如何在使用Composer的开发/生产开关时正确部署？ [英] How to deploy correctly when using Composer's develop / production switch?

问题描述

Composer可以选择仅在开发过程中加载多个依赖项，因此这些工具不会安装在生产环境中（在实时服务器上）。这在理论上对于在开发中只有意义的脚本非常方便，例如测试，fake-data-tools，调试器等。

使用dev中需要的工具添加额外的 require-dev 块：

 require-dev：{
codeception / codeception：1.6.0.3
} 
  

然后（理论上）通过

加载这些依赖关系。

  composer install --dev 
  

问题：

Composer已更改安装和更新在2013年， require-dev -dependencies现在安装默认情况下（！），随意创建一个composer.json与 require -dev 阻止并执行 composer install 以重现。

部署方式是推送作曲家。 lock （保存您当前的作曲家设置），然后在生产服务器上执行 composer install

在安装-dev依赖项之前，部署这个的正确方法是什么？

_{注意：我试图在这里创建一个规范的Q / A来澄清奇怪的Composer部署。随时可以编辑此问题。}

解决方案

为什么
$ b

有一个很好的理由为什么Composer将默认使用 - dev 标志（在安装和更新）。 Composer主要运行在想要的行为的场景中：

基本的Composer工作流程如下：

• 开始一个新项目： composer.phar install --dev ，json和lock文件提交给VCS。


• 其他开发人员开始开发该项目：检出VCS和 composer.phar install --dev 。


• 添加依赖： composer.phar require< package> ，添加 - dev code> require-dev 部分（和提交）。


• 其他一起：（checkout和） composer.phar install --dev 。


• 开发人员想要新版本的依赖项： composer.phar update --dev< package>

• 其他一起使用：（checkout和） composer.phar install --dev 。 / li>

• 部署项目： composer.phar install --no-dev



正如你可以看到 - dev 标志被使用（远）超过 - no-dev

生产部署

$

b
$ b

在不安装dev依赖项的情况下部署此方法的正确方法是什么？

那么，应该将 composer.json 和 composer.lock 文件提交到VCS。不要省略 composer.lock ，因为它包含有关应使用的软件包版本的重要信息。

执行生产部署，您可以将 - no-dev 标志传递给Composer：

  composer.phar install --no-dev 
  

composer.lock 文件可能包含有关dev-packages的信息。这没关系。 - no-dev 标志将确保未安装这些dev-packages。

生产部署，我的意思是部署，旨在用于生产。我不是在一个 composer.phar安装是否应该在生产服务器上，或在可以审查事情的临时服务器上进行争论。这不是这个答案的范围。我只是指出如何 composer.phar install ，而不安装dev依赖。

Offtopic

- optimize-autoloader 标志在生产时可能还需要class-map，它将加速你的应用程序中的自动加载）：

  composer.phar install --no-dev --optimize- autoloader 
  

或者当自动部署完成时：

  composer.phar install --no-ansi --no-dev --no-interaction --no-progress --no-scripts --optimize-autoloader 
  

Composer has the option to load several dependencies only while being in development, so the tools will not be installed in production (on the live server). This is (in theory) very handy for scripts that only make sense in development, like tests, fake-data-tools, debugger, etc.

The way to go is to add an additional require-dev block with the tools you need in dev:

"require-dev": {
    "codeception/codeception": "1.6.0.3"
}

and then (theoretically) load these dependencies via

composer install --dev

Problem & Question:

Composer has changed the behaviour of install and update dramatically in 2013, require-dev-dependencies are now installed by default (!), feel free to create a composer.json with a require-dev block and perform an composer install to reproduce.

As the most accepted way to deploy is to push the composer.lock (that holds your current composer setup) and then do an composer install on the production server, this will also install the development stuff.

What's the correct way to deploy this without installing the -dev dependencies ?

_{Note: I'm trying to create a canonical Q/A here to clarify the weird Composer deployment. Feel free to edit this question.}

解决方案

Why

There is IMHO a good reason why Composer will use the --dev flag by default (on install and update) nowadays. Composer is mostly run in scenario's where this is desired behavior:

The basic Composer workflow is as follows:

• A new project is started: composer.phar install --dev, json and lock files are commited to VCS.
• Other developers start working on the project: checkout of VCS and composer.phar install --dev.
• A developer adds dependancies: composer.phar require <package>, add --dev if you want the package in the require-dev section (and commit).
• Others go along: (checkout and) composer.phar install --dev.
• A developer wants newer versions of dependencies: composer.phar update --dev <package> (and commit).
• Others go along: (checkout and) composer.phar install --dev.
• Project is deployed: composer.phar install --no-dev

As you can see the --dev flag is used (far) more than the --no-dev flag, especially when the number of developers working on the project grows.

Production deploy

What's the correct way to deploy this without installing the "dev" dependencies?

Well, the composer.json and composer.lock file should be committed to VCS. Don't omit composer.lock because it contains important information on package-versions that should be used.

When performing a production deploy, you can pass the --no-dev flag to Composer:

composer.phar install --no-dev

The composer.lock file might contain information about dev-packages. This doesn't matter. The --no-dev flag will make sure those dev-packages are not installed.

When I say "production deploy", I mean a deploy that's aimed at being used in production. I'm not arguing whether a composer.phar install should be done on a production server, or on a staging server where things can be reviewed. That is not the scope of this answer. I'm merely pointing out how to composer.phar install without installing "dev" dependencies.

Offtopic

The --optimize-autoloader flag might also be desirable on production (it generates a class-map which will speed up autoloading in your application):

composer.phar install --no-dev --optimize-autoloader

Or when automated deployment is done:

composer.phar install --no-ansi --no-dev --no-interaction --no-progress --no-scripts --optimize-autoloader

这篇关于如何在使用Composer的开发/生产开关时正确部署？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！