Looking at the help for PHP Composer's install command, I see the following two options
$ composer help install
Options:
--prefer-source Forces installation from package sources when possible, including VCS information.
--prefer-dist Forces installation from package dist even for dev versions.
What's a "dist" installation? I poked around the composer site and Google but there didn't seem to be anything that addressed this (So I assume it's something core and obvious to folks familiar with Composer — apologies for the newbie question)
I'm assuming --prefer-source is where Composer will ask Packagist for the repository location, and then checkout/clone/export/etc. the project itself.
If so, then where does --prefer-dist download from? What does it download?
According to http://getcomposer.org/doc/03-cli.md, the --prefer-source option will prefer to create a package directory that is a "version control repository". This is equivalent to you typing:
$ git clone ...
or
$ svn checkout ...
The --prefer-dist option will prefer to create a non-"version control repository", which is equivalent to you typing:
$ git clone ... ; rm -fr dir/.git
or
$ svn export ...
Also, you can define separate repos for source and dist in your composer.json. Here's an example:
{
"repositories": [
{
"type": "package",
"package": {
"name": "joshuaclayton/blueprint-css",
"version": "master",
"source": {
"url": "git://github.com/joshuaclayton/blueprint-css.git",
"type": "git",
"reference": "master",
}
}
},
{
"type": "package",
"package": {
"name": "fiftyone/mobi-lite-php",
"version": "2013.03.06",
"dist": {
"url": "http://iweb.dl.sourceforge.net/project/fiftyone/51Degrees.mobi-Lite-2013.03.06.php.zip",
"type": "zip"
},
}
}
]
}
NOTE: for whatever reason, when I use --prefer-dist, I sometimes get errors such as
Fatal error: Cannot redeclare class Zend_Db_Adapter_Pdo_Abstract in ...
which do not appear when I use --prefer-source. For this reason, I only use --prefer-source, until I figure out the cause of this issue.
I don't admire, or even approve the provided answer, as it does not address the question. So despite of it being a bit too old, I am posting this answer for any further reference to this question.
Basics:
Normally composer deals with tags (like 1.2.7), but that is not the case all the time. You may also require a branch (like dev-master) as a dependency.
If you want composer to require a tag, it just copies the files on your local (somewhere in your vendor directory).
If you want composer to checkout a branch instead of a tag, there is chance (composer's rational assumption), you want to develop it (thus making changes), so composer clones the repository on your local (again, somewhere in the vendor directory).
So, what?!
Question:
What if you want to require a tag, but still be able to develop it on your local?
Answer:
use --prefer-source along with your composer require or composer update commands:
composer require symfony/symfony:3.4.* --prefer-source
Question:
What if you want to require a most new development branch, but you just want to get the new stuff and don't want to get engaged in its development?
Answer:
use --prefer-dist along with your composer require, composer update commands:
composer require symfony/symfony:dev-master --prefer-dist
As clearly stated in Composer's Documentation:
In fact, internally Composer sees every version as a separate package. While this distinction does not matter when you are using Composer, it's quite important when you want to change it.
and,
Dist: The dist is a packaged version of the package data. Usually a released version, usually a stable release.
Source: The source is used for development. This will usually originate from a source code repository, such as git. You can fetch this when you want to modify the downloaded package.
so,
Packages can supply either of these, or even both. Depending on certain factors, such as user-supplied options and stability of the package, one will be preferred.
If you're checking out a branch, it's assumed that you want to work on the branch and Composer actually clones the repo into the correct place in your vendor directory.
For tags, it just copies the right files without actually cloning the repo.
Related
I am working with a package vendorName/moduleName (a Magento extension) that is present on packagist and on firegento.
On my composer.json file, I have :
"require": {
....................,
...................,
"vendorName/moduleName":"*"
},
"repositories": [
......................,
....................,
{
"type": "composer",
"url": "https://packages.firegento.com"
}
],
As Composer is downloaded pre-configured to use packagist.org , the vendorName/moduleName is loaded from packagist.
I would like to force vendorName/moduleName to be loaded from firegento.
I tried to add :
"repositories": [
{
"packagist": false
},
but then, composer will no more search in packagist : that's not what I want.(as there are usefull packages in packagist too...)
I guess I could use
composer config --global --unset repositories.packagist
and then
composer config --global repositories.firegento composer https://packages.firegento.com
composer config --global repositories.packagist composer https://packagist.org
to add repositories in my prefered order (I'm not sure it works...).
Is there a better/simpler way to achieve my purpose ? I would prefer editing the composer.json more than running global config commands but it's maybe not possible.
