Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Leveraging Composer in Existing Projects

Keeping external libraries current and organized can be a tedious and risky task. Converting those libraries from embedded inside a codebase to being included via Composer is a clean and efficient solution. Learn how to migrate and autoload those libraries, use the composer.json and composer.lock files, find new libraries, and run Composer commands. Use what you learn to clean and organize your codebase to make it easier to maintain, and more lean and better to work with.

  • Login to see the comments

  • Be the first to like this

Leveraging Composer in Existing Projects

  1. 1. Leveraging Composer in Existing Projects Mark Niebergall https://joind.in/talk/774d7
  2. 2. About Mark Niebergall • PHP since 2005 • Masters degree in MIS • Senior Software Engineer • Drug screening project • UPHPU President • CSSLP, SSCP Certified and SME • Drones, fishing, skiing, father, husband
  3. 3. Leveraging Composer in Existing Projects
  4. 4. Leveraging Composer in Existing Projects • Survey - Have heard of composer? - Are familiar with what composer is? - Have used composer? - Have contributed to composer?
  5. 5. Leveraging Composer in Existing Projects • My experience - Large project that has been around a while - Some older code areas - Various architectural styles over the years - Various libraries within the project
  6. 6. Leveraging Composer in Existing Projects • My experience - Libraries scattered in project - Some libraries were old - Some libraries were even altered
  7. 7. Leveraging Composer in Existing Projects • My experience - Made the effort to clean up libraries - Identify libraries and versions - Created user stories - Made the migration
  8. 8. Leveraging Composer in Existing Projects • My experience - Libraries were organized - Visibility into libraries used - Much easier to manage and upgrade - Much easier to add new libraries
  9. 9. Leveraging Composer in Existing Projects • Objectives - Know why and how to use composer - Leverage composer in your projects
  10. 10. Leveraging Composer in Existing Projects • Topics - What composer is - Using composer - Migrating libraries
  11. 11. What composer is
  12. 12. What composer is • Created by Nils Adermann and Jordi Boggiano in 2012 • MIT license
  13. 13. What composer is • https://getcomposer.org/ - Installation instructions - Documentation
  14. 14. What composer is • Dependency manager for PHP projects
  15. 15. What composer is • Tool to manage libraries used by a project
  16. 16. What composer is • Best practice for dependency management for PHP projects
  17. 17. What composer is • Manage libraries - Add libraries to project - Autoload libraries - Versioning - Library dependencies - Remove libraries
  18. 18. What composer is • Uses packagist for package information - https://packagist.org/ - Submit packages to website - Versions - Dependencies - Location
  19. 19. What composer is • Handles autoloading - Automatically includes package files when needed - Use along with other project autoloaders ‣ require_once __DIR__ . ‘/../vendor/autoload.php’;
 require_once __DIR__ . ‘/../src/Autoloader.php’;
  20. 20. What composer is
  21. 21. Using composer
  22. 22. Using composer • Installing composer • Adding packages • Updating packages • Removing package
  23. 23. Using composer • Installing composer - Download phar installer file - Run installer with php - Move to bin - curl -s https://getcomposer.org/installer | php
 sudo mv composer.phar /usr/local/bin/composer
  24. 24. Using composer • Installing composer - Windows download https://getcomposer.org/ Composer-Setup.exe
  25. 25. Using composer • Installing composer - php /path/to/composer.phar command - composer command
  26. 26. Using composer • Installing composer - Command line tool - Are some UI helpers
  27. 27. Using composer • composer package versioning
  28. 28. Using composer • composer package versioning - * = wildcard - ~ = up to but not including next version - ^ = up to but not including next major version
  29. 29. Using composer • composer package versioning - 4.5.2 means only 4.5.2
  30. 30. Using composer • composer package versioning - 4.5.* means 4.5 and below 4.6
  31. 31. Using composer • composer package versioning - ~4.5 means >= 4.5 and <5.0 - ~4.5.6 means >= 4.5.6 and < 4.6
  32. 32. Using composer • composer package versioning - ^4.5 means >= 4.5.0 and < 5 - ^4.5.6 means >= 4.5.6 and < 5 - Default versioning format if not specified
  33. 33. Using composer • composer commands
  34. 34. Using composer • composer commands - composer init - composer require - composer install - composer update - composer create-project - composer remove
  35. 35. Using composer
  36. 36. Using composer • composer init
  37. 37. Using composer • composer init - Initialize a project with composer - Creates autoloader - Define basic settings - Interactively install packages - Creates composer.json file
  38. 38. Using composer • composer init
 {
 "name": “mniebergall/composer",
 "description": "Leveraging Composer in Existing Projects",
 "authors": [
 {
 "name": "Mark Niebergall",
 "email": “myemail@example.com”
 }
 ],
 "require": {}
 }
  39. 39. Using composer • composer require
  40. 40. Using composer • composer require - Add packages to a project - Install the package plus dependencies
  41. 41. Using composer • composer require - Adds package to composer.json file - Creates or updates the composer.lock file
  42. 42. Using composer • composer require - Package files are saved into the /vendor/ directory - Autoloader is updated to load the package files automatically
  43. 43. Using composer • composer require - Only run in development environment - Not to be used in other environments
  44. 44. Using composer • composer require - composer require --dev vendor/package ‣ Only installs in development with ‘install’ command • Testing frameworks (PHPUnit, behat, etc) • Code analysis and statistics
  45. 45. Using composer • composer require - composer require --dev phpunit/phpunit
 
