»Unlabelled » Using Composer Without GitIgnoring Vendor/

Using Composer Without GitIgnoring Vendor/

Posted by Unknown on Tuesday, March 11, 2014

Recent additions to the joind.in API have introduced some new dependencies so we decided we'd start using Composer to manage these - but we don't want to run composer unsupervised. I'm sure this will bring the rain of "just run composer install, it's probably mostly almost safe" criticism, but actually it's quite tricky to run Composer without excluding vendor/ from source control so I thought I'd share how we did it so that anyone who wants to do so can learn from my experience!


The Prescribed Method


Let's start with the usual method of using composer:



  1. Create composer.json to describe the dependencies

  2. Run composer update to find specific versions of those dependencies and write exact versions to composer.lock. Repeat this step if composer.json changes.

  3. Add the vendor directory to .gitignore, but add the composer.* files.

  4. Run composer install on all platforms (and do this again whenever composer.lock changes.


That's the basic composer pattern, and it works well. Most people should do it this way.


Checking Libraries into Git


There are a few reasons you might want to check your dependencies into source control yet still use composer, such as:



  • Either your users or your tools aren't ready to start using composer yet

  • Your live servers don't have internet access so dependencies need to be packaged with code

  • Running composer on live scares you because it's recently had some bad security press

  • You like composer for managing dependencies, or think it will become production-ready soon, but you're not running it on live yet - because you, your sysadmins or your IT director aren't ready


When I tried to just commit my vendor directory, some git submodule weirdness ensued, and in fact, the documentation does cover this:



Adding dependencies installed via git to a git repo will show them as submodules. This is problematic because they are not real submodules, and you will run into issues.



I did, indeed, run into issues.


The workaround (from the same docs) is to add a .gitignore line that removes all .git directories within your vendor directory. So add this line to the .gitignore file at the same level as composer.json and vendor/:




vendor/.git

Now when you install dependencies into composer (I found I had to git rm my entire vendor directory, commit, and then composer install again to clean up my earlier mistakes) you can safely add the vendor directory to the project and treat it as a library directory you had unzipped downloaded packages to. Apart from it's fabulous autoloader and easy-to-update format, that is :)


Lorna is an independent web development consultant, author and trainer, available for work (interesting projects only). This post was originally published at LornaJane




more
at 5:34 PM

{ 0 comments... » Using Composer Without GitIgnoring Vendor/ read them below or add one }


Post a Comment

Popular Posts