如何在使用Composer的开发/生产开关时正确部署? [英] How to deploy correctly when using Composer's develop / production switch?
问题描述
Composer可以选择仅在开发过程中加载多个依赖项,因此这些工具不会安装在生产环境中(在实时服务器上)。这在理论上对于在开发中只有意义的脚本非常方便,例如测试,fake-data-tools,调试器等。
使用dev中需要的工具添加额外的 require-dev
块:
require-dev:{
codeception / codeception:1.6.0.3
}
然后(理论上)通过
加载这些依赖关系。 composer install --dev
问题:
Composer已更改安装
和更新
在2013年, require-dev
-dependencies现在安装默认情况下(!),随意创建一个composer.json与 require -dev
阻止并执行 composer install
以重现。
部署方式是推送作曲家。 lock (保存您当前的作曲家设置),然后在生产服务器上执行 composer install
在安装-dev依赖项之前,部署这个的正确方法是什么?
注意:我试图在这里创建一个规范的Q / A来澄清奇怪的Composer部署。随时可以编辑此问题。
为什么
$ b
有一个很好的理由为什么Composer将默认使用 - dev
标志(在安装和更新)。 Composer主要运行在想要的行为的场景中:
基本的Composer工作流程如下:
- 开始一个新项目:
composer.phar install --dev
,json和lock文件提交给VCS。 - 其他开发人员开始开发该项目:检出VCS和
composer.phar install --dev
。 - 添加依赖:
composer.phar require< package>
,添加- dev
code> require-dev 部分(和提交)。 - 其他一起:(checkout和)
composer.phar install --dev
。 - 开发人员想要新版本的依赖项:
composer.phar update --dev< package> $
- 其他一起使用:(checkout和)
composer.phar install --dev
。 / li>
- 部署项目:
composer.phar install --no-dev
正如你可以看到 - dev
标志被使用(远)超过 - no-dev
生产部署
$ b$ b
在不安装dev依赖项的情况下部署此方法的正确方法是什么?
那么,应该将 composer.json
和 composer.lock
文件提交到VCS。不要省略 composer.lock
,因为它包含有关应使用的软件包版本的重要信息。
执行生产部署,您可以将 - no-dev
标志传递给Composer:
composer.phar install --no-dev
composer.lock
文件可能包含有关dev-packages的信息。这没关系。 - no-dev
标志将确保未安装这些dev-packages。
生产部署,我的意思是部署,旨在用于生产。我不是在一个 composer.phar安装
是否应该在生产服务器上,或在可以审查事情的临时服务器上进行争论。这不是这个答案的范围。我只是指出如何 composer.phar install
,而不安装dev依赖。
Offtopic
- optimize-autoloader
标志在生产时可能还需要class-map,它将加速你的应用程序中的自动加载):
composer.phar install --no-dev --optimize- autoloader
或者当自动部署完成时:
composer.phar install --no-ansi --no-dev --no-interaction --no-progress --no-scripts --optimize-autoloader
Composer has the option to load several dependencies only while being in development, so the tools will not be installed in production (on the live server). This is (in theory) very handy for scripts that only make sense in development, like tests, fake-data-tools, debugger, etc.
The way to go is to add an additional require-dev
block with the tools you need in dev:
"require-dev": {
"codeception/codeception": "1.6.0.3"
}
and then (theoretically) load these dependencies via
composer install --dev
Problem & Question:
Composer has changed the behaviour of install
and update
dramatically in 2013, require-dev
-dependencies are now installed by default (!), feel free to create a composer.json with a require-dev
block and perform an composer install
to reproduce.
As the most accepted way to deploy is to push the composer.lock (that holds your current composer setup) and then do an composer install
on the production server, this will also install the development stuff.
What's the correct way to deploy this without installing the -dev dependencies ?
Note: I'm trying to create a canonical Q/A here to clarify the weird Composer deployment. Feel free to edit this question.
Why
There is IMHO a good reason why Composer will use the --dev
flag by default (on install and update) nowadays. Composer is mostly run in scenario's where this is desired behavior:
The basic Composer workflow is as follows:
- A new project is started:
composer.phar install --dev
, json and lock files are commited to VCS. - Other developers start working on the project: checkout of VCS and
composer.phar install --dev
. - A developer adds dependancies:
composer.phar require <package>
, add--dev
if you want the package in therequire-dev
section (and commit). - Others go along: (checkout and)
composer.phar install --dev
. - A developer wants newer versions of dependencies:
composer.phar update --dev <package>
(and commit). - Others go along: (checkout and)
composer.phar install --dev
. - Project is deployed:
composer.phar install --no-dev
As you can see the --dev
flag is used (far) more than the --no-dev
flag, especially when the number of developers working on the project grows.
Production deploy
What's the correct way to deploy this without installing the "dev" dependencies?
Well, the composer.json
and composer.lock
file should be committed to VCS. Don't omit composer.lock
because it contains important information on package-versions that should be used.
When performing a production deploy, you can pass the --no-dev
flag to Composer:
composer.phar install --no-dev
The composer.lock
file might contain information about dev-packages. This doesn't matter. The --no-dev
flag will make sure those dev-packages are not installed.
When I say "production deploy", I mean a deploy that's aimed at being used in production. I'm not arguing whether a composer.phar install
should be done on a production server, or on a staging server where things can be reviewed. That is not the scope of this answer. I'm merely pointing out how to composer.phar install
without installing "dev" dependencies.
Offtopic
The --optimize-autoloader
flag might also be desirable on production (it generates a class-map which will speed up autoloading in your application):
composer.phar install --no-dev --optimize-autoloader
Or when automated deployment is done:
composer.phar install --no-ansi --no-dev --no-interaction --no-progress --no-scripts --optimize-autoloader
这篇关于如何在使用Composer的开发/生产开关时正确部署?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!