 "require-dev": {
 "phpunit/phpunit": "^6.3"
 }
  46. 46. Using composer • composer require - composer require --dev fzaninotto/faker
  47. 47. Using composer • composer require - composer require --dev h4cc/phpqatools ‣ PHPUnit, PHP-Invoker, DbUnit, PHPLOC, PHPCPD, PHP_Depend, PHPMD, PHP_CodeSniffer, Fabien Potencier/PHP Coding Standards Fixer, Sensiolabs/ Security-Checker, and Behat
  48. 48. Using composer • composer require - composer require group/package ‣ See packagist for group/package ‣ Find project on GitHub, read the instructions • Most will have composer installation command • If not there are options
  49. 49. Using composer • composer require - composer require group/package VERSION - composer require ramsey/uuid - composer require ramsey/uuid 3.7 - composer require ramsey/uuid=^2.9 - composer require ramsey/uuid ^3.7
  50. 50. Using composer • composer require
 {
 "name": “mniebergall/composer",
 "description": "Leveraging Composer in Existing Projects",
 "authors": [
 {
 "name": "Mark Niebergall",
 "email": “myemail@example.com”
 }
 ],
 "require": {
 "ramsey/uuid": “^3.7"
 }
 }

  51. 51. Using composer • composer install
  52. 52. Using composer • composer install - Installs packages as defined in composer.lock file - If no lock file then as defined in composer.json ‣ Generates composer.lock file
  53. 53. Using composer • composer install - composer install --no-dev ‣ Skips require-dev packages ‣ Use this in non-development environments • We’ll discuss deployment considerations at the end
  54. 54. Using composer • composer install{ - phpsp, add this to composer.json ‣ "require-dev": {
 "phpspec/phpspec": "^4.0"
 },
 "config": {
 "bin-dir": "bin"
 },
 "autoload": {"psr-0": {"": “src”}} ‣ Then run composer install
  55. 55. Using composer • composer update
  56. 56. Using composer • composer update - Updates packages to latest based on composer.json contents - Also updates necessary dependencies - Updates content of composer.json and composer.lock files
  57. 57. Using composer • composer update - composer update ‣ Update all packages ‣ Not recommended - composer update group/package ‣ Target specific packages
  58. 58. Using composer • composer update - composer update group/package version ‣ composer update --dev phpunit/phpunit ^6
  59. 59. Using composer • composer create-project
  60. 60. Using composer • composer create-project - New project from existing package - Clones down repo, checkout, installs dependencies
  61. 61. Using composer • composer create-project - Skeleton projects - Often used with projects using a framework - Zend, Laravel, and others
  62. 62. Using composer • composer remove
  63. 63. Using composer • composer remove - Removing lines from composer.json will not work without a composer update
  64. 64. Using composer • composer remove - composer remove vendor/package - Removes entry from composer.json - Removes entry from composer.lock - Removes dependencies - Removes files from vendor directory
  65. 65. Using composer • composer.json
  66. 66. Using composer • composer.json - Project configuration - Packages to be used - Package versions - Used to generate composer.lock file
  67. 67. Using composer • composer.json - Can be manually updated - Can run commands up update it ‣ composer require group/package
  68. 68. Using composer • composer.json - Define internally hosted packages - Environment properties ‣ PHP version for compatibility
  69. 69. Using composer • composer.lock
  70. 70. Using composer • composer.lock - Generated based on contents of composer.json - Should not be manually edited - Let composer manage contents
