Submit Search
Upload
Php Dependency Management with Composer ZendCon 2017
ā¢
1 like
ā¢
672 views
C
Clark Everetts
Follow
PHP Dependency Management with Composer. ZendCon 2017 Las Vegas, Nevada
Read less
Read more
Internet
Report
Share
Report
Share
1 of 87
Download now
Download to read offline
Recommended
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Clark Everetts
Ā
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
Mandi Walls
Ā
Banfootguns devseccon 2019
Banfootguns devseccon 2019
Morgan Roman
Ā
Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016
Oleg Nenashev
Ā
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Ā
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon
Ā
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
Mandi Walls
Ā
Getting Started With Jenkins And Drupal
Getting Started With Jenkins And Drupal
Philip Norton
Ā
Recommended
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Clark Everetts
Ā
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
Mandi Walls
Ā
Banfootguns devseccon 2019
Banfootguns devseccon 2019
Morgan Roman
Ā
Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016
Oleg Nenashev
Ā
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
Ā
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon
Ā
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
Mandi Walls
Ā
Getting Started With Jenkins And Drupal
Getting Started With Jenkins And Drupal
Philip Norton
Ā
Continuous Integration & Drupal
Continuous Integration & Drupal
LimoenGroen
Ā
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
Ā
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
Sonatype
Ā
Composer - The missing package manager for PHP
Composer - The missing package manager for PHP
Tareq Hasan
Ā
LasCon 2014 DevOoops
LasCon 2014 DevOoops
Chris Gates
Ā
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)
Eugenio Minardi
Ā
Choosing the Right Framework for Running Docker Containers in Prod
Choosing the Right Framework for Running Docker Containers in Prod
Josh Padnick
Ā
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
Ā
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The Basics
John Smith
Ā
Drupal Continuous Integration with Jenkins - Deploy
Drupal Continuous Integration with Jenkins - Deploy
John Smith
Ā
Developing PHP Applications Faster
Developing PHP Applications Faster
Adam Culp
Ā
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
Pablo Godel
Ā
Open Canary - novahackers
Open Canary - novahackers
Chris Gates
Ā
Drupal Deployment
Drupal Deployment
Jeff Eaton
Ā
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
Ā
AWS Survival Guide
AWS Survival Guide
Ken Johnson
Ā
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Taller NegĆ³cio Digitais
Ā
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
DevSecCon
Ā
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with Docker
Brett Palmer
Ā
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
William Yeh
Ā
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016
Clark Everetts
Ā
Composer
Composer
Federico DamiƔn Lozada Mosto
Ā
More Related Content
What's hot
Continuous Integration & Drupal
Continuous Integration & Drupal
LimoenGroen
Ā
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
Ā
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
Sonatype
Ā
Composer - The missing package manager for PHP
Composer - The missing package manager for PHP
Tareq Hasan
Ā
LasCon 2014 DevOoops
LasCon 2014 DevOoops
Chris Gates
Ā
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)
Eugenio Minardi
Ā
Choosing the Right Framework for Running Docker Containers in Prod
Choosing the Right Framework for Running Docker Containers in Prod
Josh Padnick
Ā
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
Ā
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The Basics
John Smith
Ā
Drupal Continuous Integration with Jenkins - Deploy
Drupal Continuous Integration with Jenkins - Deploy
John Smith
Ā
Developing PHP Applications Faster
Developing PHP Applications Faster
Adam Culp
Ā
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
Pablo Godel
Ā
Open Canary - novahackers
Open Canary - novahackers
Chris Gates
Ā
Drupal Deployment
Drupal Deployment
Jeff Eaton
Ā
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
Ā
AWS Survival Guide
AWS Survival Guide
Ken Johnson
Ā
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Taller NegĆ³cio Digitais
Ā
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
DevSecCon
Ā
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with Docker
Brett Palmer
Ā
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
William Yeh
Ā
What's hot
(20)
Continuous Integration & Drupal
Continuous Integration & Drupal
Ā
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Ā
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
Ā
Composer - The missing package manager for PHP
Composer - The missing package manager for PHP
Ā
LasCon 2014 DevOoops
LasCon 2014 DevOoops
Ā
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)
Ā
Choosing the Right Framework for Running Docker Containers in Prod
Choosing the Right Framework for Running Docker Containers in Prod
Ā
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Ā
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The Basics
Ā
Drupal Continuous Integration with Jenkins - Deploy
Drupal Continuous Integration with Jenkins - Deploy
Ā
Developing PHP Applications Faster
Developing PHP Applications Faster
Ā
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps
Ā
Open Canary - novahackers
Open Canary - novahackers
Ā
Drupal Deployment
Drupal Deployment
Ā
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Ā
AWS Survival Guide
AWS Survival Guide
Ā
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Best practices for Continuous Deployment with Drupal - DrupalCon Latin AmƩric...
