vendor/package1": "^1.4.0",
"vendor/package2": "^1.4.0",
"vendor/package3": "^1.4.0",
"vendor/package4": "^1.4.0",
"vendor/package5": "^1.4.0",
"vendor/package6": "^1.4.0",
"vendor/package7": "^1.4.0"
},
"extra": {
"violinist": {
"allow_list": [
"vendor/package1"
]
}
}
}
This will make violinist only create pull/merge requests for vendor/package1
even if there are ever so many updates to all of the other packages.
Example with wildcards
You can also use wildcards in your allow list. Examples could be vendor/*
or vendor/prefix_*
.
{
"name": "company/project",
"description": "My awesome project",
"require": {
"vendor/package": "^1.4.0"
},
"extra": {
"violinist": {
"allow_list": [
"vendor/*",
"vendor/prefix_*"
]
}
}
}