Composer
Matt Fleury
Lead Developer - TBS, TNT, TCM
PHP Dependency Manager
- NPM for PHP
- Open Source
- Released in 2012
- Funded by Toran
- Private package mirror
Packagist
- Hosts public packages
- Run by Toran as well
- Over 100,000 packages
- Over 2.5 billion downloads
So how do I use it?
{
"name": "vgtf/draco_analytics",
"description": "Provides functionality for inserting analytics data layer into content",
"type": "drupal-module",
"require": {
"phpunit/phpunit": "~4.8"
}
}
Make a composer.json for your project
Defining Dependencies
Specify version
Semantic versioning highly recommended
Seriously though, you should be using semantic versioning
~1.2 is equivalent to >=1.2 <2.0.0
~1.2.3 is equivalent to >=1.2.3 <1.3.0
^1.2.3 is equivalent to >=1.2.3 <2.0.0
Tilde - last defined digit
Caret - next major version
Using branches
- Not recommended for production
- dev- prefix
- dev-develop
- dev-master
"require-dev": {
"phpunit/phpunit": "^4.0|^5.0"
},
composer install --no-devcomposer installRun composer install
So how does it work?
composer install
- Builds dependency tree
- Downloads dependencies into vendor directory
- Runs scripts
- Creates composer.lock
- Creates autoloader
*And probably some other stuff
**May or may not actually be in this order
But I don't want my files in the vendor directory!!
"require": {
"composer/installers": "^1.1.0"
},
"extra": {
"installer-paths": {
"docroot/core": ["type:drupal-core"],
"docroot/modules/contrib/{$name}": ["type:drupal-module"],
"docroot/modules/custom/{$name}": ["type:drupal-custom-module"],
"docroot/profiles/contrib/{$name}": ["type:drupal-profile"],
"docroot/themes/contrib/{$name}": ["type:drupal-theme"],
"docroot/themes/custom/{$name}": ["type:drupal-custom-theme"]
}
}What is composer.lock?
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "07d8a08e6826be43fbd0f20410de8a4e",
"content-hash": "10cffb250d249788722cb0dcd504b1ff",
"packages": [
{
"name": "alchemy/zippy",
"version": "0.3.5",
"source": {
"type": "git",
"url": "https://github.com/alchemy-fr/Zippy.git",
"reference": "92c773f7bbe47fdb30c61dbaea3dcbf4dd13a40a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/alchemy-fr/Zippy/zipball/92c773f7bbe47fdb30c61dbaea3dcbf4dd13a40a",
"reference": "92c773f7bbe47fdb30c61dbaea3dcbf4dd13a40a",
"shasum": ""
},
"require": {
"doctrine/collections": "~1.0",
"ext-mbstring": "*",
"php": ">=5.3.3",
"symfony/filesystem": "^2.0.5|^3.0",
"symfony/process": "^2.1|^3.0"
},
"require-dev": {
"ext-zip": "*",
"guzzle/guzzle": "~3.0",
"phpunit/phpunit": "^4.0|^5.0",
"symfony/finder": "^2.0.5|^3.0"
},
"suggest": {
"ext-zip": "To use the ZipExtensionAdapter",
"guzzle/guzzle": "To use the GuzzleTeleporter"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "0.2.x-dev"
}
},Now composer install will use composer.lock instead of composer.json
Everyone has the same version of everything!
But I want the latest version of all the things!!!!
composer updateCross your fingers
Updates folders and composer.lock
Private Packages
"repositories": [
{
"type": "composer",
"url": "http://satis.draco.turner.com"
},
{
"type": "git",
"url": "git@bitbucket.org:vgtf/ten-dejavu-media.git"
},
{
"type": "git",
"url": "git@bitbucket.org:vgtf/tbs-dejavu-video.git"
}
],
"require": {
"vgtf/ten_media": "dev-develop",
"vgtf/ten_video": "dev-develop",
"vgtf/draco_analytics": "dev-master",
"vgtf/draco_cvp": "0.1.*",
"vgtf/draco_dfp": "0.1.*"
}What happened to drush make?
- Lock files
- Dependency Tree
- Autoloading
- Every other PHP project uses composer
- External libraries
- Projects can include own make files, but low visibility
Questions?
Composer
By Matthew Fleury