Ā
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman
Ā
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with Docker
Ā
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
Immutable infrastructureļ¼č§åæµčåÆ¦ä½ (å»ŗč°)
Ā
Similar to Php Dependency Management with Composer ZendCon 2017
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016
Clark Everetts
Ā
Composer
Composer
Federico DamiƔn Lozada Mosto
Ā
PHP Dependency Management with Composer
PHP Dependency Management with Composer
Adam Englander
Ā
Composer Lightning Talk
Composer Lightning Talk
Eric Johnson
Ā
Dependencies and Licenses
Dependencies and Licenses
Robert Reiz
Ā
Composer: Dependency Manager for PHP
Composer: Dependency Manager for PHP
Hampton Roads PHP User Grop
Ā
Mastering composer
Mastering composer
AdƔn Lobato Lorenzo
Ā
Composer
Composer
Zaib Un Nisa
Ā
Dependency management with Composer
Dependency management with Composer
Jason Grimes
Ā
Aleksandr Kutsan "Managing Dependencies in C++"
Aleksandr Kutsan "Managing Dependencies in C++"
LogeekNightUkraine
Ā
Composer JSON kills make files
Composer JSON kills make files
ropsu
Ā
Composer namespacing
Composer namespacing
Deepak Chandani
Ā
NLUUG Spring 2012 - OpenShift Primer
NLUUG Spring 2012 - OpenShift Primer
Eric D. Schabell
Ā
Prizm Installation Guide
Prizm Installation Guide
vjvarenya
Ā
Essential Tools for Modern PHP
Essential Tools for Modern PHP
Alex Weissman
Ā
Composer
Composer
Arshad Ali
Ā
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
Mandi Walls
Ā
Docker module 1
Docker module 1
Liang Bo
Ā
Using Composer to create manageable WordPress websites
Using Composer to create manageable WordPress websites
Anna Ladoshkina
Ā
PHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the Cloud
Salesforce Developers
Ā
Similar to Php Dependency Management with Composer ZendCon 2017
(20)
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016
Ā
Composer
Composer
Ā
PHP Dependency Management with Composer
PHP Dependency Management with Composer
Ā
Composer Lightning Talk
Composer Lightning Talk
Ā
Dependencies and Licenses
Dependencies and Licenses
Ā
Composer: Dependency Manager for PHP
Composer: Dependency Manager for PHP
Ā
Mastering composer
Mastering composer
Ā
Composer
Composer
Ā
Dependency management with Composer
Dependency management with Composer
Ā
Aleksandr Kutsan "Managing Dependencies in C++"
Aleksandr Kutsan "Managing Dependencies in C++"
Ā
Composer JSON kills make files
Composer JSON kills make files
Ā
Composer namespacing
Composer namespacing
Ā
NLUUG Spring 2012 - OpenShift Primer
NLUUG Spring 2012 - OpenShift Primer
Ā
Prizm Installation Guide
Prizm Installation Guide
Ā
Essential Tools for Modern PHP
Essential Tools for Modern PHP
Ā
Composer
Composer
Ā
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
Ā
Docker module 1
Docker module 1
Ā
Using Composer to create manageable WordPress websites
Using Composer to create manageable WordPress websites
Ā
PHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the Cloud
Ā
Recently uploaded
Top Rated Pune Call Girls Daund ā 6297143586 ā Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ā 6297143586 ā Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
Ā
Call Girls In Pratap Nagar Delhi šÆCall Us š8264348440š
Call Girls In Pratap Nagar Delhi šÆCall Us š8264348440š
soniya singh
Ā
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
Ā
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Delhi Call girls
Ā
Call Now ā 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ā 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
Ā
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
Ā
Delhi Call Girls Rohini 9711199171 āāšā Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 āāšā Whatsapp Hard And Sexy Vip Call
shivangimorya083
Ā
Call Girls Service Chandigarh Lucky ā¤ļø 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ā¤ļø 7710465962 Independent Call Girls In C...
Sheetaleventcompany
Ā
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Ā
Call Girls In Defence Colony Delhi šÆCall Us š8264348440š
Call Girls In Defence Colony Delhi šÆCall Us š8264348440š
soniya singh
Ā
Call Girls In Saket Delhi šÆCall Us š8264348440š
Call Girls In Saket Delhi šÆCall Us š8264348440š
soniya singh
Ā
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Ā
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
Ā
VVVIP Call Girls In Connaught Place ā”ļø Delhi ā”ļø 9999965857 š No Advance 24HRS...
VVVIP Call Girls In Connaught Place ā”ļø Delhi ā”ļø 9999965857 š No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Ā
ā¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] š|97111...
ā¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] š|97111...
Diya Sharma
Ā
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
Ā
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
Ā
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Dubai call girls 971524965298 Call girls in Bur Dubai
Ā
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
Ā
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Ā
Recently uploaded
(20)
Top Rated Pune Call Girls Daund ā 6297143586 ā Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ā 6297143586 ā Call Me For Genuine Sex Servi...
Ā
Call Girls In Pratap Nagar Delhi šÆCall Us š8264348440š
Call Girls In Pratap Nagar Delhi šÆCall Us š8264348440š
Ā
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
Ā
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Ā
Call Now ā 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ā 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Ā
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Ā
Delhi Call Girls Rohini 9711199171 āāšā Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 āāšā Whatsapp Hard And Sexy Vip Call
Ā
Call Girls Service Chandigarh Lucky ā¤ļø 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ā¤ļø 7710465962 Independent Call Girls In C...
Ā
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā
Call Girls In Defence Colony Delhi šÆCall Us š8264348440š
Call Girls In Defence Colony Delhi šÆCall Us š8264348440š
Ā
Call Girls In Saket Delhi šÆCall Us š8264348440š
Call Girls In Saket Delhi šÆCall Us š8264348440š
Ā
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Ā
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
Ā
VVVIP Call Girls In Connaught Place ā”ļø Delhi ā”ļø 9999965857 š No Advance 24HRS...
VVVIP Call Girls In Connaught Place ā”ļø Delhi ā”ļø 9999965857 š No Advance 24HRS...
Ā
ā¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] š|97111...
ā¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] š|97111...
Ā
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
Ā
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Ā
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Ā
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Ā
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā
Php Dependency Management with Composer ZendCon 2017
1.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 1 PHP Dependency Management with Composer Clark Everetts Sr. Professional Services Consultant 23 October 2017
2.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 2 Slides, Joind.in, and Stuff ā¢ Rate & comment: https://joind.in/talk/973d7 ā¢ Slides: https://www.slideshare.net/clarkphp ā¢ Tweets: #zendcon2017 ā¢ @clarkphp
3.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 3 Why are we here? Our Agenda ā¢ What is it? What problem does it solve? ā¢ What does it actually do? ā¢ Composer.json & composer.lock ā¢ Semantic Versioning, Version Constraints ā¢ Packages, Repositories and Packagist ā¢ Doās and Donāts / Best Practices ā¢ Create a Private Repository Cool logo!
4.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 4 Assumption: Youāve seen JSON (JavaScript Object Notation) Jason is scary. JSON is not. *https://en.wikipedia.org/wiki/Jason_Voorhees
5.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 5 INTRODUCTION/ BACKGROUND
6.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 6 Composer is ā¦ ā¦ a per-project PHP dependency manager* *(plus autoloader) Thatās all. Any questions?