Well,
I think I found the answer here:
Repository candidates are, in the end, only evaluated by their order of definition. Packagist is internally added as the last one by definition (though you can disable that) to ensure local copies are always preferred, if allowed by resolver settings.
That means that if I define the firegento repo in my composer.json, then composer will load the package vendorName/moduleName in firegento before packagist. I thought it was the opposite behaviour; I was wrong.
Another helpfull comment here:
Order of repository definitions matters. But composer will still search through all repositories regardless, because it could be that a repository that is defined later has a more recent version available of the package you are requiring.
I have tried to publish a project with composer. The project resides at github, and are published through packagist.org.
But when I try to create my project with composer it fails with this error message:
"Could not find package madskullcreations/simplicity with stability
stable."
I use the following command:
composer create-project madskullcreations/simplicity
The composer.json contains this:
{
"name": "madskullcreations/simplicity",
"description": "Website made simple!",
"homepage": "https://madskullcreations.com",
"type": "project",
"license": "GPL-3.0-or-later",
"minimum-stability": "dev",
"require": {
"php": ">=5.6",
"cakephp/cakephp": "3.5.*"
}
}
My repository contains just one file for testing. What is wrong? I tried to remove the dependencies, the entire "require"-block, but no real change...
Beginner as I am, I don't even know where I would define the packages "stability", can't find anything at github or at packagist.
Please help me get this started!
Working solution:
I eventually got it working with the help from Flying, see his answer further down. Since I think it is a wee bit complicated to get composer up'n working, I try to put the steps I did to get it working here:
Create a repository at github.
Create a composer.json with your depencencies. Check it in.
Release it. There are a "Releases" link somewhere, use it and give the release a name.
Now, to skip the packagist.org step during your testing, follow these steps. It is not good style to publish a non-working solution (like I did) on packagist.org, and it's no fun at all to do all the steps necessary ten times over.
Create a local folder somewhere, and create a new composer.json file there.
Put something like this in it:
{
"require": {
"madskullcreations/simplicity":"dev-master#dev"
},
"repositories": [
{
"type": "vcs",
"url": "https://github.com/madskullcreations/simplicity"
}
]
}
Run the following command in your new folder:
composer create-project
It should now download and install your project.
And, read the error messages given by composer and make sure you understand them. They are useful. My headache was a missing PHP-extension (intl) and that I assumed it was using php version 7.1, while it actually listened to my requirement in the composer.json file, and used v5.6. (I have several php-versions installed in iis, but my fuzzy head did not consider that.)
Packages stability requirement is defined into minimum-stability setting of composer.json of your project, not a composer.json of the external package.
Your madskullcreations/simplicity package have no releases defined so the only branch that is available in it - is dev-master "release" (it can be seen at the right side of package page on Packagist). This "release" have "dev" stability level.
Because of above if you're requiring this package into your project without either setting minimum-stability: dev or without specifying stability requirement for a package as
"require": {
"madskullcreations/simplicity":"dev-master#dev"
}
(notice #dev into version requirement) it is correct behavior of Composer to complain about lack of compatible releases.
Also it is generally bad practice to publish your test packages into public registry like Packagist. Instead you should use direct repository specification into your composer.json as explained here. In your case it will be:
"repositories": [
{
"type": "vcs",
"url": "https://github.com/madskullcreations/simplicity"
}
]
After specifying direct repository reference - it will be safe to remove your test package from Packagist unless you're really want to share it with open source community.
I have two projects on my git repo server. The first one is a library I wrote, let's call it foo/lib-bar. The second is an application which uses that library foo/app-bar. Currently the library is in development version, so the composer.json file of the library looks like this:
{
"name": "foo/lib-bar",
"description": "Bar library",
"version": "1.0.0-dev",
"type": "library",
"require": {
"php": ">=5.4",
"ext-posix": "*"
}
}
The application uses this library, so it contains the necessary requirement:
{
"name": "foo/app-bar",
"description": "Bar application",
"version": "0.5.0-dev",
"type": "application",
"repositories": [
{
"type": "vcs",
"url": "ssh://user#git.example.com/lib-foo"
}
],
"require-dev": {
"foo/lib-bar": ">=1.0.0-dev",
},
"require": {
"php": ">=5.5.3"
}
}
And everything is smooth up to this point: both composer install and composer update run as expected, install the dependency and I can see it in vendor/
Now, the docs says that
require#
Lists packages required by this package. The package will not be installed unless those requirements can be met.
And for the steps which lead to the issue in question:
So ok, my library is ready to be deployed and come out of the development phase. It also happens to be required in production version of my application. I remove the dev suffix from the composer.json file of my library, commit and push the file, and am ready to update the application.