  71. 71. Using composer • composer.lock - Defines packages and dependencies to be installed - composer install reads the composer.lock file
  72. 72. Using composer
  73. 73. Migrating libraries
  74. 74. Migrating libraries • Benefits of migrating • How to migrate
  75. 75. Migrating libraries • Benefits of migrating - Cleans the codebase - Project only includes project files
  76. 76. Migrating libraries • Benefits of migrating - Centralizes library (package) management - Easier library management
  77. 77. Migrating libraries • Benefits of migrating - Keep libraries current ‣ Bug fixes ‣ Security patches ‣ Features ‣ Performance
  78. 78. Migrating libraries • How to migrate libraries
  79. 79. Migrating libraries • How to migrate libraries - Use source control ‣ Git (preferred) ‣ Mercurial
  80. 80. Migrating libraries • How to migrate libraries - Create user stories/tickets to track the progress
  81. 81. Migrating libraries • How to migrate libraries - Transparency with everyone impacted ‣ Development ‣ QA ‣ Project management ‣ Release team
  82. 82. Migrating libraries • How to migrate libraries - Identify libraries currently included in project ‣ Frameworks ‣ Tools ‣ Helpful libraries
  83. 83. Migrating libraries • How to migrate libraries - Identify libraries currently included in project ‣ Search for ‘@license’ ‣ Tribal knowledge
  84. 84. Migrating libraries • How to migrate libraries - Vet libraries found ‣ Consolidation? ex: can framework do that? ‣ Secure? ‣ Altered? Run a compare? If so why?
  85. 85. Migrating libraries • How to migrate libraries - Vet libraries found ‣ Still needed? ex: deprecated functionality, paragonie/random_compat or PHP 7? ‣ Better library available now? ‣ Best practices? ‣ Built into PHP core? ex: NuSOAP vs PHP Soap
  86. 86. Migrating libraries • How to migrate libraries - Find the package on packagist ‣ Actively maintained ‣ Popularity ‣ Community acceptance ‣ Documentation
  87. 87. Migrating libraries • How to migrate libraries - Find the package on packagist ‣ Determine desired version ‣ Review dependencies ‣ Consider alternatives
  88. 88. Migrating libraries • How to migrate libraries - Review the library source ‣ Unit tests ‣ Coding standards ‣ Time to close open bugs and security issues ‣ Architecturally sound
  89. 89. Migrating libraries • How to migrate libraries - Steps ‣ Tests ‣ Include the library using composer ‣ Remove old library files from source control ‣ Tests
  90. 90. Migrating libraries • How to migrate libraries - Steps ‣ Make a pull request • .gitignore or equivalent ignores /vendor/ • Add changed files, including composer.json and composer.lock
  91. 91. Migrating libraries • How to migrate libraries - Steps ‣ Make a pull request • commit • push • create PR
  92. 92. Migrating libraries • How to migrate libraries - Steps ‣ Code reviews • Automated tests • Functional tests • Peer review
  93. 93. Migrating libraries • How to migrate libraries - Steps ‣ Raise awareness • QA team • Project management • Release team
  94. 94. Migrating libraries
  95. 95. Considerations
  96. 96. Considerations • Handling altered libraries - Understand why - Use pure versions - Make PR to fix issues - Document what is wrong
  97. 97. Considerations • Testing when updating packages - composer update vendor/package version - Domino effect with dependencies
  98. 98. Considerations • Deployment - composer install —no-dev - From files ‣ Azer Koçulu case of unpublishing 250+ NPM modules
  99. 99. Considerations • Open discussion
  100. 100. Considerations
  101. 101. Questions? • Rate on joind.in - https://joind.in/talk/774d7
  102. 102. Sources • https://www.theregister.co.uk/2016/03/23/ npm_left_pad_chaos/ • https://getcomposer.org/

×