News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

VG Tech Blog:
Using Local Packages as Composer Dependencies
November 25, 2014 @ 09:16:45

On the VG Tech blog this latest post shows you how to use local packages as dependencies in your Composer-enabled applications.

Composer changed pretty much everything when it comes to including dependencies in PHP projects. No more SVN externals or copying large library folders into your project. This is really great, but there's one thing I've been struggling to find a smooth process for; developing dependencies for your project. When implementing your project, the need for some module, library, service provider or something else will arise, and sometimes you'll have to implement it yourself. So, how to do that?

He starts with a list of three suggestions (including actually having the code in the project or mirroring the package) but suggests the last of the three: using a repository with a relative file system setup. He uses the "repositories" configuration option in the Composer config to define a "vcs" type and gives it a path to the package contents. He ends the post with the resulting output of the Composer install command, showing the package pulled in and being able to commit to it just like any other repo.

0 comments voice your opinion now!
local package composer dependencies tutorial repository

Link: http://tech.vg.no/2014/11/25/using-local-packages-as-composer-dependencies/

SitePoint PHP Blog:
Private Composer Packages with Gemfury
November 12, 2014 @ 10:05:32

The SitePoint PHP blog has a new post today introducing you to an alternative for hosting your own PHP packages privately using the Gemfury service. Gemfury is a hosted (PaaS) tool that lets you host packages (and not just Composer/PHP ones) without the need to have them public on Packagist.

Composer works effectively and seamlessly in conjunction with Packagist, a comprehensive repository of public packages. However, sooner or later the time will come when you've written your own package which, for whatever reason, cannot be open-sourced and shared freely via Packagist. There are a few options for hosting these private packages [like adding them manually, Satis or Toran Proxy]. [...] Gemfury is a PaaS alternative. Aside from the peace-of-mind that comes from a hosted solution - albeit one which comes at a price - one huge advantage is that it supports not just PHP Composer packages, but Ruby Gems, Node.js npm, Python PyPi, APT, Yum and Nu-Get.

He spends the rest of the article walking you through the creation of an account (with the 14-day free trial) and how to create a new package that will be pushed to the service. He adds one dependency (Faker) and a bit of code for the push. He shows how to add the git remote for the Genfury service, tag a release and deploy the result out to the service. He updates this by showing how to take that same repository and making it private, requiring a "secret code" to be able to access. He ends the post with a quick mention of other methods to work with the Genfury service including their own command line tool, fury.

0 comments voice your opinion now!
composer package private gemfury tutorial paas hosted

Link: http://www.sitepoint.com/private-composer-packages-gemfury/

Peter Petermann:
Building better project skeletons with Composer
November 06, 2014 @ 11:26:54

Peter Petermann has (re)posted an article he wrote about building better project skeletons with Composer and automate the process to make your life easier.

The more you use modern frameworks and the more modular you build your PHP applications, the more likely you'll use a skeleton (or template) for creating new projects. In fact, most of the better known frameworks provide skeletons for you to bootstrap your application with. Those skeletons are great to get started, but it's very likely you'll have your own stack of composer packages that you integrate in each project after a while. Each skeleton will be slightly different, so you'll likely fork your own. This article is meant to provide you with an understanding on how to build a skeleton that will allow you to automate things as far as possible.

He starts with some of the basics, both in the terminology that will be used in the article and a little bit about projects in Composer. He shows how the Zend Framework 2 project makes uses of a built-in "composer.phar" file to make bootstrapping easier but soon asks how it could be improved. The answer comes in the form of Composer's own "create-project" functionality (with a few additions, like cleanup scripts run after the fact). He then gets into building his own custom skeleton that includes a custom post-create-project cleanup script, templates for static files (README, CHANGELOG, etc) and a basic "composer.json" configuration for the end result.

0 comments voice your opinion now!
tutorial custom project skeleton composer application

Link: http://devedge.wordpress.com/2014/11/05/building-better-project-skeletons-with-composer-2/

Phil Sturgeon:
Composer It's ALMOST Always About the Lock File
November 05, 2014 @ 11:44:49

In his latest post Phil Sturgeon talks about a point that's been argued on both sides of the Composer users out there - whether or not to commit the "composer.lock" file. Phil talks some about it in his article and suggests that you should commit it for applications but not for components.