7.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 7 ā¦ a per-project PHP dependency manager Letās break it down. Composer is ā¦ * Paraphrased from https://getcomposer.org/doc/00-intro.md
8.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 8 PHP Package Dependencies ā¦ a per-project PHP dependency manager ā¢ PHP project-related files only ā¢ Can include assets like Javascript, images, XML, CSS, etc. ā¢ But not for managing Javascript or CSS libraries ā¢ Primarily a development - not production ā tool (ācanā be prod*) *but generally, Iām not a fan
9.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 9 Whatās a ādependency?ā ā¦ a per-project PHP dependency manager You wrote these to reuse across apps. 3rd-Party ZF, Laravel, OAuth2, Symfony Your Project DEPENDENCIES, PACKAGES, LIBRARIES āProjectā == Application
10.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 10 Dependencies can have dependencies ā¦ a per-project PHP dependency manager Your Project āProjectā == Application == Library == Package DEPENDENCIES, PACKAGES, LIBRARIES āI need A, B, C, Dā A B C D āI need Eā E F āI need Eā Composer obtains all specified dependencies. HG āI need G, Hā
11.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 11 Want to manage that yourself? āI need theseā āI need thisā A B C E D F G H āI need thatā āI need the otherā Youād need to: ā¢ Identify the direct dependencies of your project ā¢ Identify their dependencies, and all sub-dependencies ā¢ Locate the source code (PEAR, Git, Subversion, zip/gzip/bz2) ā¢ Download and install all of the source code ā¢ Make sure all the versions are compatible ā¢ Check for updates to any of the dependencies ā¢ Do it all again when updates are available With your guidance, Composer does all this for you.
12.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 12 Different versions of the same package ā¦ a per-project PHP dependency manager Application A Application B Lib Y 1.0.1 Lib X 2.4.1 Lib Y 1.0.1 Lib X 1.2.0 Two projects, each using a different version of the same dependencies. Composer is not a global āpackage managerā PEAR, APT, YUM, Include_path Why do this? ā¢ Application A is stable, new features or bug fixes not relevant ā¢ Working with development version: Dev, Alpha, Beta, RC ā¢ Update cycle for App A !== App B
13.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 13 To Reiterate: per-project; not global ā¦ a per-project PHP dependency manager Application A Application B Lib Y 1.0.1 Lib X 2.4.1 Lib Y 1.0.1 Lib X 2.4.1 Two projects, each using same version of the same dependencies. Each project has itās own copy. ā¢ Like a PHAR (PHP Archive) file, all dependencies are available in the application directory tree. ā¢ Updates to the dependencies of one application do not affect another. ā¢ .gitattribute notwithstanding, potentially many copies of the exact same library source code on disk.
14.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 14 Composer isā¦ ā¦ a per-project PHP dependency manager ā¢ Knows what packages your application or library depends upon ā¢ Obtains those packages, and all of their dependencies, and installs appropriate versions of them into your project (and local cache) ā¢ When requested, checks for updates compatible with your project, and downloads them into your project (and local cache) ā¢ Allows you to pin multiple applications/libraries to the same or different versions of the packages they use. Composer makes it easier to manage application dependencies.
15.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 15 Now What? Answered some questions, raised others: ā¢ How do we inform Composer what dependencies a project has? ā composer.json, composer.lock ā¢ Where does it put the dependencies in the project? ā vendor folder ā¢ Where does Composer obtain dependencies? ā repositories ā¢ How does the project access to those dependencies when it needs them? ā autoloading ā¢ How do we install Composer and start using it? A closer lookā¦
16.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 16 INSTALL COMPOSER
17.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 17 Installation ā¢ Windows ā https://getcomposer.org/Composer-Setup.exe ā https://getcomposer.org/doc/00-intro.md#installation-windows ā Or, GitBash, and follow *nix instructions (ļ This is what I do.) ā¢ *nix and IBM i PASE ā https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx ā Command line instructions on https://getcomposer.org/download/ ā¢ Manual Download on same page https://getcomposer.org/download/ ā¢ IBM i ā CALL QP2TERM (or ssh), and follow *nix above ā Before installing, check KB article on SSL peer certificate verification: ā https://support.zend.com/hc/en-us/articles/205679027-Add-a-trusted- certificate-authority-to-IBM-i-for-PHP-5-6 (I think downloading via browser from https://curl.haxx.se/docs/caextract.html & dropping onto IFS is better) ā¢ Once installed, updates are easy: ā $ composer self-update
18.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 18 Help is available ā¢ Get help ā $ composer help (top-level help) ā $ composer list (list available commands) ā $ composer help <command> (help on specified command) ā¢ Documentation ā Check your PATH https://getcomposer.org/doc/00-intro.md#using- composer ā https://getcomposer.org/doc/01-basic-usage.md ā https://getcomposer.org/doc/03-cli.md (command line interface)
19.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 19 COMPOSER.JSON & COMPOSER.LOCK
20.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 20 General Tips ā¢ Donāt edit composer.json files. Use the command line tooling! ā $ composer require zendframework/zend-crypt ā¢ Add require entry for the component, specifying the latest stable release that does not conflict with other requirements, (gets development dependencies by default) ā $ composer require --dev phpunit/phpunit ā¢ Specify development requirements (libraries needed to edit/test the dependency) ā $ composer require --update-no-dev monolog/monolog ā¢ Add package, with no dev dependencies (weāre consuming only, not developing/testing) ā $ composer require "zendframework/zend-crypt:^2.5" ā¢ Specify version constraints ā $ composer require "zendframework/zend-crypt:^3.0@dev" ā¢ Specify stability requirements ā $ composer remove zendframework/filp-whoops ā¢ Remove a package; use --update-no-dev to avoid installing all require-dev dependencies after the removal! ā¢ Benefit: these do the install/update automatically, (generally) ensuring the update is only for the package specified; unrelated dependencies are left alone. Faster and no unnecessary changes.
