2. Using a Composed Project (I)
git clone https://github.com/igorw/trashbin
Cloning into trashbin...
cd trashbin/
curl -s http://getcomposer.org/installer | php
All settings correct for using Composer
Composer successfully installed to:
/home/naderman/projects/composer/demo/phpugka/composer.phar
Use it: php composer.phar
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
3. Using a Composed Project (II)
php composer.phar install
Installing from lock file
- Package symfony/class-loader (2.1.0-dev)
Downloading
Unpacking archive
Cleaning up
[...]
- Package predis/predis (master-dev)
Downloading
Unpacking archive
Cleaning up
- Package twig/twig (1.6.0-dev)
Downloading
Unpacking archive
Cleaning up
Generating autoload files
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
8. Packagist
Central composer package repository
Open to packages from anyone
GitHub Integration: Packages from tags & branches
Browse & Search Packages
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
10. composer.lock (I)
List of packages & versions
If available, composer install uses composer.lock
instead of composer.json
Created by composer install
Updated by composer update
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
11. composer.lock (II)
Commit composer.lock in your VCS and ship it with
your releases
Everyone on a team works with exactly the same
dependency versions
When deploying, all machines run exactly the same
dependency versions
Users will never get dependency versions that you did
not test with
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
12. Development Installation
Allows you to commit changes to projects in vendor/
php composer.phar install --dev
Installing from lock file
[...]
- Package predis/service-provider (master-dev)
Cloning v0.2.3
- Package pimple/pimple (1.0.0-dev)
Cloning 321db91e49b6cf8cbeed58d8db662d40de96d2c3
- Package predis/predis (master-dev)
Cloning v0.7.1
- Package twig/twig (1.6.0-dev)
Cloning 8256bfa05c1604bf24d8c0d1627822b4fa503e2f
Generating autoload files
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
13. Autoloading
"autoload": {
"psr-0": {"Predis": "lib/"}
}
vendor/.composer/
autoload_namespaces.php
autoload.php
ClassLoader.php
installed.json
Trashbin uses the generated autoloader
require_once __DIR__.'/../vendor/.composer/autoload.php';
use SilexApplication;
use SilexExtensionTwigExtension;
use SymfonyComponentFinderFinder;
use SymfonyComponentHttpFoundationResponse;
$app = new Application();
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
16. Other Dependency Types: Replace
Useful if a patch is not available in upstream
"name": "myvendor/predis",
"replace": {
"predis/predis": "0.7.*"
}
Trashbin depends on predis/service-provider which
depends on predis/predis
php composer.phar update
myvendor/predis is installed instead of predis/predis
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
17. Other Dependency Types: Provide
my/cache is a virtual package, it does not exist
"name": "my/library",
"require": {
"my/cache": "1.0.0"
}
"name": "my/apc-store",
"provide": {
"my/cache": "1.0.0"
}
"name": "my/memcache-store",
"provide": {
"my/cache": "1.0.0"
}
Installing my/library will install either my/apc-store or
my/memcache-store
If you require another package providing my/cache,
neither will be installedNils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
18. Other Dependency Types
Conflict
If vendor/a conflicts with vendor/b, they cannot be both
installed
Recommend
If vendor/a recommends vendor/b, it will be installed
unless you specify --no-install-recommends
Suggest
If vendor/a suggests vendor/b, it will only be installed if
you specify --install-suggests
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
19. Dependency Resolution with SAT
All packages in all repositories are collected in a package pool
Dependencies between all packages are turned into boolean rules:
install B (version 1 or 2)
(B1|B2)
A requires B (version 1 or 2):
(-A|B1|B2)
A conflicts with B (version 1 and 2):
(-A|-B1), (-A|-B2)
C and D provide E:
(-E|C|D)
B2 updates/obsoletes B1
(-B1|-B2)
Example
(-A|B1|B2) (-B2|C) (A) (-B1|-B2) (-A|-C)
Now use a SAT solver to find boolean values for A, B1, B2, C so that all rules are true
A, B1, -B2, -C
If a variable is true, it will be installed
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
20. Composer Repositories vs.
PEAR Channels
Repositories allow easy proxying of packages:
Proxy only reviewed open source packages to a company
repository
Easily aggregate all open source packages on a central
repository
PEAR requires explicit referencing of a channel when
defining dependencies:
Replacing a single package with your own in a chain of
dependencies is impossible
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
21. Composer as a reusable library
Phar distribution with composer-installable
plugins (Beau Simensen)
phpBB4: Web UI for Plugin Management
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org
22. Thank you!
Learn more & contribute
packagist.org/about-composer
packagist.org/about
github.com/composer
groups.google.com/forum/#!forum/composer-dev
Nils Adermann github.com/composer
Twitter @naderman packagist.org & getcomposer.org