Composer for package management

The Book Depository • 10th May 2013.

Alister Bulman

self::about()

self::current()

Scaling PHP-based systems, with related technologies.

Creatively lazy. I don't want to have to reinvent the wheel. I use someone else's wheel whenever I possibly can.

self::prev()

Programming PHP since 1999, PHP v3, (>12 years ago). Previously in everything from a ZX81, BBC/Electron, 6502 to 8086 Assembler, Pascal and C/C++ before PHP

Programming since 198-cough

PHP Dependancy hell

Pear
phpclasses.org
lots of copy and pasted code

Either many copies, scattered around, or just one single one per system.

Hard to update, annoying to keep in sync.

Impossible if you need different versions in different sites.

Code Reuse in the PHP Ecosystem

PHP had a very poor level of reuse
None at all between the major frameworks such as Zend/Symfony/Cake/Drupal
Common Standards kicked off a huge mindset change
PSR-0, Autoloading
Why ?
Allows to break down code into small, easily reused libraries
Still have to copy the code into the project
and then setup the autoloading namespace
And then came Composer...

Hang on to your hats

Composer live demo

pull in a UUID library ("rhumsaa/uuid": "2.1.1")
setup the autoloader, automatically
other people can install the same version, every time

Here's the basics

Composer.json file

"require": {
        "zendframework/zendframework1": "1.12.3",
        "rhumsaa/uuid": "2.1.*",
        "thebookdepository/php-search": "dev-master"
    },

Breaking down the parts:

vendor prefix zendframework / rhumsaa & thebookdepository
Project name - zf1, uuid & php-search
Versions, wildcards or the bleeding edge

There are over 10,000 libraries available on http://packagist.org

composer.lock file

List of packages, versions and also licences
if available, composer install will only use the .lock versions
composer.lock is committed into version control
Everyone works with exactly the same dependency versions
When deploying, all machines run exactly the same dependency versions
Users will never get dependency versions you did not test with
For an Upgrade, check the library based on a wildcard.* or dev-BRANCH versions listed in .json

Autoloading

{
"autoload": {
    "psr-0": {
        "Entity": "common/lib/",
        "ZFDebug": "common/lib/",
        "BD": "lib/",
    }
}

Using it:

{
<?php
require 'vendor/autoload.php';
$s = new BD_ShortUrl(...);
?>

Optimised loaders can be generated.

Testability

Pulling in a local PHPunit, and other tools
creates a composer/bin/phpunit, et al
Later: Local coding standards
you can use on your dev machines, and for CI


"require-dev": {
    "phpunit/phpunit": "~3.7.10",
    "squizlabs/php_codesniffer": "*",
    "mockery/mockery": "0.8.0"
},

The potential problems

Can't fetch the external code: - proxy problems to the outside world from dev boxes (run diag)

Larger 'vendor' directories: - its designed to be just-in-time delivery of the code, from cache

Complex composer configs with our own small library repositories
Vendoring 3rd party libraries for fast access, and security checks: - Satis, Package Repository Generator

btw, thanks to Chris for simplifying the common module (symlink) in the main BD repo

In Summary

Easy code reuse
From small (potentially) well-tested libraries
Well supported by libraries
Easy, consistent, build process (already supported with the CI server)
Fast autoloader scripts, that 'just work'
Easily used, one .json file in a repo enables its use in Composer
Versioned individually by Git Tags or Branches, or even specific SHA1s
A 'composer install' will use exactly the version you tested with

Composer introduction talk Other slidesdecks http://www.slideshare.net/naderman/composer-php-usergroup-karlsruhe http://www.slideshare.net/loalf/shifting-gears-with-composer http://www.slideshare.net/chebba/composer-package-management-for-php-silver-bullet http://www.slideshare.net/zfconf/zfconf-2012-dependency-management-php-zend-framework-2 http://www.slideshare.net/tcorrigan1/composer-14745871 The Wonderful World of Composer, video from KnpUniversity http://www.youtube.com/watch?v=QOldVDVYnAE (14 minutes) http://nelm.io/blog/2011/12/composer-part-1-what-why/ http://nelm.io/blog/2011/12/composer-part-2-impact/ http://moquet.net/blog/5-features-about-composer-php/ http://blog.dubture.com/2013/04/composer-is-now-first-class-eclipse.html http://blog.fortrabbit.com/handle-your-dependencies-with-php-composer/

Thanks

Presented, 10th May 2013 at a 'TBD/The Best Developers' session at The Book Depository, Slough
Composer at http://getcomposer.org/
The homepage for this, with a live-viewable version is at my homepage, http://alister.github.io/presentations/
Also see the KnpUniversity Composer tutorial screencast

Questions?

Alister Bulman

... and elsewhere, just search for me - I'm pretty unique