Composer
Project Dependency Management for PHP

About Me

Passionate Free Software Developer
http://github.com/naderman

phpBB Development Lead
http://www.phpbb.com

Just launched
https://www.forumatic.com
Professional Managed phpBB Hosting

Managing
Packages vs Dependencies

Package Management in PHP

The Composer Ecosystem

github.com/composer

The Composer Ecosystem

Composer - CLI Tool

Easy to use
Installs deps per-project
Flexible and embeddable
Encourages best practices (PSRs, SPDX, semver)

The Composer Ecosystem

Packagist - Package Repository

Aggregates PHP libraries
Open to all OSS projects
Feeds on VCS (git, hg, svn) repositories

The Composer Ecosystem

Satis - Micro Repository

Minimalistic (Pirum-like)
Useful for closed source code

The Composer Ecosystem

composer/installers

Custom Package Installers for

Magento
phpBB
Drupal
SilverStripe
Symfony1
Wordpress
Zend Framework 1

CakePHP
CodeIgniter
FuelPHP
Joomla!
Kohana
Laravel
Lithium

Usage Instructions

Using a Composed Project

git clone https://github.com/symfony/standard-edition myproject

Cloning into myproject...

cd myproject/

curl -s http://getcomposer.org/installer | php

All settings correct for using Composer
Composer successfully installed to: /home/bob/myproject/composer.phar

Use it: php composer.phar

Using a Composed Project

php composer.phar install

Installing from lock file
  - Package twig/extensions (dev-master)
    Downloading
    Unpacking archive
    Cleaning up

[...]

  - Package twig/twig (1.8.0)
    Downloading
    Unpacking archive
    Cleaning up

  - Package symfony/symfony (dev-master)
    Downloading
    Unpacking archive
    Cleaning up

Generating autoload files

Using a Composed Project

vendor/
    autoload.php
    composer/
    monolog/
        monolog/
    symfony/
        symfony/
        monolog-bundle/
    twig/
        twig/
        extensions/
    [...]

One-line Project Initialization

php composer.phar create-project <package> [<dir>] [<version>]

php composer.phar create-project symfony/framework-standard-edition

Downloading Project Dependencies

composer.json

Located in project root directory
Defines dependencies

{
    "require": {
        "silex/silex": ">=1.0.0-dev",
        "symfony/finder": "2.1-dev",
        "twig/twig": "1.*",
        "predis/service-provider": "dev-master"
    },
    "require-dev": {
        "mikey179/vfsStream": "*"
    }
}

Source install: With install --prefer-source it clones/checks out the code.

Creating a Package Definition

{
    "name": "predis/predis",
    "type": "library",
    "description": "Flexible and feature-complete Redis client",
    "keywords": ["nosql", "redis", "predis"],
    "homepage": "http://github.com/nrk/predis",
    "license": "MIT",
    "authors": [
        {
            "name": "Daniele Alessandri",
            "email": "suppakilla@gmail.com",
            "homepage": "http://clorophilla.net"
        }
    ],
    "require": {
        "php": ">=5.3.0"
    },
    "autoload": {
        "psr-0": {"Predis": "lib/"}
    }
}

Note: Package Definition === Application/Root Definition

Avoiding version chaos
in your team

composer.lock

Lists packages & versions
Replaces composer.json
Created by composer install (installs your dependencies)
Updated by composer update (updates your dependencies)
Must be committed in your VCS and shipped with your releases

Benefits

Everyone on a team works with exactly the same dependency versions
When deploying, all machines run exactly the same dependency versions
Users will never get dependency versions that you did not test with

Autoloading

Libraries/projects define their namespaces:

"autoload": {
    "psr-0": {
        "Vendor\\Namespace": "lib/"
    },
    "classmap": ["src/", "VeryOld.php"]
},
"include-path": ["src/", ""]

Composer builds an autoloader for you:

vendor/autoload.php

Use the generated autoloader:

require __DIR__.'/../vendor/autoload.php';

use Silex\Application;
use Silex\Extension\TwigExtension;

use Symfony\Component\Finder\Finder;
use Symfony\Component\HttpFoundation\Response;

$app = new Application();
// ...

Autoloading Tests

Add your own namespaces for testing purposes in PHPUnit's bootstrap:

# tests/bootstrap.php

$loader = require __DIR__.'/../vendor/autoload.php';

$loader->add('My\Test', __DIR__);

Alternative Repositories

"repositories": [
    {
        "type": "composer",
        "url": "http://private.satis.example.org"
    },
    {
        "type": "vcs",
        "url": "git://example.org/MyRepo.git"
    },
    {
        "packagist": false
    }
]

See docs for more

Depending on packages without composer.json

"repositories": [
    {
        "type": "package",
        "package": {
            "name": "vendor/package",
            "version": "1.0.0",
            "dist": {
                "url": "http://example.org/package.zip",
                "type": "zip"
            },
            "source": {
                "url": "git://example.org/package.git",
                "type": "git",
                "reference": "tag name, branch name or commit hash"
            }
        }
    }
],
"require": {
    "vendor/package": "1.0.0"
}

Note: repositories are only available to the root package

State of the Project

Adoption

>3200 packages on Packagist
3'600'000 package installs from Packagist in last 5 months
Many early adopters
Supported by frameworks/libs
Integration by PaaS providers
(Integration in apps for plugins)

Roadmap

Support for web assets
Cleanups and small missing features
Bugfixes
Optimizations
Beta soon, first stable end of year
Want to help?
github.com/composer/composer/issues

Wishful Thinking

Look around.

Write small libs.

Share code.

Reuse things.

Reinvigorate PHP

Find Out More

Thank you.

Questions?

@naderman

Feedback

https://joind.in/7075

Bonus Slide: Aliases & Branches

Situation

I use symfony/monolog-bundle 2.0.10
symfony/monolog-bundle 2.0.10 requires symfony/monolog-bridge 2.0.10
symfony/monolog-bridge 2.0.10 requires monolog/monolog 1.*
I added a feature to monolog in my-feature-branch on my github fork

Solution

"repositories": [
    {
        "type": "vcs",
        "url": "git://github.com/my/monolog.git"
    }
]
"require": {
    "symfony/monolog-bundle": "2.0.10",
    "monolog/monolog": "dev-my-feature-branch as 1.1.0"
}

ComposerProject Dependency Management for PHP

About Me

Managing Packages vs Dependencies

Package Management in PHP

The Composer Ecosystem

The Composer Ecosystem

Composer - CLI Tool

The Composer Ecosystem

Packagist - Package Repository

The Composer Ecosystem

Satis - Micro Repository

The Composer Ecosystem

composer/installers

Custom Package Installers for

Usage Instructions

Using a Composed Project

Using a Composed Project

Using a Composed Project

One-line Project Initialization

Downloading Project Dependencies

composer.json

Creating a Package Definition

Avoiding version chaosin your team

composer.lock

Benefits

Autoloading

Autoloading Tests

Alternative Repositories

Depending on packages without composer.json

State of the Project

Adoption

Roadmap

Wishful Thinking

Look around.

Write small libs.

Share code.

Reuse things.

Reinvigorate PHP

Find Out More

Thank you.

Questions?

@naderman

Feedback

https://joind.in/7075

Bonus Slide: Aliases & Branches

Situation

Solution

Composer
Project Dependency Management for PHP

Managing
Packages vs Dependencies

Avoiding version chaos
in your team