Yii Framework Forum: I Don't Get Composer - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

I Don't Get Composer Rate Topic: ***** 1 Votes

#1 User is offline   Tropi 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 73
  • Joined: 30-November 11

Posted 07 May 2013 - 03:33 PM

Hey everyone,
with Yii2 PR out and some fresh energy I took time to experiment with it. It seems like with Yii 2, Composer also plays a big role here, so I tried to take a look. With not too much success.
I've used several linux distributions for several years and I've seen quite a lot of package managing tools. Although, Composer claims its not Package Management but Dependency Management. Their explanation "By default it will never install anything globally. Thus, it is a dependency manager." doesn't really make sense to me, but okay.

Now let's say I want to create dependencies for a very basic Yii(2) application with fullcalendar (a JS calendar). In thise case, where would I even put my composer.json? Inside the application directory doesn't make much sense, because Yii itself is just another dependency.

So however I create my composer.json. Now here comes the "fun" part. Apparently Composer comes with 1 (default) repository, packagist.com. But there's a bunch(?) of others: http://packages.phundament.com/ for example. I don't know how to find other repositories, but nevermind I just try packagist. So I look for "fullcalendar". I find an Yii1 and Symfony2 plugin. Not exactly what I wanted, but okay. Funny enough, neither of these have the original "fullcalendar" in their dependency list. So I have to guess which version they are using.

Seems like I have to create this package on my own, if I want to manage my dependency on this with composer. I read how to do that on packagist.com. They explain it with 5 sentences, must be very simple then.
Step 1: Define your Package.
This is the same stuff I would write in my composer.json, if this package already existed.

Step 2: Commit the File
"You surely don't need help with that." More like "You don't GET help with that." Okay, I have downloaded fullcalendar in the meanwhile, since it wasn't available. Now what should I do with it? Where should I commit what?

Step 3: Publish it
No idea, since I haven't gotten that far.

So no luck for me this time. But even if I succeeded: What if someone later finds this? It would have to say tropi/fullcalendar, although I'm obviously NOT the one who authored this. How would someone who finds this know this is authentic and I didn't change some parts of the code? What if there's one package from multiple vendors - or people like me who just did the package? What's up with private components, do I have to set up my own Composer repository? In the end, what does composer even do for me? How does it even resolve versions? For example what if some Addon has >yii1.1.8 as dependency. Would it download yii2, which we all know is not backwards compatible. Would it get me 1.1.8 which is fairly outdated?

In the end I don't even get what Composer exactly helps me with. Maybe it makes me more aware of dependencies, but I can't see how it would actually makes things easier.

Thanks to everyone who is willing to explain this to be a little better, than the "documentation" did.
2

#2 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,016
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 17 May 2013 - 09:14 AM

I share many of your concerns. I just don't trust composer. It says, it solves depencies for me. But that means, i have to give away my freedom and sell my soul to some package author and pray that he got everything right. If not, then with a simple "composer update" (or "composer install"?) I can mess up my complete project with dozens of updated dependencies that may now break other things.
0

#3 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 17 May 2013 - 03:01 PM

For me it saves me from littering my repositories with third-party code.
And since you can specify exact versions of the software in your composer script, and because it will produce a lock file, I think it's fairly safe.

That said, there are people who would use it to brush their teeth.. if they could.

I am not sure I would use composer to install Yii extensions, though.
Let's see.
"Less noise - more signal"
0

#4 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 569
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 30 May 2013 - 03:49 PM

Hi guys,

View PostTropi, on 07 May 2013 - 03:33 PM, said:

[...]
Their explanation "By default it will never install anything globally. Thus, it is a dependency manager." doesn't really make sense to me, but okay.

Yeah, same here, but I think that's just the correct term.

View PostTropi, on 07 May 2013 - 03:33 PM, said:

Now let's say I want to create dependencies for a very basic Yii(2) application with fullcalendar (a JS calendar). In thise case, where would I even put my composer.json? Inside the application directory doesn't make much sense, because Yii itself is just another dependency.

Some time has passed since your posting and there's already a Yii2 advanced app now.
I am also playing around with it, you can see here how you'll a package is added to your application. Running composer.phar require schmunk42/yii2-extension-skeleton:dev-master would add that line to composer.json also.

View PostTropi, on 07 May 2013 - 03:33 PM, said:

So however I create my composer.json. Now here comes the "fun" part. Apparently Composer comes with 1 (default) repository, packagist.com. But there's a bunch(?) of others: http://packages.phundament.com/ for example. I don't know how to find other repositories, but nevermind I just try packagist. So I look for "fullcalendar". I find an Yii1 and Symfony2 plugin. Not exactly what I wanted, but okay. Funny enough, neither of these have the original "fullcalendar" in their dependency list. So I have to guess which version they are using.


I don't know fullcalender in detail, but I bet they don't include a composer.json file in their repo, but that's not composer's fault!
I created the repo mentioned above exactly for these cases, let me quote from phundament.com:

Because not every package used by Phundament is available via a source-code repository which supplies a composer.json file. Therefore we decided to create this intermediate package repository, which allows us to use a wider range of available extensions with minimal effort.

Packagist is the main repository for composer and I'd encourage everyone to use it.
But you can either download it's source code from GitHub or use satis.

View PostTropi, on 07 May 2013 - 03:33 PM, said:

Seems like I have to create this package on my own, if I want to manage my dependency on this with composer. I read how to do that on packagist.com. They explain it with 5 sentences, must be very simple then.
Step 1: Define your Package.
This is the same stuff I would write in my composer.json, if this package already existed.

Step 2: Commit the File
"You surely don't need help with that." More like "You don't GET help with that." Okay, I have downloaded fullcalendar in the meanwhile, since it wasn't available. Now what should I do with it? Where should I commit what?

Step 3: Publish it
No idea, since I haven't gotten that far.

Maybe this is helpful: https://packagist.org/about

View PostTropi, on 07 May 2013 - 03:33 PM, said:

So no luck for me this time. But even if I succeeded: What if someone later finds this? It would have to say tropi/fullcalendar, although I'm obviously NOT the one who authored this. How would someone who finds this know this is authentic and I didn't change some parts of the code? What if there's one package from multiple vendors - or people like me who just did the package? What's up with private components, do I have to set up my own Composer repository? In the end, what does composer even do for me? How does it even resolve versions? For example what if some Addon has >yii1.1.8 as dependency. Would it download yii2, which we all know is not backwards compatible. Would it get me 1.1.8 which is fairly outdated?

Huh, a lot of questions :) I'll try to answer some...

You can declare private repos in your composer.json file, see http://getcomposer.o...md#repositories
Tags in a git repo correspond to a version.
If you want to know how composer resolves version, you may take a look a the Solver Class, but be warned - it's not trivial ;)
Yes, if the add-on has yiisoft/yii >= 1.1.8 as dependency it will download a 2.0, when available. But that would be a bug in the add-on.
It should be declared as 1.1.* or ~1.1 or >=1.1.8,<=2.0.

View PostTropi, on 07 May 2013 - 03:33 PM, said:

In the end I don't even get what Composer exactly helps me with. Maybe it makes me more aware of dependencies, but I can't see how it would actually makes things easier.

Thanks to everyone who is willing to explain this to be a little better, than the "documentation" did.

Let me know about your remaining open questions.

View PostMike, on 17 May 2013 - 09:14 AM, said:

I share many of your concerns. I just don't trust composer. It says, it solves depencies for me. But that means, i have to give away my freedom and sell my soul to some package author and pray that he got everything right. If not, then with a simple "composer update" (or "composer install"?) I can mess up my complete project with dozens of updated dependencies that may now break other things.

update and install are different things, see my posting about it on composer-dev about it.
Just remember this: run update on purpose, if you really want to update one or many packages. This git-hook may also be interesting, because it tells you when you have to run install.


Best regards,
schmunk
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#5 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,016
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 04 June 2013 - 03:01 AM

Example from real life: I participate in a project where they already use composer. I need one of my extensions there which is available from github ("mikeahertl/defaultpersister"). So i thought lets give this a try and added "mikehaertl/defaultpersister" to composer.json in the "require" section.

Then i crossed fingers, and ran "composer update". Instead of installing my little extension only, it updated a huge pile of dependencies (guzzle, some symfony stuff, ...). All i wanted was my tiny little extension and now i had all these updated, untested files in my repo.

I cursed, undid everything and went back to good old git submodules.
0

#6 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 569
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 04 June 2013 - 07:45 AM

You should have cursed yourself, because you did it wrong ;)
A composer update always gives you the latest versions for all your packages.

If you would have done it like this...
edit composer.json
composer.phar update mikehaertl/phpwkhtmltopdf

...composer would just have installed your new package and updated your other packages to the version specified in to lock file.

Now run
composer.phar update --dry-run
to see that there may still be newer versions available.

You can do this in one line btw:
composer.phar require mikehaertl/phpwkhtmltopdf:1.1.*


Do NOT use composer update all the time - ONLY on purpose.
You should be safe with running composer install (unless there's a guy in your team who updates all the time and then commits the lock file). :D



I've attached another lengthy example from a somewhat outdated version of Phundament on my HD ... first check if your app is in-sync with the lock file:

Kraftbuch:wb tobias$ cd /Users/tobias/Desktop/app-dev 
Kraftbuch:app-dev tobias$ composer.phar install --dev --dry-run
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
  - Updating phundament/gii-template-collection (0.8.8) to phundament/gii-template-collection (0.8.10)
  - Updating phundament/p3widgets (0.11.3) to phundament/p3widgets (0.11.4)
  - Updating phundament/p3admin (0.12.2) to phundament/p3admin (0.12.3)
  - Updating phundament/p3pages (0.10.5) to phundament/p3pages (0.11.6)
  - Updating phundament/p3bootstrap (0.13.2) to phundament/p3bootstrap (0.14.1)
  - Updating phundament/p3media (0.11.9) to phundament/p3media (0.11.10)
  - Updating twitter/bootstrap (v2.3.1) to twitter/bootstrap (v2.3.2)
  - Uninstalling 2amigos/yiiwheels (dev-master c0b3510)
  - Uninstalling yii-twbs/yiistrap (dev-master 3d4a2c5)
  - Updating phundament/p3extensions (dev-master 0.10.1) to phundament/p3extensions (dev-master 0.12.0)
  - Updating waalzer/app-demo-data (dev-master c9f1d74) to waalzer/app-demo-data (dev-master 9d0f8f4)


As an example, this would give me the very latest packages (note the dry-run option)

Kraftbuch:app-dev tobias$ composer.phar update --dev --dry-run
Loading composer repositories with package information
Updating dependencies (including require-dev)
  - Updating phundament/p3widgets (0.11.3) to phundament/p3widgets (0.11.8)
  - Updating phundament/p3admin (0.12.2) to phundament/p3admin (0.12.3)
  - Updating phundament/p3media (0.11.9) to phundament/p3media (0.11.10)
  - Updating phundament/p3pages (0.10.5) to phundament/p3pages (0.11.9)
  - Updating phundament/p3bootstrap (0.13.2) to phundament/p3bootstrap (0.14.2)
  - Updating phundament/gii-template-collection (0.8.8) to phundament/gii-template-collection (0.8.10)
  - Updating twitter/bootstrap (v2.3.1) to twitter/bootstrap (v2.3.2)
  - Uninstalling 2amigos/yiiwheels (dev-master c0b3510)
  - Uninstalling yii-twbs/yiistrap (dev-master 3d4a2c5)
  - Updating phundament/p3extensions (dev-master 0.10.1) to phundament/p3extensions (dev-master 0.12.0)
  - Updating waalzer/app-demo-data (dev-master c9f1d74) to waalzer/app-demo-data (dev-master 9d0f8f4)


But I just want that single package (note that composer updates your app to the versions specified in the lock file)

Kraftbuch:app-dev tobias$ composer.phar require mikehaertl/phpwkhtmltopdf:1.1.*
composer.json has been updated
Welcome to Phundament

Updating packages...

Loading composer repositories with package information
Updating dependencies (including require-dev)
  - Removing twitter/bootstrap (v2.3.1)
  - Installing twitter/bootstrap (v2.3.2)
    Downloading: 100%         

  - Removing phundament/p3widgets (0.11.3)
  - Installing phundament/p3widgets (0.11.4)
    Downloading: 100%         

  - Removing phundament/p3admin (0.12.2)
  - Installing phundament/p3admin (0.12.3)
    Loading from cache

  - Removing phundament/p3media (0.11.9)
  - Installing phundament/p3media (0.11.10)
    Loading from cache

  - Removing phundament/p3pages (0.10.5)
  - Installing phundament/p3pages (0.11.6)
    Loading from cache

  - Removing phundament/p3bootstrap (0.13.2)
  - Installing phundament/p3bootstrap (0.14.1)
    Downloading: 100%         

  - Removing phundament/gii-template-collection (0.8.8)
  - Installing phundament/gii-template-collection (0.8.10)
    Loading from cache

  - Installing mikehaertl/phpwkhtmltopdf (dev-master 1.1.5)
    Cloning 1.1.5

  - Removing 2amigos/yiiwheels (dev-master)
  - Removing yii-twbs/yiistrap (dev-master)
Writing lock file
Generating autoload files
Update completed.


But not to the very latest version:

Kraftbuch:app-dev tobias$ composer.phar update --dev --dry-run
Loading composer repositories with package information
Updating dependencies (including require-dev)
  - Updating phundament/p3widgets (0.11.4) to phundament/p3widgets (0.11.8)
  - Updating phundament/p3pages (0.11.6) to phundament/p3pages (0.11.9)
  - Updating phundament/p3bootstrap (0.14.1) to phundament/p3bootstrap (0.14.2)
  - Updating phundament/p3extensions (dev-master 0.10.1) to phundament/p3extensions (dev-master 0.12.0)
  - Updating waalzer/app-demo-data (dev-master c9f1d74) to waalzer/app-demo-data (dev-master 9d0f8f4)

Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
1

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users