Production Deploy Patterns with Composer Lockfiles
Lockfile-driven deploys prevent plugin drift and make rollback predictable.
Practical Use Cases
Use Case 1: Build production artifact from lockfile only
production-install.sh
#!/usr/bin/env bash
set -euo pipefail
composer install --no-dev --prefer-dist --no-interaction --optimize-autoloader
wp plugin list --status=active | grep advanced-custom-fields
wp plugin get advanced-custom-fields-pro --field=version
Expected output
advanced-custom-fields-pro active
6.3.1
Use Case 2: Rollback to previous lockfile release
rollback-acf.sh
#!/usr/bin/env bash
set -euo pipefail
git checkout v2026.02.22 -- composer.lock
composer install --no-dev --prefer-dist --no-interaction
wp plugin get advanced-custom-fields-pro --field=version
Expected output
Installing dependencies from lock file
6.3.0
Hands-On Practice
- Run lockfile-based install with
--no-devand record active plugin version. - Simulate rollback by restoring prior lockfile tag and reinstalling.
- Add a deploy gate that fails if plugin version differs from expected release notes.
What's Next
- Continue to CI/CD Workflows for Composer-Based ACF Pro Projects.
- Review this module context in Module 11 Overview.
- Related lesson: CI/CD Pipeline Quality Gates and Release Checks.