Files to Include in Version Control System
I basically check in all composer related files into git.
composer.json
composer.lock
vendor/
To prevent version conflict with my team members, composer.lock is checked in, so that everyone is using the exact version of 3rd-party libraries.
Intranet applications should include the vendor/ directory. I deploy mine in a standalone installer, and I cannot make the assumption that the target server has Internet connectivity. Therefore, all dependencies become part of the code base.
Note that including vendor/ is not recommended for more common use cases: open source code repository or code that is deployed as needed to virtual machines.
Look out for .gitignore and composer.json in vendor packages
A package dependency that I added during development worked fine, but when I deploy it I got strange errors. On further investigation, one of the required configuration file for the dependency is not included in git, because it is listed in the .gitignore in the project's directory.
Always check for the existence of .gitignore and composer.json in vendor sub-directories and amend accordingly.
Installing a Dependency
Use require to install a dependency:
$ composer require peehaa/opcachegui --sort-packages
This section will be added to composer.json
"require": {
"peehaa/opcachegui": "^1.0"
}
We will get into the ^1.0 in a bit.
Avoid adding a package by hand in composer.json! If you want a specific version, you can do so in the command line.
$ composer require peehaa/opcachegui:1.0.1 --sort-packages
--sort-packages is recommended to keep your packages in order.
Specifying Version
If you do not specify a version when requiring a dependency, composer will automatically choose the latest stable version. From composer 1.0.0 onwards, it will use the caret ^. Caret is a good default, as it means upgrades to bugfix and minor versions are allowed, but not the next major version. For an example:
^1.2.3 = >=1.2.3-0 <2.0.0-0
Another commonly used option is tilde ~, to allow only for bugfix updates, but not minor versions.
~1.2.3 := >=1.2.3-0 <1.3.0-0
Do not use the asterisk * option, for example 1.2.*. Specifying the exact version "1.2.3" means there is less flexibility and you are likely to face difficulties updating your dependencies.
The image from http://www.jontejada.com/blog/galvanize/talk/2016/01/18/semver/ illustrates semver (semantic versioning)
Composer Install vs Update
The install and update commands perform very similarly. Use install when:
- initially check out a project
- you want the latest updates from your team mates
- new production release
Use update when:
- you want to update the dependencies (vendor libraries) to the latest version
Prepare for Deployment
When you are ready to deploy, use the following command
$ composer install --prefer-dist --no-dev --optimize-autoloader
The command will ensure you are using the version in composer.lock, distribution packages (and not source packages) are used, no developer libraries are included, and optimize performance by generating classmap autoloaders.
Some of the useful tips above is taken from the "Composer the right way" talk by Rafael Dohms.
nemco.com.au
ReplyDeleteHire PHP Developers | PHP Development Company Melbourne
A leading PHP development company in Melbourne, Australia. Our talented web developers can develop website at very affordable rate. Hire our PHP developers
php development melbourne | Dedicated php developer
From such broad diversity, selecting the most appropriate PHP web developer for your business needs a lot of market research and commitment. There are a number of factors that you need to consider while hiring PHP application development services from a firm.
ReplyDeleteThanks for sharing this informative article and your experience in detail on how to use PHP Composer for a legacy intranet application. If you have any requirement to Hire PHP Developers for your project at best and affordable web design cost. Please contact us.
ReplyDelete