在本地使用 Composer 然后通过 FTP 上传文件

2022-01-21 00:00:00 php composer-php

有点奇怪的设置,但遇到了一个项目,其中 Composer 已在本地环境中用于启动项目.最初的开发者没有 ssh 访问生产服务器,因此他在本地使用 Composer 并使用 FTP 将供应商"目录从他的桌面上传到服务器.

Bit of a strange set up but have come across a project where Composer has been used in a local environment to get a project started. The original developer did not have ssh access to the production server therefore he used Composer locally and uploaded the 'vendor' directory from his desktop to the server using FTP.

我现在需要添加 PHPMailer 包,所以在我的 Mac 上本地完成了以下操作:

I now need to add the PHPMailer package so have done the following locally on my Mac:

cd Desktop/
composer require phpmailer/phpmailer

这在我的桌面上创建了以下结构:

This has created the following structure on my desktop:

Desktop/composer.json
Desktop/composer.lock
Desktop/vendor/autoload.php
Desktop/vendor/composer/*
Desktop/vendor/phpmailer/*

我需要通过 FTP 上传哪些文件?我意识到 vendor/phpmailer/* 是我想要的包,所以需要上传.

Which of these do I need to upload through FTP? I realise vendor/phpmailer/* is the package I want, so will need uploading.

其他人呢?我已经配置了一个自动加载器,所以这里不需要猜测 vendor/autoload.php 吗?

What about the others? I already have an autoloader configured so guessing vendor/autoload.php is not required here?

composer.json 我可以将包添加到已经存在的包中,例如

composer.json I could add the package to what's already there, e.g.

"require": {
    *other packages here*
    "phpmailer/phpmailer": "^5.2"
}

但我不确定这是否有必要,因为我不会在服务器上使用 ssh/Composer 来运行任何更新?

But I wasn't sure if that's necessary because I'm not going to be using ssh/Composer on the server to run any updates?

推荐答案

通常的工作流程是:

  1. 从版本控制中签出当前版本.
  2. 通过命令行添加依赖composer require new/package.
  3. 这将下载新包并更新自动加载.
  4. 在本地或在测试网站环境中测试结果.
  5. 如果对结果满意,请将整个文件夹上传到生产服务器.

这个一般工作流程可能有几个例外:

There may be several exceptions from this general workflow:

ad 1:如果没有版本控制,您可能最好立即启动本地 git 存储库,并将当前生产状态作为第一次提交下载到其中.没有版本控制会让事情变得更难,尤其是回到已知的工作版本.而且由于生产服务器上的文件可能不受管理,您还需要将 vendor 文件夹签入新创建的版本控制,以避免取消对这些文件所做的任何更改.

ad 1: If there is no version control, you'd probably better of starting a local git repo right now, and download the current production state into it as the first commit. Not having version control will make things harder, especially going back to known working versions. And because the files on the production server are probably unmanaged, you'd also check in the vendor folder into your newly created version control just to avoid canceling any changes that had been made to these files.

ad 2:如果您知道自己在做什么,手动编辑 composer.json 文件有时是获得所需内容的更快方法,但您必须正确编辑 JSON.对我来说,如果我已经准备好命令行,通常太麻烦了.该命令还将选择适合已安装依赖项的匹配版本.手动编辑可能会导致您必须解决的版本冲突.请记住仅安装适用于生产环境中 PHP 版本的依赖项.您可能应该运行 composer config platform.php XYZ 以便将 PHP 的生产版本添加到 composer.json 文件中,这会阻止 Composer 根据您的安装依赖版本开发PHP.添加 -g 开关会将此设置添加到您的全局(用户)设置中,这将影响您启动的所有 composer 操作,也适用于其他项目.

ad 2: Manually editing the composer.json file sometimes is a faster way to get what you want if you know what you are doing, but you'd have to correctly edit the JSON. For me it usually is too much hassle if I already have a command line ready. The command will also select a matching version that fits into the already installed dependencies. Manual editing may lead to version conflicts that you'd have to untangle. Remember to only install dependencies that work with the PHP version in production. You probably should run composer config platform.php X.Y.Z in order to add the production version of PHP into the composer.json file, which prevents Composer from installing dependency versions based on your development PHP. Adding the -g switch will add this setting to your global (user) setting instead, which will affect all composer operations you start, also for other projects.

ad 3:手动编辑将要求您在命令行上运行 composer update,因此可能没有理由不执行 composer require.

ad 3: Manual editing will require you to run composer update on the command line, so there's probably no reason to not do composer require instead.

ad 4:如何做到这一点完全取决于您必须使用的环境.

ad 4: How this could be done is entirely dependent on what environment you have to work with.

ad 5:在这个阶段,您已经组装了创建工作网站所需的所有文件.除非上传以某种方式失败,否则将它们上传到生产将始终导致网站正常工作.如果您担心 FTP 不可靠,您也可以使用一些先上传到临时文件夹,然后在服务器上移动"的方法.有些人采取了不同的方法:他们在生产服务器上有一个 git 存储库,他们只是将应该上线的版本推送到该远程存储库.一些 post-push 脚本会运行 composer install.这种自动化方法也可以工作(但不使用 FTP),但在部署过程中出现故障的风险更高,并且可能没有简单的方法回到以前的情况.

ad 5: At this stage you have assembled all files necessary to create a working website. Uploading them to production will always result in a working website unless the upload fails somehow. You could also use some "upload first to temporary folder, then move on the server" approach if you fear FTP would be unreliable. Some people take a different approach: They have a git repository on the production server and they simply push the version that should go live onto that remote repo. Some post-push scripts will run composer install then. This automated approach will also work (but not using FTP), but has the higher risk of something failing during deployment, and probably has no easy way back to the previous situation.

所以最后我会说通过 FTP 上传整个文件夹结构(嗯,该协议本身是不安全的,最好用 FTPS(带 SSL 的 FTP)、SFTP 或 SCP 替换它)比运行 Composer 更好生产服务器.

So in the end I'd say that uploading the whole folder structure via FTP (well, that protocol is insecure itself, better replace it with FTPS (FTP with SSL), SFTP or SCP) is better compared to running Composer on the production server.

您关于要上传哪些文件夹的具体问题:所有这些.特别是上传整个 vendor 文件夹.它包含当前的自动加载器和软件需要的所有依赖包.如果您工作正常,您下载了现有的 composer.jsoncomposer.lock 文件以及其他所有文件,并向其中添加了新的依赖项.这已经更改了这两个文件,将新包添加到 vendor 文件夹并将类添加到自动加载器.

Your specific question regarding which folders to upload: All of them. Especially upload the whole vendor folder. It contains the current autoloader and all dependency packages the software needs. If you worked correctly, you downloaded the existing composer.json and composer.lock file together with everything else and added the new dependency to it. This has changed both these files, added the new package to the vendor folder and the classes to the autoloader.

不要只上传 vendor 文件夹的一部分,或者手动编辑自动加载的组件.如果您在某些方面做得不正确,您只会给后面的开发人员带来惊喜,而且还需要更多时间.Composer 是一个非常好的管理依赖项的工具 - 使用它!

Don't fiddle with uploading only parts of the vendor folder, or manually editing a component of the autoloading. You will only create surprises for the developer coming after you if you do some aspect incorrectly, and it also takes more time. Composer is a very good tool to manage dependencies - use it!

相关文章