3. What are dependencies?
Third-party libraries
or other assets your project depends on
which are stored in a separate repository
from your project sources.
4. • Define dependencies in a version controlled
config file.
• Download & install them all with one
command.
• Have identical versions in all project
environments.
• Automate this part of your build process.
A dependency manager lets you:
5. ComposerPEAR
• Per-project
• Open inclusion
• Central repository
• System-wide
• Strict control
• Dispersed channels
vs
Composer is becoming the de-facto standard
7. Keeping Composer
up to date periodically:
$ sudo composer self-update
Updating to version
d498e73363f8dae5b9984bf84ff2a2ca27240925.
Downloading: 100%
8. Two main use cases:
• Managing dependencies in a project
• Distributing a library
14. Only stable packages are installed by default.
Get a non-stable version like this:
{
"require": {
"silex/silex": "~1.0@dev"
},
}
Stability flags, in order of priority: dev, alpha, beta, RC, and stable.
To get the latest commit from the master branch:
{
"require": {
"silex/silex": "dev-master"
},
}
16. • composer.json - the config file.
Specifies versions as flexible patterns.
• composer.lock - the lock file.
Automatically written by composer.
Lists the exact versions that were installed.
Both files should be stored in version control.
Two important files:
17. • composer install - Install dependencies,
using the versions listed in composer.lock.
• composer update - Determine the latest
allowed versions, install them, and write the
version numbers to composer.lock.
Two important commands:
18. You can specify which packages to update,
leaving the others untouched:
$ composer update monolog/monolog
This can be useful when adding a new dependency.
19. composer update might break things.
Only run it in dev environments.
Commit composer.lock to version
control when you’re ready to deploy the
new versions.
Remember:
20. composer install ensures you have
the exact same versions as everyone else
using that composer.lock file.
Run composer install in your build
scripts.
22. Composer sets up autoloading of your
dependencies (for free).
Just include vendor/autoload.php:
<?php
require ‘vendor/autoload.php’;
$app = new SilexApplication();
23. You can also use composer to configure
autoloading for your own code.
{
"require": {...},
"autoload": {
"psr-0": {"MyApp": "src/"}
},
}
<?php
require ‘vendor/autoload.php’;
$app = new MyAppFoo(); // From src/MyApp/Foo.php
composer.json
24. Various autoloading conventions are supported.
"autoload": {
"psr-0": {
"MyAppTest": "src/test",
"MyApp_": "src",
"": "src/"
},
"classmap": ["src/", "lib/", "Something.php"],
"files": ["src/MyLibrary/functions.php"]
},
MyAppTestFooTest => src/test/MyApp/Test/FooTest.php
MyApp_Foo => src/MyApp/Foo.php
Foo => src/Foo.php
Search for classes in *.php and *.inc files in these locations,
and generate a key/value array mapping class names to files.
Explicitly load these files on every request.
25. You can generate the autoload files
without running an install or update:
$ composer dump-autoload
In production, you can generate a class map
for all classes, to optimize performance:
$ composer dump-autoload --optimize
29. $ composer search oauth2 server
adoy/oauth2 Light PHP wrapper for the OAuth 2.0 protocol (based on
OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-15)
drahak/oauth2 Nette OAuth2 Provider bundle
opauth/oauth2 Base OAuth2 strategy for Opauth
zircote/oauth2 OAuth2 Library, this is by no means complete nor is
the test coverage optimal, mileage may (will) vary.
friendsofsymfony/oauth2-php OAuth2 library
bshaffer/oauth2-server-php OAuth2 Server for PHP
league/oauth2-server A lightweight and powerful OAuth 2.0
authorization and resource server library with support for all the
core specification grants. This library will allow you to secure
your API with OAuth and allow your applications users to approve
apps that want to access their data from your API.
...
