I want to make sure composer is using an exact version of a git repository by specifing the SHA1 of the commit. How can I do this?
You can specify it after the version, as such (assuming you want the master branch): “dev-master#a93cbe224”
To cache your choice, you MUST use full lenght SHA1 hash like this:
"require": {
....
"sonata-project/media-bundle": "2.2.x-dev#006121d9aee0080573ccdb05900bd58c2ffe295d",
....
}
http://stackoverflow.com/questions/14256563/how-to-make-composer-to-use-an-exact-sha1-value
http://getcomposer.org/doc/04-schema.md#package-links