If you and your employees are a little vague with your composer.json specifications and you don't have a composer.lock then you can end up on different versions between you. Theoretically, if component developers are using SemVer and you're being careful then you should be fine, but keeping your lock in version control will make sure that the same version is on your dev teams computers. This will happen every time you run $ composer install. If you are on Heroku or EngineYard then this will be used for the deployment of your production components as a built in hook, which is awesome.

He mentions an article from Davey Shafik, this being his reaction to it. He suggests, though, that an absolute of "always commit for components" may be too much and could potentially cause other problems. He points out that since the "composer.lock" handling is local to the directory, you can hit up against version requirement issues between them in your application as a whole. He wonders "how strict is too strict" when defining dependencies and some things to think about (like your users) when making the choice to upgrade the libraries you use.

0 comments voice your opinion now!
composer composerlock file commit version semanticversioning semver component application

Link: https://philsturgeon.uk/blog/2014/11/composer-its-almost-always-about-the-lock-file

BitExpert Blog:
Security Checker Phing Task
November 04, 2014 @ 12:40:35

Stephan Hochdörfer has a quick post to the BitExpert blog sharing a new tool he's created to help integrate the checks against the SensioLabs Advisories Checker into the Phing build system as a custom task.

About a year and a half ago Fabien Potencier announced the PHP Security Advisories Database initiative. Part of the initiative the SensioLabs Security Advisories Checker (beta) website came to life. The website and the api behind it makes it very easy to check your composer.lock file for dependencies which "have issues". Either upload your composer.lock file to the website or use the CLI tool to communicate with the api directly. About 2 weeks ago Fabien took the next step forward and announced that the Security Advisories Database is distributed as public domain and as such can now be "controlled" by the community. To compliment Fabien's move I decided to put the Security Checker Phing task which I built for us a few months ago out in the wild.

The custom task is easily installed via Composer (instructions included) right along side Phing, also installable via the same method. He also includes the markup and configuration to have the task read your "composer.lock" file and execute the checks against the service.

0 comments voice your opinion now!
phing, task, custom, sensiolabs, security, checker, composer

Link: http://blog.bitexpert.de/blog/security-checker-phing-task/

Rafael Dohms:
Installing Composer Packages
October 14, 2014 @ 12:04:58

Maybe you've heard about Composer and how it makes working with PHP libraries and packages easier. There's lots of articles (besides the project documentation) that can help you get started but Rafael Dohms has just shared an excellent overview of versioning and the features the tool makes available to fine tune your requirements to just the right level.

I have been putting together a new talk about Composer, and that means looking around the community, doing loads of research and trying to identify the items that need to be covered in a talk. Mostly I have been trying to identify things that people do on a regular basis that according to composer internals is either wrong or not ideal. One such thing that I have found is the proper selection of versions, and that also led me to find a new feature in composer that makes everyone's life so much easier. So let me break this down.

He starts with a look at the selection of the actual version you'll need and how Composer treats each type of version match (strict vs wildcards vs a mix of the two). He shows an example of adding one of these version strings to a "composer,json" file, both manually and via a command line call.

0 comments voice your opinion now!
composer version package require install tutorial

Link: http://blog.doh.ms/2014/10/13/installing-composer-packages/

Matthias Noback:
Composer "provide" and dependency inversion
October 06, 2014 @ 09:53:20

Matthias Noback has a new post today responding to a recent post talking about virtual packages with Composer (using "provide") and some of his own thoughts of how it relates to dependency inversion.

This is a response to Peter Petermann's article Composer and virtual packages. First, let's make this totally clear: I don't want to start an Internet war about this, I'm just pointing out some design issues that may arise from using Composer's provide option in your package's composer.json file. [...] Yes, if a user wants to run the code in your library, they need to have some class that implements [the "provides" requirement]. But no, this shouldn't be reflected in the dependencies of the library. Let me explain this by taking a look at the Dependency inversion principle.