21.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 21 Describing Project Dependencies composer.json file tells Composer about your projectās needs Application zendframework/ zend-log >=2.9.0 { "name" : "Composer-Intro", "require" : { "zendframework/zend-log" : ā>=2.9.0" }, "repositories" : [ { "type" : "composer", "url" : "https://packagist.org/" } ] } >= is an unbound version constraint, a general no-no, used here for illustration only composer.json composer.json ? ? ? Not necessary to edit composer.json manually! Best practice is to use command line! composer init, composer require, composer remove
22.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 22 Installing Project Dependencies First Level (Direct) Deps composer install Application zendframework/ zend-log >=2.9.0 New: ā¢Vendor Directory ā¢composer.lock file AfterBefore { "require" : { "zendframework/zend-log" : ā>=2.9.0" } }
23.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 23 Installing Project Dependencies Further Levels (1 of 3) zend-log composer.json file contains this: { ā¦ "require": { "php": "^5.6 || ^7.0", "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3", "zendframework/zend-stdlib": "^2.7 || ^3.0", "psr/log": "^1.0", }, ā¦ } zend-log needs three more packages
24.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 24 Installing Project Dependencies Further Levels (2 of 3) zend-stdlib: { ā¦ "require": { "php": "^5.6 || ^7.0" }, ā¦ } No further code dependencies Only PHP constraint (platform package) zend-servicemanager: { ā¦ "require": { "php": ā^5.6 || ^7.0", ācontainer-interop/container-interopā: ā^1.2ā, āpsr/containerā: ā^1.0ā, āzendframework/zend-stdlibā: ā^3.1ā }, ā¦ } psr-log: { ā¦ "require": { "php": ā>=5.3.0" }, ā¦ } Still need more
25.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 25 container-interop: { "name": "container-interop/container-interop", "type": "library", "description": "Promoting the interoperability of container objects (DIC, SL, etc.)", "license": "MIT", "autoload": { "psr-4": { "InteropContainer": "src/Interop/Container/" } }, ārequireā: { āpsr/containerā: ā^1.0ā } } Installing Project Dependencies Further Levels (3 of 3) One more dependency
26.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 26 Installing Project Dependencies Further Levels (3 of 3) No further code dependencies psr/container: { "name": " psr/ container", "description": āCommon container interface (PHP FIG PSR-11)", "license": "MIT", "autoload": { "psr-4": { āPsrContainer": āsrc/" } }, ārequireā: { āphpā: ā>=5.3.0ā }ā¦ }
27.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 27 Where dependencies are stored by default Application vendor zend-stdlib zend-log Dependency Relationship zend-servicemanager Application Directory Structure zend-log zend-servicemanager zend-stdlib psr/log container-interop container-interop psr/log psr-container zend-stdlib psr/container
28.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 28 .json vs. .lock Think āDesign-Toā vs. āAs-Builtā Application zendframework/ zend-log >=2.9.0 composer.json tells Composer what you want composer.lock tells you what you got Application zend-stdlib 3.1.0 zend-log 2.9.2 zend- servicemanager 3.3.0 psr/log 1.0.2 container-iterop 1.2.0 psr-container 1.0.0
29.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 29 āDesign-Toā vs. āAs-Builtā Further Example Application Composer resolves versions as best it can actual versions installed recorded in composer.lock Application zendframework/ zend-log >=2.5,<2.7 zend-stdlib 2.7.7 zend-log 2.6.0 zend- servicemanager 2.7.8 psr/log 1.0.2 container-iterop 1.2.0 zend-hydrator 1.1.0
30.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 30 Problems Can Occur Your Project āI need E >=1.0,<1.2ā A B C E version ? āI need E >=1.2,<2.0ā
31.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 31 SEMANTIC VERSIONING & COMPOSER VERSION CONSTRAINTS
32.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 32 Semantic Versioning http://semver.org/ Version Numbers Have Meaning ā¢ Essentially, it is a promise from the development team ā¢ Not a guarantee, but best effort ā¢ 1.2.3 ā numbers increment, can have pre-release suffix ā¢ Major.Minor.Patch ā¢ Patch: bug fixes; no BC breaks! No API changes! Everyone using the package should be confident in moving from 1.2.3 to 1.2.4 ā¢ Minor: introduce new features, but change no prior APIs; no BC breaks! Changing internals (refactoring) should not affect package users. Everyone using the package should be confident in moving from 1.2.3 to 1.3.0. ā¢ Major: API changes; BC breaks (whether intentional or not). Example: 1.3.14 to 2.0.0 ā¢ For developers, not marketing department. (Sorry, Marketing!)
33.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 33 Semantic Versioning http://semver.org/ Version Number ChangesImplication for Developers ā¢ 0.1.0 #ās change as you see fit,ā¢ Initial Development / API Not Stable ā¢ 0.1.1 as long as major # is zeroā¢ Public API remains Unstable ā¢ ā¦ā¢ ā¦ ā¢ 1.0.0ā¢ Public API Declared Stable ā¢ 1.0.1 only patch # incrementedā¢ Backwards-Compatible Bugfix ā¢ 1.0.2ā¢ BC Bugfix ā¢ ā¦ā¢ ā¦ ā¢ 1.1.0 minor # incremented, patch # reset to zeroā¢ New BC Featureor deprecation (API change) ā¢ 1.1.1ā¢ BC Bugfix ā¢ ā¦ā¢ ā¦ ā¢ 2.0.0 major # incremented, minor/patch reset to zeroā¢ Any BC Break to Public API ā¢ 2.0.1 only patch # incrementedā¢ BC Bugfix
34.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 34 Semantic Versioning http://semver.org/ MeaningPre-Release Versions & Build Metadata ā¢ Not Stable, might not be compatible as implied by ānormalā version number ā¢ Format: x.y.z-alpha-nums.alpha-nums ā¢ Precedence / Ordering ā¢ 1.0.0-alpha < 1.0.0 ā¢ 1.3.0-alpha < 1.3.0-beta ā¢ 1.3.0-rc < 1.3.0-rc.1 ā¢ 2.0.0-rc.1 < 2.0.0-rc.11 ā¢ 2.1.0-0.2.2 < 2.1.0-0.2.2.a ā¢ Pre-Release Examples ā¢ 1.0.0-alpha ā¢ 1.3.0-beta ā¢ 1.3.0-rc ā¢ 2.0.0-rc.1 ā¢ 2.1.0-0.2.2 (check leading 0!!!) ā¢ Information about the build ā¢ Ignored in precedence comparison ā¢ 1.0.0+001 === 1.0.0-alpha+20161018122346 ā¢ Build Metadata ā¢ Format: x.y.z+alpha-nums ā¢ 1.0.0+001 ā¢ 1.0.0+alpha-20161018122346
35.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 35 Semantic Versioning and Composer Version Constraints Shortcut notations for version constraints Caret ā¢ ^1.2.3 is same as >=1.2.3,<2.0.0 and means 1.2.3 <= v < 2.0.0 ā¢ Specifies a min version, and all non BC-breaking API-changing updates ā¢ Recommended operator for max interoperability of library code Tilde (updates in the same series as the rightmost digit*) ā¢ ~1.2.3 is same as >=1.2.3,<1.3.0 and means 1.2.3 <= v < 1.3.0 ā¢ Specifies a min version; last number specified can increment ā¢ For this example, we accept only bug-fixes, no new features. ā¢ ~1.2 is same as >=1.2.0,<2.0.0 and means 1.2.0 <= v < 2.0.0 ā¢ For this example, we accept all non-breaking changes ā¢ https://getcomposer.org/doc/articles/versions.md *How Matthew https://mwop.net/ likes to think of it. Comma or space: logical and
