Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dependency management with Composer


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Dependency management with Composer

  1. 1. Dependency management withComposerJason Grimes / @jason_grimes / jason@grimesit.comTriangle PHP - June 2013
  2. 2. Composer is adependency managerforPHP.Like npm in Node,or bundler in Ruby.
  3. 3. What are dependencies?Third-party librariesor other assets your project depends onwhich are stored in a separate repositoryfrom your project sources.
  4. 4. • Define dependencies in a version controlledconfig file.• Download & install them all with onecommand.• Have identical versions in all projectenvironments.• Automate this part of your build process.A dependency manager lets you:
  5. 5. ComposerPEAR• Per-project• Open inclusion• Central repository• System-wide• Strict control• Dispersed channelsvsComposer is becoming the de-facto standard
  6. 6. Installing Composer:$ curl -sS | php$ sudo mv composer.phar /usr/local/bin/composer
  7. 7. Keeping Composerup to date periodically:$ sudo composer self-updateUpdating to versiond498e73363f8dae5b9984bf84ff2a2ca27240925.Downloading: 100%
  8. 8. Two main use cases:• Managing dependencies in a project• Distributing a library
  9. 9. Managing dependenciesin a project
  10. 10. Getting a dependency:{"require": {"silex/silex": "~1.0"}}$ cd ~/myproject$ vim composer.json$ composer install
  11. 11. $ composer installLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing symfony/routing (v2.3.0)Loading from cache- Installing symfony/debug (v2.3.1)Downloading: 100%- Installing symfony/http-foundation (v2.3.1)Downloading: 100%- Installing symfony/event-dispatcher (v2.3.0)Loading from cache- Installing symfony/http-kernel (v2.3.0)Loading from cache- Installing pimple/pimple (v1.0.2)Loading from cache- Installing silex/silex (v1.0.0)Loading from cachesymfony/routing suggests installing symfony/config ()...Writing lock fileGenerating autoload files
  12. 12. Packages are installedin the vendor/ subdirectory$ ls vendorautoload.phpcomposer/pimple/psr/silex/symfony/
  13. 13. Specifying versions"~1.2"">=1.2,<2.0""1.2.*""1.2.3"Recommended. “Up to next significant release.” (semver)
  14. 14. Only stable packages are installed by default.Get a non-stable version like this:{"require": {"silex/silex": "~1.0@dev"},}Stability flags, in order of priority: dev, alpha, beta, RC, and stable.To get the latest commit from the master branch:{"require": {"silex/silex": "dev-master"},}
  15. 15. Ensuring identical versionsin all project environments
  16. 16. • composer.json - the config file.Specifies versions as flexible patterns.• composer.lock - the lock file.Automatically written by composer.Lists the exact versions that were installed.Both files should be stored in version control.Two important files:
  17. 17. • composer install - Install dependencies,using the versions listed in composer.lock.• composer update - Determine the latestallowed versions, install them, and write theversion numbers to composer.lock.Two important commands:
  18. 18. You can specify which packages to update,leaving the others untouched:$ composer update monolog/monologThis can be useful when adding a new dependency.
  19. 19. composer update might break things.Only run it in dev environments.Commit composer.lock to versioncontrol when you’re ready to deploy thenew versions.Remember:
  20. 20. composer install ensures you havethe exact same versions as everyone elseusing that composer.lock file.Run composer install in your buildscripts.
  21. 21. Autoloading
  22. 22. Composer sets up autoloading of yourdependencies (for free).Just include vendor/autoload.php:<?phprequire ‘vendor/autoload.php’;$app = new SilexApplication();
  23. 23. You can also use composer to configureautoloading for your own code.{"require": {...},"autoload": {"psr-0": {"MyApp": "src/"}},}<?phprequire ‘vendor/autoload.php’;$app = new MyAppFoo(); // From src/MyApp/Foo.phpcomposer.json
  24. 24. Various autoloading conventions are supported."autoload": {"psr-0": {"MyAppTest": "src/test","MyApp_": "src","": "src/"},"classmap": ["src/", "lib/", "Something.php"],"files": ["src/MyLibrary/functions.php"]},MyAppTestFooTest => src/test/MyApp/Test/FooTest.phpMyApp_Foo => src/MyApp/Foo.phpFoo => src/Foo.phpSearch for classes in *.php and *.inc files in these locations,and generate a key/value array mapping class names to files.Explicitly load these files on every request.
  25. 25. You can generate the autoload fileswithout running an install or update:$ composer dump-autoloadIn production, you can generate a class mapfor all classes, to optimize performance:$ composer dump-autoload --optimize
  26. 26. Finding packages
  27. 27.
  28. 28. $ composer search oauth2 serveradoy/oauth2 Light PHP wrapper for the OAuth 2.0 protocol (based onOAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-15)drahak/oauth2 Nette OAuth2 Provider bundleopauth/oauth2 Base OAuth2 strategy for Opauthzircote/oauth2 OAuth2 Library, this is by no means complete nor isthe test coverage optimal, mileage may (will) vary.friendsofsymfony/oauth2-php OAuth2 librarybshaffer/oauth2-server-php OAuth2 Server for PHPleague/oauth2-server A lightweight and powerful OAuth 2.0authorization and resource server library with support for all thecore specification grants. This library will allow you to secureyour API with OAuth and allow your applications users to approveapps that want to access their data from your API....
