I am developing a PHP website. I have a version on my laptop where I develop everything and my web server which runs the site.
I have found that I can use composer to install PHPUnit only on my laptop and not on my web server using the "require-dev" option Using "require-dev" to install packages in composer
However, this comes with some downsides:
From now on I have to call php composer update --no-dev on the webserver, and if I forget --no-dev then its also installed on the web server
I have to use $ ./vendor/bin/phpunit to call phpunit
I have to do install phpunit for each project on my laptop.
Would't it be much better to just install phpunit on Ubuntu sudo apt-get install phpunit? This way I would not have to worry about using the --no-dev option on the server and I could simply call it by $ phpunit. Am I missing anything important here?
Fast answer is:
You can have a version of phppunit you want in your project and another in another. And --no-dev should be used in production anyway, because you don't want to install all the dev dependencies in Production
if you don't want to call ./vendor/bin/phpunit add a script to your composer.json and then run the tests by composer test or anything you create
Explained in the first one. It really makes sense, especially when you work with some legacy code that works only with some particular versions of php/phpunit etc.
I usually install phpunit, and other tools in the 'require-dev' section, but another entirely reasonable option is to download the phpunit.phar file from the website, and check it in with the rest of your code - updating it manually occasionally.
A local (or global) Composer install will allow for better control of exactly which version is available though, and you can see when it, or your other dependencies are out of date with composer outdated.
As for a production deployment, you should be automating it as much as possible, to make sure that exactly the same thing happens every time. With that, it's just another few characters in your deployment script or other mechanism.
Related
Laravel Backpack recommends to install the backpack-devtools via composer, and to exclude them from production by running the composer install command with the --no-dev parameter. This would allow to use the package in the local environment while excluding it from production (https://backpackforlaravel.com/products/devtools).
This works perfectly fine by itself, just when I use a CI, I would run unit tests, and I would not really want to install the backpack-devtools in the temporary CI environment. Yes; one could just add that license key to the secure variables, run the composer install without --no-dev parameter and either ignore the backpack-devtools package or delete it, but I wonder if there is a smarter way of doing it and not include it at all.
There is no way in Composer to install everything but one dependency. So no, I’m afraid you cannot do that.
What you might be able to do, however, is to run “composer remove —dev backpack/devtools” in your CI/CD pipeline, before the “composer install”. That should make it install without it.
I'm using PHP_CodeSniffer in my GitLab CI/CD pipelines to ensure my code is properly formatted. The job looks like follows:
stages:
- test
- build
- deploy
coding_standard:
stage: test
script:
- curl -OL https://squizlabs.github.io/PHP_CodeSniffer/phpcs.phar
- php phpcs.phar --extensions=php .
That's working as expected. However, the exact version of the tool is not specified here. So if there's suddenly a new major version of PHP_Codesniffer, the CI/CD job might fail, although my PHP code hasn't changed.
Furthermore, I currently have the tool installed globally on my local machine. In that way, I cannot have a specific version of the tool for every PHP project.
Now I'd like to add the tool as Composer dev-dependency (require-dev).
In the CI/CD job I would then call composer install instead of downloading the tool via curl.
The problem: That will download all packages needlessly, instead of just PHP_Codesniffer and its dependencies. Can I prevent that?
You can't do this with composer. You can't even install "only the dev dependencies". It's all the dependencies, all the non-dev dependencies, and that's all.
And it's generally a bad idea to install this kind of dependency as a project dependency, since very easily you can enter in dependency hell for reasons beyond your actual application needs. Development tools should not bring that level of complexity and danger to your deployment strategy.
To get around this, you could use something like the Composer Bin Plugin to isolate these dependencies and yet install them through composer. Then on CI you'd run composer install on this directory only, and run the tool from this location (or symlink it to bin, which is what the plugin does when it's installed, but you wouldn't have it installed in CI if you are not installing all the dependencies anyway).
Why not download any tagged version from Github through https://github.com/squizlabs/PHP_CodeSniffer/releases, like https://github.com/squizlabs/PHP_CodeSniffer/releases/download/3.6.0/phpcs.phar?
Using a PHAR is better than installing such stuff using Composer, as you might install other incompatible dependencies that way (this is not the case with phpcs, but other tools like phpmd install other dependencies from Symfony)
I just started my laravel course with laracast. I dont quite understand yet all the enviornment-related things.
I know that Composer is a kind of a program that downloads pre-written scripts to use in your project. But where does it work? On my local machine or on my vagrant homestead box VM? On which of these is it supposed to be installed?
I installed myself vagrant homestead box already but does it contain composer? When I go ssh into my guest machine and go to vagrant#homestead:/vagrant$ path I can see composer.json and composer.lock files, but does it mean that I have composer installed?
Composer is a PHP package manager, like npm for javascript or pip for python. There are many examples of package managers. It's useful, because adding dependencies to your php projects can be a pain, but composer makes it really easy. You just add the dependency to composer.json and you can use it right off the bat.
Composer isn't laravel specific, you can use it in any php project, laravel uses it to manage it's dependencies, laravels dependencies use it to manage their dependencies and so forth.
If nothing else, the composer autoloader is great, so you can use it even if you don't plan on using external packages.
Homestead should come with composer installed. A composer.lock file is generated when you run a composer install or composer update. If you plan on creating or using other php projects on your machine, it's probably a good idea to have composer installed on your machine as well.
