Jordi Boggiano
@seldaek
http://nelm.io/


In-Depth with Composer

Belgian living in Z├╝rich, Switzerland

Building the internet for 10+ years
 http://seld.be

Symfony2, Composer and other OSS contributions
 http://github.com/Seldaek

Working at Nelmio
 http://nelm.io
 Symfony2 & performance consulting

Composer

Use Cases

Installing and Updating dependencies

Installing and Updating dependencies

install/update work on the project's dependencies

composer installs or updates individual packages

Global CLI utilities

Global CLI utilities

composer global require "fabpot/php-cs-fixer:dev-master"
            

Edit your PATH

export PATH="~/.composer/vendor/bin:$PATH"

C:\Users\USERNAME\AppData\Roaming\Composer\vendor\bin
            
composer global update
            

Using a forked project

Using a forked project

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/Seldaek/symfony"
        }
    ],
    "require": {
        "symfony/symfony": "dev-master"
    }
}
            

Additional repositories take priority over the default ones

Using a forked project

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/Seldaek/symfony"
        }
    ],
    "require": {
        "symfony/symfony": "dev-my-patch"
    }
}
            

Your branches are available as well

Use composer show -v symfony/symfony to see available versions

Using a forked project

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/Seldaek/symfony"
        }
    ],
    "require": {
        "symfony/symfony": "dev-my-patch as 2.1.0"
    }
}
            

Private packages with Satis

Private packages with Satis

composer.json

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/nelmio/NelmioSecretBundle"
        },
        {
            "type": "vcs",
            "url": "https://github.com/nelmio/lib"
        }
    ],
    "require": {
        "nelmio/secret-bundle": "1.*",
        "nelmio/lib": "1.5.3"
    }
}
            

Private packages with Satis

satis.json

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/nelmio/NelmioSecretBundle"
        },
        {
            "type": "vcs",
            "url": "https://github.com/nelmio/lib"
        }
    ]
}
            
composer create-project composer/satis myrepo
cd myrepo
bin/satis build satis.json www/
            

Private packages with Satis

composer.json

{
    "repositories": [
        {
            "type": "composer",
            "url": "http://satis.example.org/"
        }
    ],
    "require": {
        "nelmio/secret-bundle": "1.*",
        "nelmio/lib": "1.5.3"
    }
}
            

Private packages with Satis

Set-up a system-wide repository

Unix: /home/example/.composer/config.json

Windows: C:\Users\example\AppData\Roaming\Composer\config.json

{
    "repositories": [
        {
            "type": "composer",
            "url": "http://satis.example.org/"
        }
    ]
}
            

Use composer config -g -e to open the file

Private packages with Satis

composer.json

{
    "require": {
        "nelmio/secret-bundle": "1.*",
        "nelmio/lib": "1.5.3"
    }
}
            

Deploying/building with Composer

Deploying/building with Composer

COMMIT your lock file

$ composer install --no-dev
            

The Story of an Install/Update

1. Bootstrap

1. Bootstrap

pre-install-cmd / pre-update-cmd scripts fire

1. Bootstrap

Loading of the root package

First install or Update

Create install requests for the requirements

(on update:) Force update installed dev packages to latest commit

Install from lock file

Load lock file as a repository

Create install requests for all its packages

2. Creation of the package pool

Platform repository

$ composer show --platform
                

Local (installed) repositories

$ composer show --installed
                

Locked repository (install only)

Custom repositories (project)

Custom repositories (user level config)

Packagist

2. Creation of the package pool

Stability filters

minimum-stability >= package stability

{
    "minimum-stability": "alpha"
}
                

package stability flag >= package stability

{
    "require": {
        "acme/foo": "1.0.*@dev"
    }
}
                

3. Dependency Resolution

Solver + Request + Pool

Shake everything until you found matching packages

Pick latest packages from those that match

OR: Pick latest *stable* packages from those that match

{
    "prefer-stable": true
}
                

Create a list of operations

4. Install / Update / Uninstall

--prefer-source forces source install (git clone)

--prefer-dist forces dist install (zip download)

--dry-run if you are just curious

--verbose / -v to see more details

$ composer update -v (--verbose)
Loading composer repositories with package information
Updating dependencies
  - Updating symfony/symfony dev-master (487b8c => 885d47)
    Checking out 885d4733664b040765f2faab68f3aacef58d1216
    Pulling in changes:
      885d473 - Fabien Potencier: merged branch Tobion/empty-requ....
      13937de - Fabien Potencier: replaced self.version/2.1.* by ...
      a9a0f42 - Fabien Potencier: merged 2.1
      3c32fd9 - Fabien Potencier: replaced self.version by 2.1.*...
      c5edce7 - Fabien Potencier: merged branch eventhor...
      4d6dd46 - Fabien Potencier: merged branch eventhor...
                

5. Wrap-up

5. Wrap-up

Writing lock file (update or first install only)

Only want to update the lock file?

$ composer install
Installing dependencies from lock file
Your lock file is out of sync with your composer.json, run "composer.phar update" to update dependencies

$ composer update lock
            

5. Wrap-up

pre-autoload-dump script fires

Generating autoloader

post-autoload-dump script fires

Optimize the autoloader for production, -o also works on install/update.

$ composer dump-autoload --optimize
                

5. Wrap-up

post-install-cmd / post-update-cmd scripts fire

Scripts get in your way during deployment?

$ composer install --no-dev --no-scripts
$ app/console assetic:dump --env=prod --no-debug web/
$ [...]
            

Run scripts manually

$ composer run-script post-update-cmd
            

Troubleshooting

503 from GitHub when downloading zips?

Install from source instead

$ composer install --prefer-source
            

Experiencing a strange behavior?

Update composer

$ composer self-update
                

Run a diagnostic

$ composer diagnose
                

Update your deps

$ composer update -v
                

Still not working? Reinstall the deps

$ rm -rf vendor/
$ composer update -v
                

Still not working?

Report a bug with full -vvv output

Find Out More

Thank you.

Questions?

jordi@nelm.io

@seldaek

slides.seld.be