I am familiar with the concept that, when composer.lock file is present, composer install command runs the packages from this file.
So when I add (manually put a vendor/pkg list) to "require" in composer.json, and run command install then only those packages locked in composer.lock files get installed.
But this understanding of mine got conflicted, when I found composer.lock file being git-ignored by my senior developers.
When any update on composer.json file is pushed to deployment server, command install is being run and it seems to "install" the updated packages.
What got me confusing is, since there's no mention of that newly added package in the composer.lock file in the deployment server, how is it being installed?
I tried the same on my local:
first added vendor/pkg in require of composer.json.
tried running command install.
And got this warning instead:
warning: the lock file is not up to date with the latest changes....
nothing to install or update.
So my question is :
why two different behaviors are being shown?
How are the newly added packages in .json and not in .lock are being installed in the deployment server and not in local?
I have been researching on this for a while, and its bugging me.
Maybe I am getting it wrong. Anyone there to clear this out?
There are a few options:
Add vendors with composer require vendor/pkg
Add in composer.json as you did, but then run composer update vendor/pkg (Running composer update without the package name will update all of them)
Related
I freshly installed a PHP application given with a composer.lock file.
When running composer install, command line tool is still asking for a composer.json.... I don't have.
In composer documentation, it's said that install command first look for a composer.lock and then for a composer.json.
Why composer is still asking for a file it doesn't need to install my dependencies ?
composer install > returns :
Composer could not find a composer.json file
You still need the composer.json file to install or update any dependencies.
Having a composer.lock file means that composer will not search for the latest commits of the dependencies
A few weeks ago on Twitter, I noticed that the OpenCFP project doesn’t have a composer.lock file in it’s repository. “So what,” you might say, “just composer install and away you go. You’ll get the same dependencies, right?”
Wrong.
The point of the lock file is to record the exact versions that are installed so they can be re-installed. This means that if you have a version spec of 1.* and your co-worker runs composer update which installs 1.2.4, and then commits the composer.lock file, when you composer install, you will also get 1.2.4, even if 1.3.0 has been released. This ensures everybody working on the project has the same exact version.
Source: Composer: It's all about Lock File
You must have a composer.json to install dependencies, because it's the file where dependencies theirself are listed. Refer to the documentation.
composer.lock lists dependencies which has already been installed. The composer looks first into it in order to keep versions consistent.
The (documentation states)[https://getcomposer.org/doc/01-basic-usage.md#installing-with-composer-lock]:
running install when a composer.lock file is present resolves and installs all dependencies that you listed in composer.json, but Composer uses the exact versions listed in composer.lock to ensure that the package versions are consistent for everyone working on your project.
If you have lost your composer.json you can reverse engineering your composer.lock. Open it and read all the packages installed, then create a composer.json which requires them. Not every single package will be a direct dependency for your problem: you should identify and remove those which are not.
I need to discus a very important thing for me (probably for all users who uses composer in their projects). I am working on laravel. Whenever i work on my local machine, i run composer update after adding new library in vendor.
Now it works fine on local machine. But when i upload these files on my server, it shoots error like "Undefine class ....". I dont know how to run composer update command on server (Also it might be not safe).
So may i just know which files are updated by using composer update on cmd. What other files needed to go live to avoid this error??
You may:
Run composer update on your local server only, whenever you want.
Commit/push every files (including composer.lock) but the vendor directory
Deliver to your production server (without vendor, with composer.lock)
Then run composer install on your production server. It will update all your dependencies according to your composer.lock(so the exact same versions as your last update on your local server).
So in other words: you should not run composer update on your server, just composer install on every delivery (and you will need to keep your composer.lock)
Hope it will help you.
run composer dump-autoload before composer update. If still doesn't work then try to clear composer cache using composer clear-cache
composer update will update the version of every package from you vendor folder.
normally if you can not ensure you need update all the version of every package, you should use composer install
the reason of error "undefined class" is normally caused from app.php.Because service provider is defined in app.php, but the class(package) not been installed.
in order to solve your problem, try do this in three ways:
composer install --no-scripts;
comment the service providers which not been installed already from app.php, then composer install
composer dump-autoload
I'm having an issue with composer.
I'm working with git in a local environment. I'm the only one developer.
When I need some more dependencies (or need to change some versions), I edit the composer.json and run composer install locally.
Everything's fine.
Then, when everything works locally, I commit my changes (including composer.json and composer.lock) and push to my production server.
A post-receive script updates the sources and runs a composer install on the remote server.
What is expected :
Composer should install the new dependencies according to the composer.lock file.
I should be happy.
What happens :
Composer is angry :
Warning: The lock file is not up to date with the latest changes in
composer.json. You may be getting outdated dependencies. Run update to
update them.
Composer removes all dependencies.
My production is broken.