He gives an example of using a specific package for logging (the Zend logger) and how that hard-coded dependency can be refactored out using one of two methods: either a custom interface or one described elsewhere. Getting back to "provide", he lists some reasons why he thinks that defining the interface itself in the Composer configuration is a good idea. These include:

  • Strictly speaking (as in, would the code compile), the code from the library itself [...] just needs the LoggerInterface (which happens to be in the psr/log package).
  • By depending on an implementation package, you basically undo any effort you made to depend on abstractions and not on concretions.
  • Some day, someone may decide to introduce another virtual package, called the-real-psr/log-implementation.
  • The notion of an "implementation package" is really vague. What does it mean for a package to be an implementation package.

Each of the reasons has a bit of description to go along with it. He also points out an interesting example where the package actually knows about existing virtual package, the DoctrinePHPCRBundle and its use of "jackalope" and "phpcr".

0 comments voice your opinion now!
composer dependency inversion provide configuration interface

Link: http://php-and-symfony.matthiasnoback.nl/2014/10/composer-provide-and-dependency-inversion/

SitePoint PHP Blog:
Using the Google Analytics API with PHP Logging In
October 02, 2014 @ 09:47:08

The SitePoint PHP blog has a new tutorial posted from Younes Rafie showing you how to use the Google Analytics API from PHP (part one of a series) using the Google PHP API client library to make the connection.

In this series, we're going to see how we can use the Google Analytics API to interact with our Google Analytics data via PHP. [...] In this article we're going to build an app that looks like Google Analytics Explorer, but to make it short, we're going to limit the functionality and discuss how we can extend our demo.

He starts with an overview of the different parts of the Google Analytics APIs including the metadata and real-time reporting systems. In the tutorial he'll be combining several of these to provide all the data needed. After walking you through the creation of a Google developer account, he starts in on the code. With credentials in hand and the library installed via Composer, he shows how to make the connection, check if it's logged in and makes a simple "home" controller that handles the login and OAuth validation process.

0 comments voice your opinion now!
google analytics api login oauth composer tutorial library

Link: http://www.sitepoint.com/using-google-analytics-api-php-logging/

Peter Petermann:
Composer & Virtual Packages
September 30, 2014 @ 13:27:36

Peter Petermann has an interesting post he's added to his site describing a lesser known feature of the Composer package manager: virtual package support.

A few days ago i stumbled over a "virtual package" on packagist - and found it to be a feature that i was actually missing in composer. Turns out, composer can do it, its just not so well documented. So what is this about? Virtual packages allow you to have a more loose dependency. Rather than depending on a specific package, you depend on a virtual one, which can be fulfilled by all packages that provide the virtual one.

He includes a few examples to help illustrate the point of using virtual packages. The first describes an application that wants to use the PSR-4 logger structure but depends on "log-implementation" (a virtual package) rather than the "psr/log" package. The key is in using the "provide" keyword in the Composer configuration. His other two examples expand on this a bit, one showing the use of the "provide" keyword to define the relationship and the other of an actual application making use of this package.

0 comments voice your opinion now!
composer virtual package provide library tutorial psr log

Link: http://devedge.wordpress.com/2014/09/27/composer-and-virtual-packages/

Engine Yard Blog:
Engine Yard Is Sponsoring Composer
August 27, 2014 @ 11:50:24

According to this new post to the EngineYard blog, they're announcing their formal sponsorship of a tool that has revolutionized the way PHP libraries and packages are used: Composer.

Open source is a big deal at Engine Yard. Originally founded as a Ruby company, most of our early work was in the Ruby community. Since acquiring Orchestra in 2011, we have been investing in the PHP commmunity and are continually on the look out for ways to give back. So I'm thrilled to be sharing the latest news on this front. [...] We care a lot about PHP and we want to continue our mission of supporting key pieces of infrastructure in the communities we serve.

Their support is coming in the form of a community grant provided over the next twelve months. This fund ($15k) will provide support for the continued development of the project and Nils Adermann, one of Composer's principal developers.

0 comments voice your opinion now!
engineyard sponsor composer communitygrant project

Link: https://blog.engineyard.com/2014/engine-yard-sponsoring-composer


Community Events





Don't see your event here?
Let us know!


laravel version tool podcast package series community release opinion update composer introduction application interview framework language library symfony voicesoftheelephpant security

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework