Hey everyone,
with Yii2 PR out and some fresh energy I took time to experiment with it. It seems like with Yii 2, Composer also plays a big role here, so I tried to take a look. With not too much success.
I’ve used several linux distributions for several years and I’ve seen quite a lot of package managing tools. Although, Composer claims its not Package Management but Dependency Management. Their explanation “By default it will never install anything globally. Thus, it is a dependency manager.” doesn’t really make sense to me, but okay.
Now let’s say I want to create dependencies for a very basic Yii(2) application with fullcalendar (a JS calendar). In thise case, where would I even put my composer.json? Inside the application directory doesn’t make much sense, because Yii itself is just another dependency.
So however I create my composer.json. Now here comes the “fun” part. Apparently Composer comes with 1 (default) repository, packagist.com. But there’s a bunch(?) of others: http://packages.phundament.com/ for example. I don’t know how to find other repositories, but nevermind I just try packagist. So I look for “fullcalendar”. I find an Yii1 and Symfony2 plugin. Not exactly what I wanted, but okay. Funny enough, neither of these have the original “fullcalendar” in their dependency list. So I have to guess which version they are using.
Seems like I have to create this package on my own, if I want to manage my dependency on this with composer. I read how to do that on packagist.com. They explain it with 5 sentences, must be very simple then.
Step 1: Define your Package.
This is the same stuff I would write in my composer.json, if this package already existed.
Step 2: Commit the File
“You surely don’t need help with that.” More like “You don’t GET help with that.” Okay, I have downloaded fullcalendar in the meanwhile, since it wasn’t available. Now what should I do with it? Where should I commit what?
Step 3: Publish it
No idea, since I haven’t gotten that far.
So no luck for me this time. But even if I succeeded: What if someone later finds this? It would have to say tropi/fullcalendar, although I’m obviously NOT the one who authored this. How would someone who finds this know this is authentic and I didn’t change some parts of the code? What if there’s one package from multiple vendors - or people like me who just did the package? What’s up with private components, do I have to set up my own Composer repository? In the end, what does composer even do for me? How does it even resolve versions? For example what if some Addon has >yii1.1.8 as dependency. Would it download yii2, which we all know is not backwards compatible. Would it get me 1.1.8 which is fairly outdated?
In the end I don’t even get what Composer exactly helps me with. Maybe it makes me more aware of dependencies, but I can’t see how it would actually makes things easier.
Thanks to everyone who is willing to explain this to be a little better, than the "documentation" did.