36.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 36 Practice: Semver Version Constraints What range is specified by: ā¢ ^2.0.3 is same as ? ā¢ ~2.0.3 is same as ? ā¢ ^3.7.0 is same as ? ā¢ ~3.7.0 is same as ? ā¢ ^4.4 is same as ? ā¢ ~4.4 is same as ? ā¢ ^3 is same as ? ā¢ ~3 is same as ? Try out the Semver Checker https://semver.mwl.be/ >=2.0.3,<3.0.0 means 2.0.3 <= v < 3.0.0 >=2.0.3,<2.1.0 means 2.0.3 <= v < 2.1.0 >=3.7.0,<4.0.0 means 3.7.0 <= v < 4.0.0 >=3.7.0,<3.8.0 means 3.7.0 <= v < 3.8.0 >=4.4.0,<5.0.0 means 4.4.0 <= v < 5.0.0 >=4.4.0,<5.0.0 means 4.4.0 <= v < 5.0.0 >=3.0.0,<4.0.0 means 3.0.0 <= v < 4.0.0 >=3.0.0,<4.0.0 means 3.0.0 <= v < 4.0.0
37.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 37 Other Composer Version Constraints Range Operators ā¢ And - comma or space: ā¢ ā>=1.2.3,<2.0.0ā means 1.2.3 <= v < 2.0.0 ā¢ Or ā vertical pipes: ā¢ ā^2.7.5 || ^3.0.3ā means ā¢ >=2.7.5,<3.0.0 || 3.0.3,<4.0.0 ā¢ 2.7.5 <= v < 3.0.0 or 3.0.3 <= v < 4.0.0 ā¢ <, <=, >, >=, != Best practice: avoid unbound constraints like ā>=1.2.3ā ā¢ For great examples, see https://github.com/Roave/SecurityAdvisories/blob/master/composer.json ā¢ Hyphen ā¢ 1.0-2.0 is same as >=1.0.0,<2.1.0 and means 1.0.0 <= v < 2.1.0 ā¢ 1.0.0-2.1.0 is same as >=1.0.0,<=2.1.0 and means 1.0.0 <= v <= 2.1.0 ā¢ Wildcards (generally avoid for performance reasons): 1.0.* I ā¢ same as >=1.0.0,<1.1.0 and means 1.0.0 <= v < 1.1.0
38.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 38 REPOSITORIES-lite
39.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 39 Where do dependencies come from? 1. Read Your Application composer.json Repository (or cache*) 2. Resolve dependencies & obtain packages from code repository (ies) composer.lock vendor folder 4. Create Initial composer install With no composer.lock Composer will ā¦ *Aggressive caching ā¢ Fast installs ā¢ Reduced network fetch
40.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 40 Initial composer install 1. Read Your Application composer.json Repository (or cache*) 2. Resolve dependencies & Obtain packages from composer.lock vendor folder 4. Create With no composer.lock Composer will ā¦ *Aggressive caching ā¢ Fast installs ā¢ Reduced network fetch
41.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 41 Subsequent composer install 1. Read Your Application composer.json Repository (or cache) 3. Write packages into composer.lock vendor folder With existing composer.lock Composer will ā¦ 2. Obtain lock file versions from
42.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 42 Any composer update 1. Read Your Application composer.json Repository (or cache) composer.lock vendor folder 4. Update Whether composer.lock exists or not Composer will ā¦ 2. Obtain packagesā latest compatible release from
43.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 43 Development Considerations Packagist.org, Local repos 2. composer install Development Workstation / Vhost B Development Workstation / Vhost A 1. composer update & commits to local VCS General Best Practice: Always commit .lock file ā¢ Allows synchronization between developers ā¢ Helps ensure what was actually tested is what you deploy to production Development Workstation / Vhost C install === āsynchronizeā
44.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 44 Production Considerations Production Server Packagist.org composer install composer update Please do NOT do this ā¢ Repos unavailable ā¢ network connectivity ā¢ sites (GitHub, BitBucket) busy or down
45.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 45 Production Considerations āBuildā Server Packagist.org composer install with composer.lock file Better.Production Server Deploy application as a unit
46.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 46 Production Considerations Test Server Best Production Server Local Repository (VCS / Change Mgt / Private Packagist) Production Server Or Local Repository (VCS / Change Mgt, Private Packagist) Deploy application as a unit Docker, etc., anyone?
47.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 47 Class Autoloading ā Whatās the problem? Autoloading ā¢ http://php.net/manual/en/language.oop5.autoload.php ā¢ http://php.net/manual/en/function.spl-autoload-register.php ā¢ One source code file per PHP class ā¢ Dozens of include ā/path/to/classnameā; in scripts. ā¢ Annoying and potentially slow (especially unused classes) ā¢ Without the source file being included, Fatal error 'ClassName' not found ā¢ Autoloader kicks in when PHP determines that a class definition doesnāt currently exist ā¢ Attempts to locate PHP source file corresponding to a given class name or interface, and instantiates the class if source file found ā¢ By registering autoloaders, PHP is given a last chance to load the class or interface before it fails with an error. ā¢ Allows for safe removal of include[_once]/require[_once] statements ā¢ Only include/require needed source files, instantiating used classes
48.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 48 Class Autoloading ā What makes it work Autoloading ā¢ How to automatically find and instantiate classes w/o referring to them? ā¢ Structured directory/folder layout containing class PHP source files ā¢ Source file naming convention corresponding to class names ā¢ Rules for performing lookup and instantiation ā¢ Class Name: DoctrineCommonIsolatedClassLoader ā¢ Source code file ā¢ /path/to/Doctrine/Common/IsolatedClassLoader.php ā¢ Class Name: ZendAcl ā¢ Source code file: ā¢ /path/to/Zend/Acl.php
49.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 49 Class Autoloading ā Basic process ā¢ PSR 0 ā¢ http://www.php-fig.org/psr/psr-0/ ā¢ Deprecated, but isnāt āgoing awayā ā¢ PSR 4 ā¢ http://www.php-fig.org/psr/psr-4/ ā¢ Can be used in addition to other autoloading spec, including PSR 0 ā¢ Current recommended approach ā¢ Either way: ā¢ Determine desired class name ā¢ Determine appropriate location on filesystem for source code file ā¢ If that file exists, require āfilepathā ā¢ If source file doesnāt exist, return (to allow another autoloader to perform a lookup) ā¢ Examples only: http://www.php-fig.org/psr/psr-4/examples/
50.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 50 Class Autoloading ā Composer helps! ā¢ Basic usage ā¢ Packages specify autoloading guidance to Composer ā¢ composer.json "autoload" : { "psr-4" : { "PHPCompatibility" : "PHPCompatibility/" } }, ā¢ Another example "autoload" : { āclassmap" : { "CodeSniffer.phpā, "CodeSniffer/CLI.php", "CodeSniffer/Exception.php", ā¦ ā¢ https://getcomposer.org/doc/01-basic-usage.md#autoloading