I have a Yii 2 web application which uses Composer for its dependencies. How am I supposed to deploy this application at a production server without having to run composer? What I would like to be done is to zip the whole application directory at the development server, copy it to the production server, unzip it and have it deployed there without any action run by composer.
I found the solution. Run:
composer install --prefer-dist --no-dev --optimize-autoloader
at the development system and to then copy the whole directory to the production server.
From the documentation:
--prefer-dist: Reverse of --prefer-source, Composer will install from dist if possible. This can speed up installs substantially on
build servers and other use cases where you typically do not run
updates of the vendors. It is also a way to circumvent problems with
git if you do not have a proper setup.
--no-dev: Skip installing packages listed in require-dev. The autoloader generation skips the autoload-dev rules.
--optimize-autoloader (-o): Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially
for production, but can take a bit of time to run so it is currently
not done by default.
I'm using Bluehost and do have access to SSH, thankfully. I've also set my PHP to 5.4 in the Control Panel settings. Now, here's the two big questions that I can't seem to grasp: how do I install Composer and furthermore, after installing Composer, how do I get the dependencies included?
In this case, I am attempting to use the official Tumblr PHP Library, which has dependencies -- all of which can be found on Packagist.
I've referred to this question in which the OP is using HostGator. I have attempted to install Composer in a similar fashion and have done so with seemingly successful results. The issue, however, is that I don't know where to install it on Bluehost so I now have Composer installed in several random places on the server simply because I don't know how to navigate to find where to put it in this shared space.
I know this is the issue (i.e. it's installed in the wrong place) because when I use the composer phar files and syntax to install the packages, I get errors saying the commands don't exist.
I really hate asking for hand-holding assistance, but if someone could walk me through the proper installation of Composer on a shared space and the proper installation of a Composer package from Packagist on the same shared space, it would be much appreciated. I've dug through the Composer documentation and can't seem to find a proper guide -- if one can even exist -- for this case. At this point, I'm wondering if it's going to be different for every web host.
Once you install composer as mentioned by KLVTZ. In the bluehost environment, use the php-cli instead of php.
php-cli composer.phar install
When installing composer, the biggest problem I ran into was that Bluehost's command line php was 5.2 and composer needs 5.3+.
Fortunately, Bluehost does give you access to 5.4. You can find it at
/ramdisk/php/54/bin/php54-cli
I ended up setting up an alias to call composer.phar using the above php command and it's worked great. You can see more details on how to install composer on bluehost.
You should probably not use Composer on the remote host, but instead install it on the local machine that is used to upload your project to Bluehost. There you can manage all the stuff that is needed to fetch the dependencies, which might include having the ZIP extension enabled or having a ZIP program available, having GIT or Mercurial installed if you have to grab a version from a branch, and so on.
All these dependencies of using Composer might not be available on that remote host, and frankly: You really do not want to install these development tools on a production machine anyway, I think. Any software that potentially helps an attacker shouldn't be present if it can be avoided.
The issue, however, is that I don't know where to install it on Bluehost...
In order to fix this problem, you need to figure out where exactly your project folder is. Composer needs to be installed in that folder. If you have access to a UNIX shell, I recommend that you change your directory to that project folder
cd $_SERVER['DOCUMENT_ROOT']/project_folder/
Generally, your remote server will follow the same file directory tree as that on your local machine. However, if you are unsure as to how your file structure may be organized, you can always print working directory of your local machine:
pwd
After you have successfully located the correct file path on your shared space, simply install composer:
curl -sS https://getcomposer.org/installer | php
This will report back something like:
All settings correct for using Composer
Downloading...
Composer successfully installed to: /var/www/my_project/composer.phar
Use it: php composer.phar
You now have access to your composer.phar in your project. Let me know if you need any further help.
One problem on Bluehost is that the php command on Bluehost does not execute php-cli. So I "bypass" that by having my own php script earlier in the PATH and then forwarding the arguments to php-cli. In the same process I made script named composer which calls php-cli composer.phar directly.
So, this setup has worked for me on Bluehost:
In ~/bin I have the composer.phar and two bash scripts called php and composer. In ~/.bash_profile I have prepended ~/bin to my PATH.
~/bin/php looks as follows:
#!/bin/bash
php-cli "$#"
~/bin/composerlooks as follows:
#!/bin/bash
php-cli ~/bin/composer.phar "$#"
And the additions to ~/.bash_profile are these:
PATH=$HOME/bin:$PATH
PATH=$PATH:$HOME/.composer/vendor/bin
export PATH
(I have also added ~/.composer/vendor/bin as can be seen, this is handy for global access for some composed applications (for me that is laravel)).
Remember to source ~/.bash_profile. (Or reconnect)
I think you should do something like this.
In console
echo $PATH
Use one of these pathes
mv composer.phar {selected path}/composer
chmod +x {selected path}/composer
Now you can simply call composer everywhere
If you have composer installed in your root directory (under public_html), might be something related to PHP version. As Bluehost when chosing PHP version "Be aware that this only modifies your ~/public_html/php.ini file. If you choose to use PHP 5.4, you'll want to make sure your crons use "/usr/php/54/usr/bin/php" instead, as otherwise it will use PHP 5.2."
So you can try with the command
/usr/php/54/usr/bin/php-cli composer.phar install