Managing Dependencies
Composer is the official dependency manager for PHP. It allows to manage (download, install, upgrade, configure, and remove) the libraries a project depends on.
If you want the platform to use Composer to manage your dependencies, make sure
to include both the composer.json
and the composer.lock
files in your
codebase.
Declaring Dependencies
The dependencies required by your application must be declared in a file named
composer.json
, stored at the root of your codebase. The format is described
in the Composer documentation.
Once your dependencies have been defined and declared, their versions must be
frozen to ensure a precise version of the application will always be deployed
with the same compatible set of Composer packages. This allows for better
reproducibility and consistency across environments. These versions are written
in a file named composer.lock
, also stored at the root of your project.
Use Composer itself on your local computer (or in your CI/CD pipeline) to
generate the composer.lock
file:
$ composer install
To upgrade a dependency, run the following command (in the example below, we
ask Composer to upgrade slim
):
$ composer update slim/slim
In some circumstances, it can be convenient to add either the
--ignore-platform-req=
or the --ignore-platform-reqs
flag to the above
commands.
After each command, the composer.lock
file is automatically updated. Don’t
forget to commit the modifications!
Managing Private Dependencies
If you want to install a private dependency, you need to define the
COMPOSER_AUTH
environment variable, as specified in
the Composer documentation.
For a private dependency hosted on GitHub, the COMPOSER_AUTH
environment
variable should contain:
{
"github-oauth": {
"github.com": "MY-TOKEN"
}
}
MY-TOKEN
must be replaced with a valid access token (OAuth token) for your
GitHub account.
Such a token can be generated from your GitHub account. For more details about GitHub access tokens, please refer to their comprehensive documentation.
Specifying the Composer Version
You can select the Composer version to install by specifying it in your
composer.json
:
{
"extra": {
"paas": {
"engines": {
"composer": "2.x"
}
}
}
}
Scalingo currently supports the following versions of Composer:
2.8.1
2.7.9
2.6.6
-
2.2.24
(LTS)
Working with Composer Environments
By default, Scalingo considers that your application runs in production mode.
This means that composer install
automatically runs with the --no-dev
flag.
As a result, won’t install the development dependencies of your application, if
any.
Set the COMPOSER_DEV
environment variable to true
if you would like to run your application with these
development dependencies installed (e.g. to debug your app).
In addition to the --[no-]dev
flag, the platform always runs
composer install
with the --prefer-dist
and --optimize-autoloader
flags.