30. $ composer show league/oauth2-server
name : league/oauth2-server
descrip. : A lightweight and powerful OAuth 2.0 authorization and resource server
library with support for all the core specification grants. This library will
allow you to secure your API with OAuth and allow your applications users to
approve apps that want to access their data from your API.
keywords : authorization, api, Authentication, oauth, oauth2, server, resource
versions : dev-master, 2.1.1, 2.1, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0, 1.0.8, 1.0.7,
1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.4.2, 0.4.1, 0.4, 0.3.5, 0.3.4,
0.3.3, 0.3.2, 0.3.1, 0.3, 0.2.3, 0.2.2, 0.2.1, 0.2, dev-develop, dev-temp
type : library
license : MIT
source : [git] https://github.com/php-loep/oauth2-server.git 2.1.1
dist : [zip] https://api.github.com/repos/php-loep/oauth2-server/zipball/
2.1.1 2.1.1
names : league/oauth2-server, lncd/oauth2, league/oauth2server
autoload
psr-0
LeagueOAuth2Server => src/
requires
php >=5.3.0
requires (dev)
mockery/mockery >=0.7.2
suggests
zetacomponents/database Allows use of the build in PDO storage classes
replaces
lncd/oauth2 *
league/oauth2server *
35. Adding another dependency
from the command line
$ composer require doctrine/dbal:~2.3
composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Installing doctrine/common (2.3.0)
Loading from cache
- Installing doctrine/dbal (2.3.4)
Loading from cache
Writing lock file
Generating autoload files
37. Any directory with a composer.json file
is a package.
To be installable, a package just needs a
name:
{
"name": "myvendorname/my-package",
"require": {...}
}
38. Recommended info for composer.json
{
"name": "jasongrimes/silex-simpleuser",
"description": "A simple db-backed user provider for Silex.",
"keywords": ["silex", "user", "user provider"],
"homepage": "http://github.com/jasongrimes/silex-simpleuser",
"license": "MIT",
"authors": [
{"name": "Jason Grimes", "email": "jason@grimesit.com"}
],
"require": { ... },
"autoload": {
"psr-0": {"JGSimpleUser": "src/"}
},
"suggest": {
"monolog/monolog": "Allows more advanced logging."
}
}
39. Specify versions with tags in yourVCS.
Tags should match X.Y.Z or vX.Y.Z
with optional RC, beta, alpha or patch suffix.
1.0.0
v1.0.0
1.10.5-RC1
v4.4.4beta2
v2.0.0-alpha
v2.0.4-p1
41. Branch names that look like versions
become {branch}-dev:
2.0 => 2.0.x-dev
1.2.x => 1.2.x-dev
42. Other branch names become
dev-{branch}:
master => dev-master
bugfix => dev-bugfix
43. Specifying system requirements
{
"require": {
...
"php": ">=5.3",
"ext-PDO": “~1.0@dev”,
"lib-openssl": "openssl"
}
}
Run composer show --platform for a list of
locally available platform packages.
44. Executing scripts with Composer
{
"scripts": {
"post-update-cmd": "MyVendorMyClass::postUpdate",
"post-package-install": [
"MyVendorMyClass::postPackageInstall"
],
"post-install-cmd": [
"MyVendorMyClass::warmCache",
"phpunit -c app/"
]
}
}
composer.json
Many other pre- and post- event hooks are supported.
48. Maintaining your own forks
When you fix a bug in a third-party library,
use your own fork until your fix gets accepted upstream.
{
"repositories": [
{
"type": "vcs",
"url": “https://github.com/jasongrimes/monolog”,
}
],
"require": {
"monolog/monolog": "dev-bugfix"
}
}
Your fork
Branch with your fix
Custom repos have priority over packagist, so your fork gets used instead of the original.
55. • ...install dependencies not stored in your project’sVCS repo.
• ...ensure identical versions in all your project’s environments.
• ...handle autoloading.
• ...distribute your open source libraries.
• ...manage your private repositories.
Use Composer to: