I'm using Composer for a small project. I've pushed composer.json and composer.lock to Git, and put the vendor/ folder into .gitignore, so I can install the dependencies at the server on deploy time.
Can I push composer.phar to the Git repo or should I install a new copy for the server? Not sure if the installation process is machine-dependant.
It's a lot easier to install composer.phar manually on each server where you need it, as it will prompt to be updated every 30 days, and you don't want to be forever updating the content of your repo for a composer update.
Composer is a tool to help you with your deployments, so it should not be a part of your deployments
I personally store composer.phar in git for some PHP projects, usually in the project root directory.
This has the advantage that you can easily enforce the same composer version across multiple team members / computers, which can reduce the differences in composer.lock files, especially after running composer update. This may not be very standard, but I often document this in the project README.
Related
This is how I use composer and svn together:
In my development version, I run composer to download required packages to the vendor directory. I then commit the vendor directory to svn together with the rest of the development folder. The production build makes a copy of the vendor folder.
I know, it is recommended not to commit the vendor directory in svn (see SVN Repo in vendor with Composer), but I want to be safe for the case when a composer update may break my application. It allows me to rollback everything in that case to the last stable state.
The problem with how composer works is that the checked out svn repo breaks, if composer deletes whole directories.
I would switch to the recommended practice and only check in composer.lock and composer.json into svn, if I knew how to rollback an eventual breaking composer update. Can somebody explain this to me, please.
When you have composer.lock and run composer install (not update) you are sure that you'll get dependencies which are "locked" by you.
Running composer update ignores entries in composer.lock and tries to download latest dependencies allowed by composer.json.
I have a Neos project, consisting of a Site providing the main composer container. composer.json requires a huge number of packages (whole neos/flow environment), including some packages we develop.
Our deployment setup consists of Jenkins, building the css/javascript for both the site and plugin packages (only within their specific gits) and finally triggering TYPO3 Surf, which actually calls composer install and then rsync's to the server.
Right now, each time we want some changes in our dev branch to be deployed to the testing environment, we have to manually cd to the main composer directory, do a
composer update vendor/package && git add composer.lock && git commit -m "update composer.lock"`.
Is there anyway to always use the newest version of our plugin package with composer? Perhaps excluding the requirement from composer.lock, or just changing it without installing the actual packages.
For a continuous deployment to a testing server you could just make jenkins do a composer update and with your packages set to dev/master in the composer.json.
I have a Yii 2 web application which uses Composer for its dependencies. How am I supposed to deploy this application at a production server without having to run composer? What I would like to be done is to zip the whole application directory at the development server, copy it to the production server, unzip it and have it deployed there without any action run by composer.
I found the solution. Run:
composer install --prefer-dist --no-dev --optimize-autoloader
at the development system and to then copy the whole directory to the production server.
From the documentation:
--prefer-dist: Reverse of --prefer-source, Composer will install from dist if possible. This can speed up installs substantially on
build servers and other use cases where you typically do not run
updates of the vendors. It is also a way to circumvent problems with
git if you do not have a proper setup.
--no-dev: Skip installing packages listed in require-dev. The autoloader generation skips the autoload-dev rules.
--optimize-autoloader (-o): Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially
for production, but can take a bit of time to run so it is currently
not done by default.
Is there a way to clean unused dependencies and composer dev requires to reduce a Laravel project, because it's so heavy (43,3 Mb) and it's a small project. Btw, I'm using some dev helpers like Debugbar and IDEHelpers which are not used for deployment...
Is there a way to make a deployment version of my project in other folder
The recommended way to deploy your app is without the vendor directory. I'm going to assume that you're using git for your project. First, put the following in your .gitignore.
/vendor/
Now remove the vendor directory from your repository
git rm -r --cached vendor
git commit -m 'Removed vendor directory'
Now you have a two step deployment:
Update the app using git pull or however you usually deploy.
Run composer install --no-dev --optimize-autoloader. This will generate your vendor directory omitting any development only dependencies.
In order to take advantage of the --no-dev flag, you need to put your development dependencies in the require-dev section in your composer.json. For example:
"require-dev": {
"phpunit/phpunit": "~4.3"
}
Now PHPUnit will be required for development, but not when the --no-dev flag is specified.
Maybe I'm misunderstanding your question but when you deploy a project, you shouldn't be deploying the laravel app with it (/vendor/). You should run composer install and it will pull in all the dependencies. In your composer.json file you can also choose which dependencies are for dev environments only similar to the require-dev section found here: https://gist.github.com/philsturgeon/5976359
As a PHP developer I find myself working with Composer a lot. In the past it was on personal projects and such so I didn't have much problems with it, but now with Laravel 4 it's on project that require deploying and I'm in kind of a struggle to adapt my workflow.
All my projects are git repositories, thus per convention and because it's still quite buggy, like most developers I put the vendor directory in my .gitignore.
Now the problem is : I also use Git to deploy to the server, and by all logic the vendor directory is not uploaded as it's not tracked by the repository.
So my question is towards people that have worked with Composer and Git for longer than me : what is the best workflow to keep the server in sync ? How to track the vendor folder without really tracking it ?
I tried uploading it every time I update with Composer but some of my vendor folders are quite big and I can't manually upload 30Mb of files every time something updates.
I don't really know, how do you guys work it out ? I tried not ignoring the vendor folder but Git just messes it up, half are recognized as cloned repos and are just ignored anyway, etc.
UPDATE : Note that I'm on a shared host so I don't have access to the server's terminal.
The best way is to run composer install on the server after updating to the latest code. You should also make sure you commit your composer.lock file, which the server will then use to install (you should not run composer update on the server).
Capistrano (or Capifony if you are using Symfony2) is very useful for deployments with composer. You can trigger a deployment remotely and it will run a composer install in isolation so the site remains online until it has been deployed successfully. There are many other benefits such as retaining previous deployments and rolling back, copying old vendors before deployments, compiling assets etc. etc.
I'm working on something like this in the git post-receive hook on the server. This isn't tested and may be buggy, but you should get the idea.
#!/bin/bash
# get the updated composer.json
git checkout master -- composer.json
# only do this stuff if composer.json is different
# you could check this manually, or with git or cmp
cp composer.json tmp/composer.json
# may take a minute, but won't take the site down
(cd tmp; composer install --prefer-dist)
# this doesn't seem to be atomic
git checkout -f
# switch vendors over
# this isn't quite an atomic operation, but is very close
# you could probably do it with symlinks and "mv -Tf" to make it atomic
mv vendor vendor.old
mv tmp/vendor vendor
rm -r tmp vendor.old
Ideally all of the deploy (i.e. in this case the git checkout and the composer install) except one single mv would happen in isolation, outside of www. This doesn't work if you have untracked files (eg CMS uploads) in your working tree and rely on PHP's __FILE__ not resolving symlinks (due to this PHP bug).
This is an old question but in case anybody is looking a solution:
I slightly modify the #dave1010 answer to use git pull instead of git checkout--force
#!/bin/bash
# get only composer files
git fetch
git checkout origin/master -- composer.json
git checkout origin/master -- composer.lock
# make sure tmp is empty
rm -rf tmp
mkdir tmp
# copy the composer files to tmp
cp -r vendor tmp/vendor
cp composer.json tmp/composer.json
cp composer.lock tmp/composer.lock
# may take a minute, but won't take the site down
(cd tmp; composer install --no-scripts --verbose; cd ..)
# switch vendors over
rm -rf vendor_old
mv vendor vendor_old
mv tmp/vendor vendor
# update your code
git pull
# run again composer install. This time will print 'Nothing to install or update'
# but will execute pre/post scripts & generate autoload files
composer install --optimize-autoloader
There is maybe a better solution using capistrano/composer. But I like mine better.
You can use something like jenkins to ftp your files over this way you can direct jenkins to run composer install on the jenkins server and then ftp the files over.
This also allows you to ignore the vendor folder.
It does require a build server to be made and you would need to be able to execute commands vs the build server
The key is your composer.lock file. The composer.lock keeps track of exactly what packages (and versions) you have installed. When you deploy, send your composer.lock file up to the production server as well, and simply do a composer update. All the exact same package versions will be installed. With deployment software like Capistrano or Flightplan you can make the composer update step part of the process so it happens automatically.