In a new post to the Engine Yard blog Nils Adermann provides an overview of using Composer with continuous integration, its role in the overall process and some good practices to follow in its use.
Continous Integration (CI) is the practice of continuously (and automatically) testing every change a developer makes. So automated tests become an integral part of the development process providing direct feedback on changes made. [...] Davey Shafik's article on Composer's Lock File explains the typical usage of composer install and update. The key takeaway is that developers should run composer update manually to explicitly update individual dependencies while composer install should be used in automated processes. This principle includes automated test environments.
He points out that using the lock file method reproduces the vendor directory exactly as it is in production and what it means for failures in your automated tests. He also talks about methods to improve the build performance to reduce time spent during the generation of the environment, including the use of the Composer cache data. He includes a few flags you can pass to Composer to reduce not only the libraries it installs but also how it fetches their contents.