With the application's composer.json I move the library dependency from require-dev section to require and remove the dev suffix (everything is copy-pasted, so there is no typo - I've checked and rechecked again):
"require-dev": {},
"require": {
"php": ">=5.5.3",
"foo/lib-bar": ">=1.0.0"
}
Now I run composer update and I get:
$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for foo/lib-bar >=1.0.0 -> satisfiable by foo/lib-bar[dev-master].
- Removal request for foo/lib-bar == 9999999-dev
I assumed it did not find the new version, so I deleted the old library manually:
$ rm composer.lock
$ rm -rf vendor/foo/
and tried to install it from scratch
$ composer install
but this time it gives me:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package foo/lib-bar could not be found in any version, there may be a typo in the package name.
So it seems like require-dev does work, but require doesn't. Any suggestions on what may have gone wrong here?
require-dev is not the place to develop dependencies. It is meant for software that is used only in development, like PHPUnit, Mockery etc., or for dependencies that are useful by themselves, but in this case only used for development, like the client library for the service a software package is about (to make some real requests in a test scenario).
So your library shouldn't have been "require-dev" from the beginning.
Another thing is: Composer will deduct the version if use appropriate branches and tags, i.e. a branch named "1.0.x" in your repository will be detected as being the development branch for all 1.0 versions, and any requirements for such versions could possibly be satisfied by this branch - provided you allow for development versions either by setting "minimum-stability": "dev" (which would allow development versions for ALL software - rather unintended), or when you require version "1.0.0#dev" for your software.
The one thing that might currently break your composer setup is that you mention a version in the librarys composer.json explicitly, and this is a development version. Have you removed that version indicator? You should remove it, because life is easier if Composer can detect the versions from the tags in a repository, not by having them explicitly mentioned in composer.json.
Finally please make sure that when using Git you tag the commit with appropriate version. The required version should correspond to the git tagged version.
I create a package and pushed it to github, My composer.json for that package looks like such:
{
"name": "adam.balan/AisisAjax",
"description": "This is a component for AisisCore, that is - it should be installed to the Components section of the web based framework for wordpress.",
"license": "GPL v3",
"authors": [
{
"name": "Adam Kyle Balan",
"email": "AdamKyleBalan#gmail.com"
}
],
"minimum-stability": "dev",
"require": {
}
}
It all works fine for me - for using composer install the first time, how ever if I make a change and push it to the repository and run composer install (or even delete the vendor folder and run the command again to do a fresh install) I get a version that reflects the first commit I ever did to this repo. In other words my chanegs do not show up in whats being downloaded.
I have read about caching issues with composer and went to C:\Users\<user>\AppData\Local\Composer and deleted all the files in there - same issue.
What gives?
If you do not use a defined version that is tagged in the repository, but a branch you are developing on, Composer detects which commit was downloaded and will always download that exact commit if you only "install".
If you want Composer to update any dependency, you have to call composer update.
Note that Composer creates a lock file that contains this info, because the usual case is that someone wants to restore the exact combination of dependencies that were used when the software was composed. If you develop actively on the software, simply update your dependencies more often. :)
I'm trying to load a library I have hosted on BitBucket using composer as explained both in the official documentation and here, but keep receiving the following error:
[Composer\Repository\InvalidRepositoryException]
No valid composer.json was found in any branch or tag of [repository URL], could not load a package from it.
Here is my project composer.json:
{
"name": "Project name",
"require": {
"my-vendor/my-package": "dev-master"
},
"repositories": [
{
"type": "vcs",
"url": [repository URL]
}
]
}
And here is the composer.json in my remote repository (that apparently can't be found):
{
"name": "my-vendor/my-package",
"version": "0.3",
"autoload": {
"psr-0": {
"NS_": "src"
}
}
}
I should mention that both composer.json files are in the root directory as they should be.
Some other things to note:
I've also tried the "non-composer package" approach, whereby I specify the package information in my project composer.json, and omit the composer.json from my remote repository, as outlined in the documentation. This successfully clones the master branch but then results in the following error:
[RuntimeException]
Failed to execute git checkout "master" && git reset --hard "master"
fatal: Not a git repository (or any of the parent directories): .git
However, the package is downloaded to /vendor as expected, so I'm not sure why it's trying to checkout master again.
This is not the way I wish to solve this problem (as I'd rather make use of a composer.json in the remote repository), but it might help identify an issue elsewhere.
Thanks for any help.
EDIT
I've managed to get it working by referencing a package.json over HTTP:
"repositories": [
{
"type": "composer",
"url": "http://localhost/packages.json"
}
]
The packages.json looks like:
{
"packages": {
"vendor/my-package": {
"dev-master": {
"name": "vendor/my-package",
"version": "dev-master",
"source": {
"url": [repository URL],
"type": "git",
"reference": "master"
}
}
}
}
}
Is this the only way to get this working? It seems a bit overkill to host my own packages.json file if I'm only going to be using one or two in-house packages.
Regardless, this is giving me the same Git error as I mentioned previously.
EDIT 2
Forcing an error (invalid SSH passphrase) gives this:
[RuntimeException]
Failed to execute git clone "[repository URL]" "C:\workspace\DFv3\vendor\vendor/my-package" && cd /D "C:\workspace\DFv3\vendor\vendor/my-package" && git remote add composer "[repository URL]" && git fetch composer
So I can clearly see what it's doing here. However, it seems after this command runs it cds into the .git directory and tries running:
git checkout "master" && git reset --hard "master"
Presumably to get rid of the composer instance it pulled. However, it's running this in the wrong directory and I can't figure out why..
I know this is a bit old, but for some that might encounter this issue, this is how it works for me.
Clear the composer cache.
composer clearcache
Rerun the satis build script.
You must not include a version specification in your library's composer.json if it is actually managed by a supported source control system. Currently you are saying that your master branch IS version 0.3 (which is a stable version), but you are trying to include "dev-master" (which is an unstable version). Composer might get confused if that software really is "dev-master" or "version 0.3".
If you actually are developing new releases for the 0.3.x series in your master branch, you should define a branch alias instead. Add this to your current development branch for versions 0.3.x:
"extra": {
"branch-alias": {
"dev-master": "0.3.x-dev"
}
}
If you want to move on to version 0.4 or 1.0, you'd branch at the "last" state of the 0.3 series with a branch named "0.3.x" and then update the composer.json in the master branch to point dev-master to a new alias (like "dev-master": "0.4.x-dev"). You could also name your old 0.3 branch anyway you like and then add an alias for THAT branch.
Doing this will enable you to require the latest development version of 0.3.x like this:
"require": {
"my-vendor/my-package": "0.3.*#dev"
}
This will pull the latest 0.3 version - which currently would be the latest commit in the master branch because of the defined alias.
The way you are currently set up forces you to explicitly include version 0.3, which is a moving target without making that fact explicitly known.
Giving an explicit version tag should only be done if there is no version control system available that is able to give Composer the version number, i.e. there are no tags available, or the tags do not comply with Composer's requirement for version numbers. Since you seem to be in control of that vcs, it probably is a good idea to make the tags conform to Composers standard instead of making it troublesome to release a new version.
After you fixed this, I do expect your installation to NOT require that package.json file anymore, because that file now repairs the trouble you created with that version declaration. You'd then also not need that composer reference anymore, but can revert back to mentioning the original repository like you did.
If you feel you are using too many private repositories which are all requiring more private repositories, and are sick of mentioning them all in a long list, you could think about using Satis to create such a list of found packages instead of manually creating them.
I had the same error, after deleting folders from vcs everything works fine
sudo rm -R ~/.composer/cache/vcs/*
On Windows (as #Serbu suggested):
Clearing the vcs, repo and files directories under
C:\Users\Me\AppData\Local\Composer\
I've managed to get it working by referencing a package.json over HTTP:
"repositories": [
{
"type": "composer",
"url": "http://localhost/packages.json"
}
]
so the packages.json file looks like:
{
"packages": {
"vendor/my-package": {
"dev-master": {
"name": "vendor/my-package",
"version": "dev-master",
"source": {
"url": [repository URL],
"type": "git",
"reference": "master"
}
}
}
}
}
Also, its seems an autorun registry entry I had for command prompt was interfering with composer running.
See: Requiring a private git Bitbucket repository fails to find valid composer.json.
While this might be considered necromancy, I stumbled across this question yesterday while having an issue just like this (although in my case I was running an Ubuntu Docker container and not Windows as the OP was) and thought I would leave my thoughts and resolution here should anyone else stumble across this.
The Ubuntu repo version of Composer is currently sitting at 1.6.x (at the time of writing, Composer is up to 1.9.1 I believe) and I was getting different errors depending on if I ran composer install with different levels of logging. Without logging, it moaned that it couldn't find a valid composer.json. With logging, it moaned that it couldn't access the repo (despite scanning the tags).
The solution for me was to globally install the latest version of Composer as the Ubuntu repo version was using outdated BitBucket API calls (v1 is deprecated). Once I had updated to a newer version of Composer, the install ran perfectly.
So check your Composer version and install an updated version if possible (a local/project install should work too).
I've just updated composer.json to last version and the problem gone away.