使用 Composer 的开发/生产切换时如何正确部署?

2021-12-26 00:00:00 deployment php composer-php

Composer 可以选择仅在开发过程中加载多个依赖项,因此这些工具不会安装在生产中(在实时服务器上).这(理论上)对于仅在开发中有意义的脚本非常方便,例如测试、假数据工具、调试器等.

Composer has the option to load several dependencies only while being in development, so the tools will not be installed in production (on the live server). This is (in theory) very handy for scripts that only make sense in development, like tests, fake-data-tools, debugger, etc.

要走的路是添加一个额外的 require-dev 块,其中包含您在 dev 中需要的工具:

The way to go is to add an additional require-dev block with the tools you need in dev:

"require-dev": {
    "codeception/codeception": "1.6.0.3"
}

然后(理论上)通过

composer install --dev

问题&问题:

Composer 在 2013 年显着改变了 installupdate 的行为,require-dev-dependencies 现在默认安装(!), 随意创建一个带有 require-dev 块的 composer.json 并执行 composer install 来重现.

Problem & Question:

Composer has changed the behaviour of install and update dramatically in 2013, require-dev-dependencies are now installed by default (!), feel free to create a composer.json with a require-dev block and perform an composer install to reproduce.

最普遍的部署方式是推送 composer.lock(保存您当前的 composer 设置),然后在生产服务器上执行 composer install,这也将安装开发的东西.

As the most accepted way to deploy is to push the composer.lock (that holds your current composer setup) and then do an composer install on the production server, this will also install the development stuff.

安装 -dev 依赖项的正确部署方法是什么?

What's the correct way to deploy this without installing the -dev dependencies ?

注意:我试图在这里创建一个规范的问答来澄清奇怪的 Composer 部署.随意编辑这个问题.

推荐答案

为什么

恕我直言,现在 Composer 将默认使用 --dev 标志(在安装 和 更新时)是有充分理由的.Composer 主要在需要这种行为的场景中运行:

There is IMHO a good reason why Composer will use the --dev flag by default (on install and update) nowadays. Composer is mostly run in scenario's where this is desired behavior:

基本的 Composer 工作流程如下:

The basic Composer workflow is as follows:

  • 启动一个新项目:composer.phar install --dev,将json和lock文件提交给VCS.
  • 其他开发人员开始参与该项目:签出 VCS 和 composer.phar install --dev.
  • 开发者添加依赖:composer.phar require ,如果你想要require-dev中的包,添加--dev代码>部分(并提交).
  • 其他人继续:(结帐和)composer.phar install --dev.
  • 开发人员想要更新版本的依赖项:composer.phar update --dev (并提交).
  • 其他人继续:(结帐和)composer.phar install --dev.
  • 项目已部署:composer.phar install --no-dev
  • A new project is started: composer.phar install --dev, json and lock files are commited to VCS.
  • Other developers start working on the project: checkout of VCS and composer.phar install --dev.
  • A developer adds dependancies: composer.phar require <package>, add --dev if you want the package in the require-dev section (and commit).
  • Others go along: (checkout and) composer.phar install --dev.
  • A developer wants newer versions of dependencies: composer.phar update --dev <package> (and commit).
  • Others go along: (checkout and) composer.phar install --dev.
  • Project is deployed: composer.phar install --no-dev

如您所见,--dev 标志的使用(远)多于 --no-dev 标志,尤其是当开发人员的数量较多时项目成长.

As you can see the --dev flag is used (far) more than the --no-dev flag, especially when the number of developers working on the project grows.

生产部署

在不安装dev"的情况下部署它的正确方法是什么?依赖?

What's the correct way to deploy this without installing the "dev" dependencies?

好吧,composer.jsoncomposer.lock 文件应该提交给 VCS.不要省略 composer.lock,因为它包含有关应该使用的包版本的重要信息.

Well, the composer.json and composer.lock file should be committed to VCS. Don't omit composer.lock because it contains important information on package-versions that should be used.

在执行生产部署时,您可以将 --no-dev 标志传递给 Composer:

When performing a production deploy, you can pass the --no-dev flag to Composer:

composer.phar install --no-dev

composer.lock 文件可能包含有关开发包的信息.这没关系.--no-dev 标志将确保未安装这些开发包.

The composer.lock file might contain information about dev-packages. This doesn't matter. The --no-dev flag will make sure those dev-packages are not installed.

当我说生产部署"时,我指的是旨在用于生产的部署.我不是在争论 composer.phar install 是否应该在生产服务器上完成,或者在可以审查事情的临时服务器上完成.这不是这个答案的范围.我只是指出如何在不安装dev"的情况下composer.phar install依赖.

When I say "production deploy", I mean a deploy that's aimed at being used in production. I'm not arguing whether a composer.phar install should be done on a production server, or on a staging server where things can be reviewed. That is not the scope of this answer. I'm merely pointing out how to composer.phar install without installing "dev" dependencies.

离题

--optimize-autoloader 标志在生产环境中也可能是可取的(它会生成一个类映射来加速应用程序的自动加载):

The --optimize-autoloader flag might also be desirable on production (it generates a class-map which will speed up autoloading in your application):

composer.phar install --no-dev --optimize-autoloader

或者在自动部署完成后:

Or when automated deployment is done:

composer.phar install --no-ansi --no-dev --no-interaction --no-plugins --no-progress --no-scripts --optimize-autoloader

如果您的代码库支持它,您可以将 --optimize-autoloader 换成 --classmap-authoritative.更多信息这里

If your codebase supports it, you could swap out --optimize-autoloader for --classmap-authoritative. More info here

相关文章