I used How to require a fork with composer and https://getcomposer.org/doc/05-repositories.md#vcs to come up with the composer.json file below. I forked a lib to update the composer.json file and it is not loading mine. It is loading the original repo.
"repositories": [{
"type": "vcs",
"url": "https://github.com/Dylan-Buth/gopher"
}],
"require": {
"laravel/framework": "~5.0",
"indatus/gopher": "1.*"
},
Even after you fork the repository, composer will still try to resolve version 1.*. So it will get your forked repository, but it will look up the latest 1.* version. Even if you put * as the version requirement, it will still get the latest tag, not the latest commit.
If you want the latest commit, you can put dev-master as the required version string. Alternatively you could modify the composer.json in your forked package to "alias" the version you want:
{
"extra": {
"branch-alias": {
"dev-master": "1.1"
}
}
}
Related
I made an improvement (PR not merged yet) to an upstream library, guzzlehttp/psr-7, that's a dependency of another package that I depend on, spatie/crawler.
To force Composer to use my package instead of the upstream package, I tried the following:
I branched my fork of the library (branch name: cache-to-string) and updated its composer.json:
"name": "benmorel/guzzle-psr7",
"replace": {
"guzzlehttp/psr7": "1.6.*"
}
I updated my project's composer.json to use my fork instead:
"repositories": [
{
"type": "vcs",
"url": "https://github.com/BenMorel/psr7"
}
],
"require": {
"benmorel/guzzle-psr7": "dev-cache-to-string"
}
And ran composer update, which fails with the following error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
The requested package benmorel/guzzle-psr7 could not be found in any version, there may be a typo in the package name.
How to fix this?
You don't need to change package name in your fork. You don't need to change composer.json of your fork at all. All you need is to add your fork to repositories section and change constraint of required package to use your dev branch:
"repositories": [
{
"type": "vcs",
"url": "https://github.com/BenMorel/psr7"
}
],
"require": {
"guzzlehttp/psr7": "dev-cache-to-string as 1.6.1"
}
Composer will override original guzzlehttp/psr7 package by version from your repository.
Using alias for branch may be required if some other package require guzzlehttp/psr7 - dev-cache-to-string will not match ^1.4. If you use dev-cache-to-string as 1.6.1 as a constraint, your branch will be detected as 1.6.1 release.
At the company I'm currently working we've recently started to move our code into different private repositories so that it's more maintainable and reusable (and also to make it easier to open-source it later).
Every PHP repository is also a Composer package that can be required in our project whenever we need it.
At the moment there's an issue with this approach: every time we need a package that depends on other packages we need to specify those also in the root composer.json.
For example, let's say that the in the root composer.json we need to require two packages company\b and company\c, and that the package company\c needs another package company\d. Then the resulting root composer.json will look like this:
{
"require": {
"company/b": "dev-master",
"company/c": "dev-master",
"company/d": "dev-master"
},
"autoload": {
"psr-4": {
"Company\\" : "src\Company"
}
},
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:company/b.git"
},
{
"type": "vcs",
"url": "git#bitbucket.org:company/c.git"
},
{
"type": "vcs",
"url": "git#bitbucket.org:company/d.git"
}
]
}
Is there a way to avoid specifying nested dependencies in the root composer.json and use the ones specified in the composer.json in every package?
Edit:
Everything I stated before is valid only for the private packages. If a package, let's say company\b, needs a public package that can be found on Packagist then that dependency CAN be specified in the company\b composer.json and it will be imported.
As you correctly found out, only the root package can add repository metadata to the collection of known packages.
I would suggest you take a look at Satis to create a local Composer repository. This would only require you to add this single repository to all your composer.json files of all packages, and it will be used as an updatable source of knowledge about all your private repositories. You no longer have to add a list of Git repos everywhere.
I am successfully hosting around 120 internal packages for our IT enterprise that way. Take this as a sign that once you start splitting isolated tasks into a package, you will get more of them pretty fast.
Also note that it is important to take versioning seriously. Stop depending on branches - tag your software, make releases, use semantic versioning. If you don't, things will break at some point, and people will curse you (correct) or Composer (incorrect) for not working or messing things up.
After a quick search and a look at the Composer documentation I discovered that the repositories can only be specified in the root composer.json.
Additionally it's possible to specify in the root composer.json whether to allow or not development versions of the packages using:
"minimum-stability": "dev",
"prefer-stable": true
Also this issue on GitHub was really useful.
I'm including a private git repository via composer, and it's loading as expected from bitbucket, however I have codeception defined as a public dependency in my private package.
My private package is loaded, but none of it's dependencies are added. I have read that composer does not support recursive loading of dependancies when using repositories: https://getcomposer.org/doc/faqs/why-can%27t-composer-load-repositories-recursively.md
However my understanding of this is that my private repository can't define another private repository, but should still be able to make use of public repositories defined on packagist.org
Private repositories composer.json:
{
"name": "private/dependancy",
"description": "Private git dependency",
"type" : "library",
"require-dev": {
"codeception/codeception": "*"
}
}
Project's composer.json (Trimmed down to relevant sections)
{
"name": "primary/project",
"description": "Main project including a vcs dependancy",
"require": {
"private/dependancy" : "0.0.*"
},
"repositories":[
{
"type" : "vcs",
"url" : "some repo",
"options": {
"ssh2": "some crednetials"
}
}
]
}
Any guidance on this would be greatly appreciated.
Composer will not install dev-dependencies of the packages you require yourself.
Your primary/project requires private/dependency, which does not require anything else. Anything listed as require-dev is not installed, because that is considered to be used when developing private/dependency, not when using it.
Another thing that only get's evaluated when running Composer on the primary composer.json and not explicitly excluding dev dependencies is "autoload-dev".
composer install --no-dev
will not install ANY dev dependencies and not create autoloading for dev.
composer install
will install dev dependencies of the primary project, and create autoloading for dev - it will never install dev dependencies of any of the packages added via require or require-dev, and not add their autoload-dev.
I have two projects on a private GitHub account - one is a library, and the other my application.
I want to include my library into my application.
My library's composer.json looks like this:
{
"name": "andyw/mylibrary",
"description": "My Library",
"license": "proprietary",
"homepage": "https://github.com/andyw/mylibrary",
"require": {
"php": ">=5.5.0",
"monolog/monolog": "1.*",
"guzzle/guzzle": "3.*",
"aws/aws-sdk-php": "2.*",
"nixilla/twitter-api-consumer": "*",
"webignition/robots-txt-file": "dev-master",
"webignition/robots-txt-parser": "dev-master",
"pusher/pusher-php-server": "*",
"symfony/validator": "2.*"
},
"require-dev": {
"phpunit/phpunit": "3.*"
},
"autoload": {
"psr-0": {
"": "src/"
}
}
}
Running composer update on that project installs the dependencies just fine. So far, so good.
Now this is my application's composer.json:
{
"name": "andyw/myapp",
"type": "project",
"description": "My application",
"homepage": "https://github.com/andyw/myapplication",
"license": "proprietary",
"repositories": [
{
"type": "git",
"url": "git#github.com:andyw/myapplication.git"
}
],
"require": {
"php": ">=5.5.0",
"andyw/mylibrary": "dev-master",
"facebook/php-sdk-v4": "4.0.*",
"silex/silex": "~1.1",
"monolog/monolog": "~1.6",
"twig/twig": "~1.14",
"doctrine/dbal": "~2.4",
"nesbot/Carbon": "~1.6",
"aws/aws-sdk-php": "2.*",
"jms/serializer": "0.15",
"symfony/validator": "2.*",
"jdesrosiers/silex-cors-provider": "~0.1.2",
"swiftmailer/swiftmailer": ">=4.1.2,<4.2-dev",
"fzaninotto/faker": "~1.4"
},
"require-dev": {
"mockery/mockery": "~0.8.0"
},
"autoload": {
"psr-0": {
"App": "src/"
}
}
}
Running composer update on that project fails. Adding the --verbose flag gives this output:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for andyw/mylibrary dev-master -> satisfiable by andyw/mylibrary[dev-master].
- andyw/mylibrary dev-master requires webignition/robots-txt-file dev-master -> no matching package found.
If mylibrary can install webignition/robots-txt-file dev-master, why can't it be installed as a dependency of a dependency? How can I fix this?
FYI: None of my repos are public and I've changed the names of my packages/files for privacy reasons.
Never never never never depend on branches! Always use a tagged version. This is the most important rule when using Composer.
Branches are moving targets. If anyone commits something new, this will move the pointer to the software's state that you were using, and you cannot easily find this state again. Also, branches are considered development-stability, and the only package that can set stability is the root application package. Libraries that depend on other packages in dev stability are a very bad idea because they force the root application to explicitly allow development stability.
This is extremely bad in the long run. It will make your software unmaintainable to the point where using Composer will always fail, break stuff, and you start wondering why everyone keeps using it (hint: they are not depending on branches).
Now here's the thing:
webignition/robots-txt-file has tagged versions: 0.1 and 0.2, and the 0.2 is exactly at the same commit as the master branch. Just use that!
The same is true for webignition/robots-txt-parser, but here you have version 1.0, 1.0.1 and 1.0.2, and the master branch is exactly version 1.0.2.
You should be able to simply update to these versions. If that does not work because your software relies on an older version of the master branch, you are experiencing the exact problem when depending on branches: Your library told me that dev-master is ok, and when I look at the packages' repo, dev-master is version 0.2 or 1.0.2 respectively, and I'd expect it to work. If you do explicitly point to something like 0.1 and 1.0.1, this is unlikely to change over time and will always be a working combination.
Note that it is a good idea to check if the external package developers use semantic versioning, and then use an appropriate wildcard selector for a version range. Allowing some slack in versions will make multiple packages depending on the same third package to agree on a common version easier.
I would like to use jquery DataTables within my project. Since the package is not available in Packagist, I am trying to use composer to clone the git repo of DataTables but it fails. Please advise how to proceed:
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/DataTables/DataTables"
}
],
"require": {
"DataTables/DataTables": "master"
}
}
Then composer update returns:
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package datatables could not be found in any version, there
may be a typo in the package name.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your min
imum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> f
or more details.
Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common
problems.
I would further like to clone/download a specific version of the repo.
Old question and answer, however:
The error is not in the name of the package (that is indeed DataTables/DataTables) but in the indication of the stability. If you want the 'master' branch, you need to write 'dev-master' in composer and the stability level is dev. Otherwise require a specific tag.
In your case:
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/DataTables/DataTables"
}
],
"require": {
"DataTables/DataTables": "dev-master"
}
}
will work as expected:
root#erme:/usr/local/munk_php/jquerydatatables# composer install
Loading composer repositorInstalling dependencies (including require-dev)
- Installing datatables/datatables (dev-master 96b7ef9)
Cloning 96b7ef9176543bbf1f1488c0f9538ad9dcc9bc01
Writing lock file
Generating autoload files
The package name in https://github.com/DataTables/DataTables/blob/master/component.json isn't DataTables/DataTables
Try
"require": {
"DataTables": "dev-master"
}