## Only commit files that are explicitly part of the upstream configuration.
## This prevents `vendor` et. al. from being committed should someone
## accidentally run composer operations in this directory without including
## the `--no-update` flag.
*

## Explicitly allow files that are supposed to be part of the upstream
## configuration here. If other files are added, include another line
## beginning with a "!" and followed by the new file's name to override
## the .gitignore directive above (i.e. to "un-ignore" it).
!README.md
!composer.json
!composer.lock
!scripts
!scripts/*
!locked

## Allow composer.lock to be committed in custom upstreams if you wish
## to force all sites created from this upstream to be locked to the
## exact dependency versions stored in the upstream-configuration/composer.lock
## file. This is advantageous in that it reduces the scope of testing needed in
## each downstream site by forcing them to use the versions that were tested
## in the upstream. It is appropriate to use in upstreams that will only be
## used within the group or organization that manages the upstream. To allow
## the composer.lock file to be committed, ensure that the '!composer.lock'
## line below is uncommented.
# !composer.lock
