Composer & Packagist 101

Hi, Habr! Today I would like to talk with you about my friends to experienced PHP developers, but mysterious for beginners, the pieces - Composer and Packagist. I have no doubt that for many here the text will not be a revelation. Material for those who are described below only to be encountered.

You are a PHP developer and you need a good dependency manager - like npm or Bundler? Are you tired of suffering from pear? And you do not want to manually download libraries from sites and update all dependencies? Then it's time to get to know Composer and Packagist.

')

The basics

Let's start with an explanation of what Composer is, and later we'll talk about Packagist. Composer is initially a dependency manager for PHP at the project level. This means that now we do not need to suffer with the once popular pear, because for each project we need our own versions of libraries and other things. Now with Composer all dependencies will be installed in the vendor folder in the root of your project, and projects will not conflict. Each project will have its own set of installed dependencies.

Also in composer.json, you can set the scripts section. If you use it correctly, you can get an easy deploy manager. But I leave this section to you as a homework :).

How it works? You just need to create the file composer.json in the root of the project and fill it in according to the documentation. The minimum required in this file is a set of dependencies. In essence, this is just a json object, the key in which is the name of the required package, and the value is the version needed for the project. To specify the version used semver. For example, if the project requires PHP minimum version 5.4 and a library for logging monolog 1.9. *, You need to specify the following require object.

"require": { "php": ">=5.4.0", "monolog/monolog": "1.9.*" } 

Then you just need to run the command composer update on the command line, and all new dependencies will be loaded into the vendor folder, and you can use them. Yes, the entire PHP Composer will not tighten, but will check that the PHP installed on the machine is the correct version. And if we are talking about libraries, Composer downloads the package of the appropriate version in the vendor folder.

Imagine the situation: we have finally implemented Composer in our project, we are using it with might and main, in general, we are great! But at some point we come to a situation where both developers and the server have different versions of libraries. How to be? To do this, composer next to composer.json creates the file composer.lock. It after the composer update command records the exact information about the versions that are installed. It needs to be committed to the version control system, and so all developers, as well as on the server, can simply execute the composer install command, and all the libraries of exactly those versions that are described in this file will be installed.

We write your package

Any developer has the right to create your composer package and put it in Open Source. I also want to describe this process further.

Composer package is essentially a set of files that can be connected to any project. All this can be sorted into folders as you wish. The main thing is to set up a startup composer. What is the structure of the Composer package? A compulsory file for any package is composer.json. This is the file in which all information about this package is stored: name, description, list of dependencies, license type, and so on. Here is an example composer.json simple package.

 { "name": "dataart/package", "type": "library", "description": "Composer package by DataArt", "license": "MIT", "require": { "php": ">=5.4.0", "illuminate/support": "~4.2" }, "autoload": { "psr-4": { "Dataart\\Package\\": "src/" } } } 

Name - package name (format vendor / name).
Type - package type, this package - library
Description - the package description.
License - license type.
Require - list of dependencies of this package. It requires a PHP version of at least 5.4.0 and the package illuminate / support. All versions are described by semver.
Autoload - startup settings. In this case, it is indicated that the Dataart \ Package namespace starts in the src folder. That is, all files that are in the src folder should have Dataart \ Package namespace. If, for example, you want to create a User class and save the class file in the Models folder, the User class namespace should be Dataart \ Package \ Models.

The src folder stores all the files needed for the package. It is recommended to make a folder next to the src folder, and cover the library with tests. Next, the entire folder in which composer.json is located should be committed to Github. It is possible on Bitbucket, but all use Github.

Also composer has a number of console commands that are designed to speed up work with him.

init

will launch an interactive initialization of the project composer for you and, after asking a few basic questions, will generate a composer.json file.

install

reads composer.json, resolves dependencies and installs them into the vendor folder. If the folder contains a file composer.lock, the exact versions specified in the file will be used. This allows all developers to have the same version of all libraries.

update

is used to get newer versions of packages, thereby updating composer.lock. Also used if new dependencies are added. Can also be used with parameters. composer update vendor / package1 vendor / package2 will update only two packages. You can also upgrade all packages of one vendor with the composer update vendor / * command

require

adds new dependencies from the command line. For example, composer require vendor / package: 2. * vendor / package2: dev-master. If you do not specify a version, the composer automatically tightens the latest stable version.

remove

exact opposite of require.

dump-autoload

update autoloader if there are new classes or rules of autoloading.

You can add the —optimize-autoloader (-o) switch to the install, update, and dump-autoload commands to convert the psr-0/4 autoload rules to a “class map” to speed up autoloading. Recommended for production environments.

Open source it

Zakommitili? Cool, but composer for some reason still does not find the package and can not pull it up for another project. How to be?

Yes, you can specify specific addresses of the svn / git repositories in composer.json, but this is inconvenient. It is much more convenient to have some kind of central point where there are matches of packages with their repository addresses. This is Packagist .

It is used to publish composer packages. Posting your package there is easy. Just register with the service (or using your Github account via oAuth2), then click the Submit Package link, specify the repository URL, and Packagist will pull up the rest and periodically check the repository for new versions.

How is the versioning? It is necessary to version according to the semver system. And specify package versions using tags in the version control system. Everything is very simple!

Create your packages, publish them and become a full member of the Open Source community.

You can install composer on getcomposer.org .

View all available PHP packages at packagist.org .