Composing Project Dependencies

Derek Gallo@derekgallo

http://github.com/drock

Problem

•Projects use many libs or frameworks

•Most libs have several dependencies

•Different projects need different versions

An Example

PHPUnit 3.7

SymfonyYAML

2.2

PHPUnitMocks

1.3...

Project A

PHPUnit 3.6

SymfonyYAML1.02

PHPUnitMocks

1.1...

Project B

Pear

PHPUnit 3.7

SymfonyYAML

2.2

PHPUnitMocks

1.3...

Project A Project B

Single shared dependency

No autoloading

Not part of build

Submodules

PHPUnit 3.7

SymfonyYAML

2.2

PHPUnitMocks

1.3

Project A

PHPUnit 3.6

SymfonyYAML1.02

PHPUnitMocks

1.1

Project B

No autoloading

No dependency management

Composer!

PHPUnit 3.7

SymfonyYAML

2.2

PHPUnitMocks

1.3...

Project A

PHPUnit 3.6

SymfonyYAML1.02

PHPUnitMocks

1.1...

Project B

Composer!

•Autoloading

•Dependency Management

•Per project dependencies

•Part of build

Composer is a tool for dependency management in PHP. It allows you to declare the dependent libraries your project needs and it will install them in your project for you.

Installation

•Locally

• curl -sS https://getcomposer.org/installer | php

•Globally

• sudo mv composer.phar /usr/local/bin/composer

• composer selfupdate <- Do regularly

Silex Sample

•Create empty project folder

•Create composer.json

Silex Sample

Silex Sample• >composer install

Silex Sample• include autoloader

• write controller

Silex Sample• add monolog

Silex Sample• >composer update

Silex Sample• add logging code

Defining Dependencies

Vendor/Package

Version

Stability Requirements

Installing Dependencies•>composer install

•downloads dependencies to vendor folder

•generates autoloader

Using Dependencies

•PSR-0 - Standards defining naming conventions for autoloading.

•Use composer generated autoloader

Updating Dependencies•>composer update

•upgrades packages to latest version based on rules in composer.json

Install vs Update•composer.lock

•tracks versions of dependencies used

•commit it

•install-looks for composer.lock then composer.json

•update-looks straight at composer.json and updates composer.lock

Working in a Team

•Elect a dependency manager

•manages and commits composer files

•add vendor folder to git/svn ignore

Finding Packages

•Packagist

•>composer search ...

•Github

•look for composer.json

Older Packages

• Hopefully its PSR-0 compliant

Define a package repository in your

composer.json

Specify locations of sources

Instruct autoloader

Bleeding EdgeVersion Tag

Version Branch

Other Branch

Custom Forks• Fork on Github

• Add your repo

• Specify your branch

Bootstrapping>composer create-project -s dev fabpot/silex-skeleton .

More?• http://getcomposer.org

• http://packagist.org

• https://github.com/php-fig/fig-standards/blob/master/accepted/

ThanksDerek Gallo@derekgallo

http://github.com/drock