51.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 51 Class Autoloading ā Composer helps! ā¢ Optimizing Autoloader ā¢ PSR 0/4 both still check filesystem before final classname resolution ā¢ https://getcomposer.org/doc/articles/autoloader-optimization.md ā¢ Composer-generated autoloader ā¢ vendor/autoload.php ā¢ vendor/composer/autoload*.php and ClassLoader.php ā¢ How to use require __DIR__ . '/vendor/autoload.php'; $log = new MonologLogger('name'); $log->pushHandler( new MonologHandlerStreamHandler('app.logā, MonologLogger::WARNING) ); $log->addWarning('Foo');
52.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 52 PACKAGES & REPOSITORIES
53.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 53 What are Packages & Repositories? Composer downloads packages from repositories Package ā¢ A directory with files in it ā¢ Package description - composer.json ā¢ Name (this is what makes a package an installable library) ā¢ Version (avoid specifying this, inferred from VCS info) ā¢ Source Definition (where Composer gets the package) ā¢ Repository location (URI) ā¢ Repository Type (composer, vcs, pear, package) ā¢ Package Type ā¢ Dist ā packaged, usually a stable release ā¢ Source ā source code, for development / modification ā¢ Repo can provide both, but one will be preferred
54.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 54 Package Names ā¢ vendor-name/project-or-library-name ā¢ psr/log ā¢ pear/log ā¢ zendframework/log ā¢ Best practice: use-dashes/as-word-separators ā¢ Vendor names must be unique ā¢ If you are going to publish packages: ā¢ Remember: they persist! You and the world will have to live with them. ā¢ Donāt be cute or cryptic (with vendor or package name) ā¢ Name should reflect package purpose ā¢ evandotpro/edp-superluminal - I like it, clever, butā¦
55.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 55 Platform / Virtual Packages Not Installable by Composer, Used for checking only ā¢ php ā PHP version of the server Composer is installing packages to ā¢ hhvm (not applicable for IBM i) ā¢ ext-<name> ā¢ āext-ibm_db2ā : ā*ā ā¢ lib-<name> ā¢ curl ā¢ iconv ā¢ icu ā¢ libxml ā¢ openssl ā¢ pcre ā¢ uuid ā¢ xsl ā¢ composer show --platform for a list of available platform packages
56.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 56 Repositories Repository ā¢ A download source for packages, specified by URI ā¢ A list of packages and versions in a packages.json file ā¢ Visit https://packagist.org/packages.json ā¢ Types of repositories ā¢ Composer ā uses Packagist software, can be public or private ā¢ VCS ā Git, SVN, Hg, Fossil ā¢ VCS client needed for āregularā git, svn, hg, fossil repos ā¢ Uses APIs for GitHub, BitBucket (no client needed) ā¢ PEAR ā public or private ā¢ Package ā zip; use only if none of the above are possible ā¢ Reference: https://getcomposer.org/doc/05-repositories.md
57.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 57 Repositories: Packagist.org Packagist.org Package Archivist Just a Composer Repositoryā¦ ā¢ ā¦ but it is the primary repository for open source packages ā¢ Best Practice for Open Source Projects: register it at packagist.org ā¢ Searchable / Browseable ā¢ Less work for people to find and use your package. ā¢ Many, many, many packages available. There is duplication in functionality and a wide range of quality. (Important topic for another day.)
58.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 58 https://packagist.org/
59.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 59 Private Repos ā Satis, Toran Proxy, Private Packagist Your Application Packagist.org Satis Private VCS Satis ā free, static composer repo generator *Toran Proxy (being phased out) Private Packagist See packagist.com (not .org) ā¢ fees support development of Composer ā¢ SaaS or on-premises self-hosting Why? ā¢ Speed ā¢ Reliability ā¢ Happier network and security staff Your Application Toran Proxy* Packagist.org Private VCS
60.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 60 Private Repositories ā Local Packagist Your Application composer.json / composer.lock Private Repository
61.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 61 Avoid : Not-Final Word on Repositories Weāll take a look at Satis later today.
62.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 62 COMPOSER BEST PRACTICES
63.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 63 Some Best Practices Doās and Donāts: ā¢ Command line tooling is your friend ā¢ Building a deployment fileset with Composer ā¢ Unbound Version Constraints ā¢ Version Constraints combined with Wildcards ā¢ Wildcards by themselves ā¢ Install or update to the intended directory Be careful out there!
64.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 64 Command line tooling ā¢ Donāt edit composer.json files. Use the command line tooling! ā $ composer require zendframework/zend-crypt ā¢ Add require entry for the component, specifying the latest stable release that does not conflict with other requirements, (gets development dependencies by default) ā $ composer require --dev phpunit/phpunit ā¢ Specify development requirements (libraries needed to edit/test the dependency) ā $ composer require --update-no-dev monolog/monolog ā¢ Add package, with no dev dependencies (weāre consuming only, not developing/testing) ā $ composer require "zendframework/zend-crypt:^2.5" ā¢ Specify version constraints ā $ composer require "zendframework/zend-crypt:^3.0@dev" ā¢ Specify stability requirements ā $ composer remove zendframework/filp-whoops ā¢ Remove a package; use --update-no-dev to avoid installing all require-dev dependencies after the removal! ā¢ Benefit: these do the install/update automatically, (generally) ensuring the update is only for the package specified; unrelated dependencies are left alone. Faster and no unnecessary changes.
65.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 65 Command line tooling ā getting help ā¢ Use the buit-in help (soooo many commandsā¦) ā $ composer list ā¢ List all available commands ā $ composer help require ā¢ Adds required packages to your composer.json and installs them. ā $ composer help install ā¢ Installs the project dependencies from the composer.lock file if present, or falls back on the composer.json. ā $ composer help update ā¢ Upgrades your dependencies to the latest version according to composer.json, and updates the composer.lock file. ā $ composer help outdated ā¢ Shows a list of installed packages that have updates available, including their latest version.
66.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 66 Donāt install development requirementsUse lock file Download Distribution Packages composer install - - prefer-dist - - no-dev - - optimize-autoloader Generate PSR-0/4 classmap for fast autoloading Building Production Deployment Filesets For even better performance and reliability in production, use: - - classmap-authoritative (implies - - optimize-autoloader) -- apcu-autoloader (must manually specify - - optimize-autoloader) https://getcomposer.org/doc/articles/autoloader-optimization.md
67.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 67 Do NOT use unbound version constraints (>=, no upper bound): ā¢ Example: >=2.3 ā¢ Example: >=1.1.* (note that * is not the problem here, >= is) ā¢ Composer will install new updates, as long as they become available, without regard to backwards-compatibility. (Youāll get 2.3.5, 10.5.23, etc.) ā¢ Example: dev-master Best Practice Use ^2.3 Use ^1.1 Best Practices Doās and Donāts Solution: use upper bound >=2.3,<3.0 or ~2.3 or ^2.3 Solution: >=1.1.0,<1.2 or ~1.1.0 https://getcomposer.org/doc/faqs/why-are-unbound-version-constraints-a- bad-idea.md
68.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 68 Be careful when specifying a version constraint with a wildcard. Normally okay: ā¢ 2.* means >=2.0.0,<3.0.0 ā¢ However, consider >=2.* ā¢ >=2 means any version at least 2.0.0 ā¢ (2.0.5, or 2.9.9, or 3.0.7, 10.3.2, etc.) ā¢ 2.* means any version in the interval ā¢ [2.0.0, 3.0.0), or 2.0.0-2.9.9999 (1st bullet above) ā¢ Composer canāt tell if you want 3.0.0 to be considered or not. Composer: āInvalid, Iām throwing an errorā Solution: use >=2,<3 Best Practice: ^2.0 (for semantic versioning) Best Practices Doās and Donāts
69.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 69 Best Practices Doās and Donāts Do NOT use a wildcard (except for virtual extension packages) ā¢ Example: 1.2.* slows composer down ā¢ Looks at all patch level releases, and all their sub-dependencies ā¢ 1.* (minor version wildcard) is really bad ā could be many dozens of versions ā¢ Also limits composer to versions < 1.3 forever Composer: āDonāt make me work so hard!ā Solution: (if you really want < 1.3) use ~1.2.0 or >=1.2.0,<1.3 or (if you really want any non-BC breaking version >= 1.2, w/ new API features) use ^1.2.0 or >=1.2.0,<2.0.0 or SemVer Best Practice: ^1.2
70.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 70 Best Practices Doās and Donāts ā¢ Make SURE youāre in the right folder when issuing composer install ā¢ Will read composer.json in that folder, create vendor folder, and .lock file ā¢ Regardless of existence of .lock file in project root directory ā¢ Same for composer update! ā¢ Part of your vendor folder could be updated with packages not compatible with other packages Run composer install /update from root of your project.
71.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 71 PART DEUX: PRIVATE REPOSITORY
72.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 72 Setting up a Private Composer Repo ā¢ Private Packagist is best (proxy, ālocalā, supported) ā¢ Satis ā Local, static, file-based version of Packagist generator ā Overview ā¢ VCS repository containing your package ā¢ composer.json specifying repos and package definitions ā¢ Fetches packages found in composer.json ā¢ Creates packages.json (this is your ācomposerā type repository) ā¢ https://getcomposer.org/doc/05-repositories.md#satis ā¢ https://getcomposer.org/doc/articles/handling-private-packages-with- satis.md ā¢ https://github.com/composer/satis
73.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 73 Setting up a Private Composer Repo ā Install Satis ā Make Satis aware of the VCS repository ā Use Satis to build the composer repository ā Host the repository via web server (demo using PHP built-in server) ā Configure an application to use the package ā Test it!
74.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 74 VCS Repository of Source Code clark.e@US-114-carle MINGW64 ~/Zend/workspaces/Talks/measurement (master) $ ls -l total 67 -rw-r--r-- 1 clark.e 1049089 233 Oct 18 09:41 CHANGELOG.md -rw-r--r-- 1 clark.e 1049089 917 Oct 18 09:48 composer.json -rw-r--r-- 1 clark.e 1049089 36864 Dec 30 2015 composer.lock -rw-r--r-- 1 clark.e 1049089 209 Oct 18 09:49 deployment.properties -rw-r--r-- 1 clark.e 1049089 381 Apr 13 2016 deployment.xml drwxr-xr-x 1 clark.e 1049089 0 Dec 27 2015 doc/ -rw-r--r-- 1 clark.e 1049089 157 Jan 1 2016 FAQ.md -rw-r--r-- 1 clark.e 1049089 6 Dec 26 2015 index.php -rw-r--r-- 1 clark.e 1049089 2508 Oct 18 09:48 LICENSE.txt -rw-r--r-- 1 clark.e 1049089 564 Jan 1 2016 phpunit.xml -rw-r--r-- 1 clark.e 1049089 569 Dec 26 2015 phpunit.xml.dist drwxr-xr-x 1 clark.e 1049089 0 Jan 1 2016 src/ drwxr-xr-x 1 clark.e 1049089 0 Jan 1 2016 test/ drwxr-xr-x 1 clark.e 1049089 0 Dec 30 2015 vendor/
75.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 75 Install Satis $ cd /somewhere/ $ composer create-project composer/satis --stability=dev --keep-vcs Installing composer/satis (dev-master f66ff72ce4e788e95827404888fd53b3c9d29f82) - Installing composer/satis (dev-master master): Cloning master from cache Created project in E:WindowsPCsatis Loading composer repositories with package information Installing dependencies (including require-dev) from lock file Package operations: 42 installs, 0 updates, 0 removals - Installing symfony/process (v3.2.8): Downloading (100%) - Installing symfony/finder (v3.2.8): Downloading (100%) - Installing symfony/filesystem (v3.2.8): Downloading (100%) - Installing symfony/polyfill-mbstring (v1.3.0): Downloading (100%) - Installing psr/log (1.0.2): Loading from cache ā¦ - Installing phpspec/prophecy (v1.7.0): Downloading (100%) - Installing myclabs/deep-copy (1.6.1): Loading from cache - Installing phpunit/phpunit (5.7.20): Downloading (100%) symfony/console suggests installing symfony/event-dispatcher () ā¦ Generating autoload files
