Add allow-missing-requirements config setting to ignore missing requirements (#11966)

* Add allow-missing-requirements configuration to ignore error during install if there are any missing requirements

* Add test for allow-missing-requirements config

---------

Co-authored-by: Joe <joe@wpj.cz>

doc/06-config.md

@@ -481,4 +481,10 @@ throw, but you can set this config option to `["example.org"]` to allow using sv
 URLs on that hostname. This is a better/safer alternative to disabling `secure-http`
 altogether.
 
+## allow-missing-requirements
+
+Defaults to `false`. Ignores error during `install` if there are any missing
+requirements - the lock file is not up to date with the latest changes in
+`composer.json`.
+
 ← [Repositories](05-repositories.md)  |  [Runtime](07-runtime.md) →

res/composer-schema.json

@@ -662,6 +662,10 @@
                 "platform-check": {
                     "type": ["boolean", "string"],
                     "description": "Defaults to \"php-only\" which checks only the PHP version. Setting to true will also check the presence of required PHP extensions. If set to false, Composer will not create and require a platform_check.php file as part of the autoloader bootstrap."
+                },
+                "allow-missing-requirements": {
+                    "type": ["boolean"],
+                    "description": "Defaults to false. If set to true, Composer will allow install when lock file is not up to date with the latest changes in composer.json."
                 }
             }
         },

src/Composer/Config.php

@@ -84,6 +84,7 @@ class Config
         'gitlab-token' => [],
         'http-basic' => [],
         'bearer' => [],
+        'allow-missing-requirements' => false,
     ];
 
     /** @var array<string, mixed> */

src/Composer/Installer.php

@@ -742,7 +742,9 @@ class Installer
             if ($missingRequirementInfo !== []) {
                 $this->io->writeError($missingRequirementInfo);
 
-                return self::ERROR_LOCK_FILE_INVALID;
+                if (!$this->config->get('allow-missing-requirements')) {
+                    return self::ERROR_LOCK_FILE_INVALID;
+                }
             }
 
             foreach ($lockedRepository->getPackages() as $package) {

tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock-with-ignore.test

@@ -0,0 +1,47 @@
+--TEST--
+Requirements from the composer file are not installed if the lock file is present and missing requirements warning
+is issued when allow-missing-requirements if enabled
+--COMPOSER--
+{
+    "repositories": [
+        {
+            "type": "package",
+            "package": [
+                { "name": "required/pkg", "version": "1.0.0" },
+                { "name": "newly-required/pkg", "version": "1.0.0" }
+            ]
+        }
+    ],
+    "require": {
+        "required/pkg": "1.0.0",
+        "newly-required/pkg": "1.0.0"
+    },
+    "config": {
+        "allow-missing-requirements": true
+    }
+}
+--LOCK--
+{
+    "packages": [
+        { "name": "required/pkg", "version": "1.0.0" }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false
+}
+--RUN--
+install
+--EXPECT-OUTPUT--
+Installing dependencies from lock file (including require-dev)
+Verifying lock file contents can be installed on current platform.
+- Required package "newly-required/pkg" is not present in the lock file.
+This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.
+Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md
+and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require-r
+Package operations: 1 install, 0 updates, 0 removals
+Generating autoload files
+--EXPECT--
+Installing required/pkg (1.0.0)