Managing Drupal using Composer

What is composer

  • Dependency management
    • Drupal modules
    • PHP libraries
    • 3rd party JS libraries (though npm might be better)

But Composer Sucks!

They all do, its a means to an end

Composer is slow

  • They all are
  • Dependency management is an NP-complete problem
    • Very hard problem in computer science
    • dependencies -> dependencies -> dependencies ...
  • Composer is one of the better ones out there!

Keep all dependencies in Repo?

Yay

  • deployment is easy since everything in repo
  • no reliance on dependencies being 'up'
  • bloated repos
  • multiple ppl working on project = possible conflicts

Nay

  • repos not so bloated
  • conflict only really in composer.lock
  • dependencies need to be 'up'
  • deployment is more complex
  • dependencies can 'change' if not using lock file

Useful composer commands

  • composer install
  • composer update
  • composer why
  • composer validate

composer install

  • Installs dependencies in composer.json (and creates composer.lock file if not exists)
    • slow if first install and no composer.lock file
    • Installs dependencies in composer.lock
      • fast
  • Generally safe as composer.lock is not updated

composer update

  • Updates your dependencies
    • Updates composer.lock
  • Can also limit what you update
    • composer update drupal/core:8.9.2
  • Does NOT use composer.lock
    • slow

composer why

  • Useful when you have conflicts
  • will let you see what libraries are not compatible in the setup

composer validate

  • Validates the composer.json file
    • Lets you know if your dependencies are too 'locked' down
    • If you have bad dependencies

Write your own command

  • post install commands
  • custom one time commands
  • sync commands

Managing Drupal

  • Shit show x (number of client sites you manage)
  • Core
    • Distributions
    • Modules
    • PHP Libraries
    • Themes

Semantic versioning

  • x.y.z
  • z: patch
    • no new functionality added or functinonality removed. Only bug fixes
  • y: feature
    • New functionality added. Nothing removed.
  • x: version upgrade
    • functionality added/removed.

Gotchas

  • See how developer releases their code
    • Following semantic versioning, you should be safe on a major release
    • Not following semantic versioning, you may need to look at their code
      • Code review time
    • Also where testing comes in handy (which I've been saying for years)