76.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 76 Install Satis ā what we got clark.e@US-114-carle MINGW64 /e/WindowsPC/satis (master) -rw-r--r-- 1 clark.e 1049089 69 Oct 23 07:35 .dockerignore drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 .git/ -rw-r--r-- 1 clark.e 1049089 420 Oct 23 07:35 .gitattributes -rw-r--r-- 1 clark.e 1049089 72 Oct 23 07:35 .gitignore -rw-r--r-- 1 clark.e 1049089 1091 Oct 23 07:35 .php_cs.dist -rw-r--r-- 1 clark.e 1049089 366 Oct 23 07:35 .travis.yml drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 bin/ -rw-r--r-- 1 clark.e 1049089 635 Oct 23 07:35 box.json -rw-r--r-- 1 clark.e 1049089 1448 Oct 23 07:35 composer.json -rw-r--r-- 1 clark.e 1049089 79966 Oct 23 07:35 composer.lock -rw-r--r-- 1 clark.e 1049089 1687 Oct 23 07:35 Dockerfile drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 docs/ -rw-r--r-- 1 clark.e 1049089 1047 Oct 23 07:35 LICENSE -rw-r--r-- 1 clark.e 1049089 616 Oct 23 07:35 phpunit.xml.dist -rw-r--r-- 1 clark.e 1049089 3098 Oct 23 07:35 README.md drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 res/ drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 src/ drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 tests/ drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:36 vendor/ drwxr-xr-x 1 clark.e 1049089 0 Oct 23 07:35 views/
77.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 77 Satis ā ask for help $ ./bin/satis Satis 1.0.0-dev Usage: command [options] [arguments] Options: -h, --help Display this help message -q, --quiet Do not output any message -V, --version Display this application version --ansi Force ANSI output --no-ansi Disable ANSI output -n, --no-interaction Do not ask any interactive question -v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug Available commands: add Add repository URL to satis JSON file build Builds a composer repository out of a json file help Displays help for a command init Initialize Satis configuration file list Lists commands purge Purge packages
78.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 78 Make Satis aware of our VCS repo - 1 $ ./bin/satis help init Usage: init [options] [--] [<file>] Arguments: file JSON file to use [default: "./satis.json"] Options: --name=NAME Repository name --homepage=HOMEPAGE Home page -h, --help Display this help message -q, --quiet Do not output any message -V, --version Display this application version --ansi Force ANSI output --no-ansi Disable ANSI output -n, --no-interaction Do not ask any interactive question -v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug Help: The init generates configuration file (satis.json is used by default). You will need to run build command to build repository.
79.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 79 Make Satis aware of our VCS repo - 2 $ ./bin/satis init --name="Demo Satis Repo" --homepage="http://localhost:8000" Welcome to the Satis config generator This command will guide you through creating your Satis config. Repository name (Demo Satis Repo): Home page (http://localhost:8000): Your configuration file successfully created! You are ready to add your package repositories Use satis add repository-url to add them.
80.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 80 Make Satis aware of our VCS repo - 3 $ ./bin/satis init --name="Demo Satis Repo" --homepage="http://localhost:8000" Welcome to the Satis config generator This command will guide you through creating your Satis config. Repository name (Demo Satis Repo): Home page (http://localhost:8000): Your configuration file successfully created! You are ready to add your package repositories Use satis add repository-url to add them. $ ./bin/satis add "file:///c/Users/clark.e/Zend/workspaces/Talks/measurement/.git" Your configuration file successfully updated! It's time to rebuild your repository
81.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 81 Make Satis aware of our VCS repo - 4 $ ./bin/satis build ./satis.json ../satis-web Scanning packages wrote packages to ../satis-web/include/all$763792245e46c378a3907675e5fd9b442623d0a6.json Writing packages.json Pruning include directories Writing web view $ ls -lt ../satis-web/ total 289 -rw-r--r-- 1 clark.e 1049089 292984 Oct 23 08:10 index.html -rw-r--r-- 1 clark.e 1049089 192 Oct 23 08:10 packages.json drwxr-xr-x 1 clark.e 1049089 0 Oct 23 08:10 include/
82.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 82 Make Satis aware of our VCS repo - 5 $ cat ../satis-web/packages.json { "packages": [], "includes": { "include/all$763792245e46c378a3907675e5fd9b442623d0a6.json": { "sha1": "763792245e46c378a3907675e5fd9b442623d0a6" } } }
83.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 83 Host Composer Repo via Webserver $ php -S localhost:8000 -t ../satis-web/
84.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 84 Configure Application to Use Package $ cd ~/test-app/ $ ls -al total 65 drwxr-xr-x 1 clark.e 1049089 0 Oct 18 09:34 ./ drwxr-xr-x 1 clark.e 1049089 0 Oct 18 11:02 ../ -rw-r--r-- 1 clark.e 1049089 383 Oct 18 09:34 example-usage.php $ cat composer.json { "repositories": [ { "type": "composer", "url": "http://localhost:8000" } ] }
85.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 85 Resources ā¢ Composer Manual - https://getcomposer.org/doc/ ā¢ Semantic Versioning - http://semver.org/ ā¢ Autoloading - http://www.php-fig.org/psr/psr-4/ ā¢ JSON (JavaScript Object Notation) - http://json.org/ ā¢ Help - https://groups.google.com/forum/#!forum/composer-users ā¢ IRC - #composer on freenode irc://irc.freenode.org/composer ā¢ Packagist Semver Checker ā http://semver.mwl.be/ ā¢ Composer.json Schema ā https://getcomposer.org/doc/04-schema.md ā https://github.com/composer/composer/blob/master/res/compo ser-schema.json ā http://stackoverflow.com/questions/tagged/composer-php
86.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 86 So, who is this guy? Clark Everetts, ZCE ā¢ Rogue Wave Software (acquired Zend October 2015) ā¢ PHP since 2005 ā¢ Professional Services Consultant ā Architecture and Performance Audits ā PHP, Zend Framework Training ā Application Development, Best Practices, etc. ā IBM i ā¢ clark.everetts@roguewave.com @clarkphp +ClarkEveretts
87.
Ā© 2017 Rogue
Wave Software, Inc. All Rights Reserved. 87 THANK-YOU clark.everetts@roguewave.com @clarkphp +ClarkEveretts Tweet: #zendcon2017 Rate, comment, get slides https://joind.in/talk/973d7 Your feedback is invaluable!
Download now