I have a heart attack
I have to log in to my server via ssh and run a composer update to make things work fine, but I know that a composer update is not recommended on a production server.
Here's the output of the post-receive composer's section :
composer install
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
- Removing guzzle/guzzle (v3.9.3)
- Removing symfony/event-dispatcher (v2.7.1)
- Removing geoip/geoip (v1.15)
- Removing pimple/pimple (v3.0.0)
- Removing cocur/slugify (1.1.x-dev)
- Removing bentools/url (0.2)
- Removing bentools/simplexmlextended (1.2.0)
Generating autoload files
What am I doing wrong ?
Thanks,
Ben
This warning
Warning: The lock file is not up to date with the latest changes in composer.json, you may be getting outdated dependencies, run update to update them.
occurs when the md5sum of your composer.json differs from the one stored in the composer.lock:
{
"hash": "b15ed9405e8547867f74973ce8add172",
"packages": [ ... ]
}
Make sure your composer.json and composer.lock are identically with your local ones (compare their md5sums). I suspect that something in your deploy chain is not updating them correctly.
Make sure you added your dependencies locally with the require command:
composer require new/package ~2.5
or if composer.json was edited manually at least run
composer update new/package
after that for every additionally added package to ensure that it is added to your composer.lock properly.
Another approach:
run composer update --lock in production. This will update the hash in your lock file but won't upgrade your vendors.
Then run composer install to install the vendors from your comoser.lock.
When I need some more dependencies (or need to change some versions), I edit the composer.json and run composer install locally.
That's wrong. You can edit composer.json and then must run composer update, or you let Composer do the internal editing of the json file and just run composer require new/package (optionally with a version).
Either way, you should end up with a changed composer.json and composer.lock file, commit BOTH into your repository, and the expected outcome is that the lock file will contain all packages in the correct versions, which should be installed in production with a regular composer install run.
Note that your workflow is still very dangerous. If you push, and Github is down - how would you get the ZIPs to install?
A developer has sent me his project to work with, but when ever I try to update or install my vendors everything works great until the very end and it outputs the message bellow.
C:\xampp\htdocs\BigWaveMedia\davinkit>php artisan migrate
{
"error": {
"type": "Exception",
"message": "expected color value: failed at `.clearfix;` C:\\xampp\\htdocs\\BigWaveMedia\\davinkit\\app\\start\/..\/..\/public\/less\/style.less on line 102",
"file": "C:\\xampp\\htdocs\\davinkit\\vendor\\leafo\\lessphp\\lessc.inc.php",
"line": 3258
}
}
C:\xampp\htdocs\BigWaveMedia\davinkit>
Any ideas at all? Here is a full log http://pastebin.com/y9q4Rc5z
When you run composer update, composer generates a file called composer.lock which lists all your packages and the currently installed versions. This allows you to later run composer install, which will install the packages listed in that file, recreating the environment that you were last using.
It appears from your log that some of the versions of packages that are listed in your composer.lock file are no longer available. Thus, when you run composer install, it complains and fails. This is usually no big deal - just run composer update and it will attempt to build a set of packages that work together and write a new composer.lock file.
However, you're running into a different problem. It appears that, in your composer.json file, the original developer has added some pre- or post- update actions that are failing, specifically a php artisan migrate command. This can be avoided by running the following: composer update --no-scripts
This will run the composer update but will skip over the scripts added to the file. You should be able to successfully run the update this way.
However, this does not solve the problem long-term. There are two problems:
A migration is for database changes, not random stuff like compiling assets. Go through the migrations and remove that code from there.
Assets should not be compiled each time you run composer update. Remove that step from the composer.json file.
From what I've read, best practice seems to be compiling assets on an as-needed basis during development (ie. when you're making changes to your LESS files - ideally using a tool like gulp.js) and before deployment.
The following works for me:
composer update --no-scripts
this is command for composer update please try this...
composer self-update
write this command in your terminal :
composer update
You can use :
composer self-update --2
To update to 2.0.8 version (Latest stable version)
I have an old composer based symfony project, that I just updated with some changes of code. I tested in development everything works fine. I have got issue when deploying the composer asked to run composer.phar self-update to update the composer since the composer is outdated. After that I do the composer.phar install. I get this error -
[RuntimeException]
Your composer.lock was created before 2012-09-15, and is not supported anymore. Run "composer update" to generate a new one.
What if I don't want to update. I am okay this. How can I force it not to update.
The structure of the lock file was changed, and therefor you should upgrade your lock file. You can upgrade your lock file without actually upgrading any dependencies by executing:
composer update nothing
I would suggest you look at the composer.lock file and note any versions that are used there. Then copy these into the composer.json, delete the lock file and run a normal install.
Of course, you do this on a copy of your software to see if all the same versions do appear again.