  29. 29. $ composer show league/oauth2-servername : league/oauth2-serverdescrip. : A lightweight and powerful OAuth 2.0 authorization and resource serverlibrary with support for all the core specification grants. This library willallow you to secure your API with OAuth and allow your applications users toapprove apps that want to access their data from your API.keywords : authorization, api, Authentication, oauth, oauth2, server, resourceversions : dev-master, 2.1.1, 2.1, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0, 1.0.8, 1.0.7,1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.4.2, 0.4.1, 0.4, 0.3.5, 0.3.4,0.3.3, 0.3.2, 0.3.1, 0.3, 0.2.3, 0.2.2, 0.2.1, 0.2, dev-develop, dev-temptype : librarylicense : MITsource : [git] 2.1.1dist : [zip] 2.1.1names : league/oauth2-server, lncd/oauth2, league/oauth2serverautoloadpsr-0LeagueOAuth2Server => src/requiresphp >=5.3.0requires (dev)mockery/mockery >=0.7.2suggestszetacomponents/database Allows use of the build in PDO storage classesreplaceslncd/oauth2 *league/oauth2server *
  30. 30. Bootstrapping a project
  31. 31. $ composer create-project fabpot/silex-skeleton ~/myprojectcreate-project clones a project skeletonand installs its dependencies.
  32. 32. $ composer create-project fabpot/silex-skeleton ~/myprojectInstalling fabpot/silex-skeleton (v1.0.0)- Installing fabpot/silex-skeleton (v1.0.0)Downloading: 100%Created project in /home/vagrant/myprojectLoading composer repositories with package informationInstalling dependencies (including require-dev)- Installing psr/log (1.0.0)Loading from cache- Installing twig/twig (v1.13.1)Downloading: 100%- Installing symfony/icu (v1.2.0)Downloading: 100%- Installing symfony/intl (v2.3.1)Downloading: 100%...symfony/twig-bridge suggests installing symfony/templating ()...Writing lock fileGenerating autoload files
  33. 33. $ ls ~/myprojectcache/composer.jsoncomposer.lockconfig/consolelogs/src/templates/vendor/web/
  34. 34. Adding another dependencyfrom the command line$ composer require doctrine/dbal:~2.3composer.json has been updatedLoading composer repositories with package informationUpdating dependencies (including require-dev)- Installing doctrine/common (2.3.0)Loading from cache- Installing doctrine/dbal (2.3.4)Loading from cacheWriting lock fileGenerating autoload files
  35. 35. Distributing a library
  36. 36. Any directory with a composer.json fileis a package.To be installable, a package just needs aname:{"name": "myvendorname/my-package","require": {...}}
  37. 37. Recommended info for composer.json{"name": "jasongrimes/silex-simpleuser","description": "A simple db-backed user provider for Silex.","keywords": ["silex", "user", "user provider"],"homepage": "","license": "MIT","authors": [{"name": "Jason Grimes", "email": ""}],"require": { ... },"autoload": {"psr-0": {"JGSimpleUser": "src/"}},"suggest": {"monolog/monolog": "Allows more advanced logging."}}
  38. 38. Specify versions with tags in yourVCS.Tags should match X.Y.Z or vX.Y.Zwith optional RC, beta, alpha or patch suffix.1.0.0v1.
  39. 39. “dev” versions are created automaticallyfor every branch
  40. 40. Branch names that look like versionsbecome {branch}-dev:2.0 => 2.0.x-dev1.2.x => 1.2.x-dev
  41. 41. Other branch names becomedev-{branch}:master => dev-masterbugfix => dev-bugfix
  42. 42. Specifying system requirements{"require": {..."php": ">=5.3","ext-PDO": “~1.0@dev”,"lib-openssl": "openssl"}}Run composer show --platform for a list oflocally available platform packages.
  43. 43. Executing scripts with Composer{"scripts": {"post-update-cmd": "MyVendorMyClass::postUpdate","post-package-install": ["MyVendorMyClass::postPackageInstall"],"post-install-cmd": ["MyVendorMyClass::warmCache","phpunit -c app/"]}}composer.jsonMany other pre- and post- event hooks are supported.
  44. 44. Submitting to Packagist
  45. 45. If using github, add a service hookPackagist will update whenever you push, instead of being crawled only once daily.
  46. 46. Custom repositories
  47. 47. Maintaining your own forksWhen you fix a bug in a third-party library,use your own fork until your fix gets accepted upstream.{"repositories": [{"type": "vcs","url": “”,}],"require": {"monolog/monolog": "dev-bugfix"}}Your forkBranch with your fixCustom repos have priority over packagist, so your fork gets used instead of the original.
  48. 48. PEAR packages{"repositories": [{"type": "pear","url": ""}],"require": {"": "*","pear-pear2/PEAR2_HTTP_Request": "*"}}
  49. 49. Non-composer packages{"repositories": [{"type": "package","package": {"name": "smarty/smarty","version": "3.1.7","dist": {"url": "","type": "zip"},"source": {"url": "","type": "svn","reference": "tags/Smarty_3_1_7/distribution/"},"autoload": {"classmap": ["libs/"]}}}],"require": {"smarty/smarty": "3.1.*"}}
  50. 50. Private repositories
  51. 51. Use Satis to generate private Composer repositories.$ composer create-project composer/satis --stability=dev$ vim config.json{"repositories": [{ "type": "vcs", "url": "" },{ "type": "vcs", "url": "" },{ "type": "vcs", "url": "" }],"require": {"company/package": "*","company/package2": "*","company/package3": "2.0.0"}}$ php bin/satis build config.json web/Builds static repoin web/
  52. 52. Use your private repo like any other:{"repositories": [ {"type": "composer","url": ""} ],"require": {"company/package": "1.2.0","company/package2": "1.5.2","company/package3": "dev-master"}}
  53. 53. In conclusion...
  54. 54. • ...install dependencies not stored in your project’sVCS repo.• ...ensure identical versions in all your project’s environments.• ...handle autoloading.• ...distribute your open source libraries.• ...manage your private repositories.Use Composer to:
  55. 55. Resources••• #composer on freenodeJason Grimes / @jason_grimes /