5

I have a project here that's a large Symfony2 app, I'm looking to introduce git submodules to components we're building here in-house. The issue here is that each component also requires composer packages for itself to function properly and now I have composer packages for the symfony2 app and composer packages needed for the component and I'm unsure how to handle/setup these dependencies here.

At the moment I'm manually running 'composer install' for each component (git submodule) we add, implying that each component has its own 'vendor' folder, this is far from ideal so I'm coming to Stack to get come good advice on how to keep these 'symfony composer dependencies' and 'component composer dependencies' easily maintainable.

I don't need to make sure the version of the symfony2 app's deps are synchronised with the components deps, i just need to make it simple and maintainable without having to run 'composer update' with each git submodule we setup.

Thanks!

EDIT

I'm now using composer's repositories key to define URL's to my companies private github repos. I'm able to pull in a singular private repo, lets call it Repo A. However when I add Repo B and make Repo A require Repo B it doesn't resolve properly.

composer.json for Repo A (user-reporting-component): https://gist.github.com/dragoonis/6ea92e062762c516baea

Composer.json for Repo B (database-component): https://gist.github.com/dragoonis/e54b47b75a79b82ebaea

The following error message occurs: https://gist.github.com/dragoonis/d79cd2c2dd5cc50bcd2a

The package of opinurate/database-component does exist as it's one of the repos defined in the respositories key.

Conclusion

The end solution here was to use Satis to setup what is your own private version of 'packagist' what will work alongside packagist.

I setup Satis at 'http://packages.mydomain.com' and added a 'repositories' key in my main apps composer.json file to that URL. Now when evaluating package names it will use your own custom satis server to give you git URL's too.

Paul Dragoonis
  • 2,315
  • 1
  • 16
  • 22

3 Answers3

7

I would say your best bet is to add those components via composer as opposed to git submodules. It makes coding and maintenance a bit more complex, but it ensures that your application is aware for all the actual dependencies.

If you don't want them to be public and want an easier way to handle them, then i would roll out a Satis deploy locally and register them all there, adding that satis repo to your composer.json.

Satis is a simpler version of Packagist, as long as the server with it, and the machines that run composer install have access to your private repositories, nothing else will see them. There is documentation on the Composer website at: https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md

You will then setup packages.yourcompany.com and add it to your composer.json as an alternate source of packages. Everything stays private.

Reply to Edit: This is happening because composer compartimentalizes, which means the "repository" is only known to your project's composer.json, the one in Repo A does not know, so it cannot find it. You must re-define the repository in that one. Even using Satis the "satis" address must be added to all composer.json files involved.

Add the "repository" stuff you added in your app to the composer.json in Repo A and B, it should work it all out.

Rafael Dohms
  • 207
  • 2
  • 8
  • Rafael, my git submodules are private company code - they can't publicly be on packagist. – Paul Dragoonis Feb 18 '14 at 11:30
  • 2
    @PaulDragoonis You don't have to make your submodules publicly available on packagist in order to use them with composer. You can add additional package sources (repositories) to your composer config, for example git repositories, zip files, or satis services. Check out the composer documentation about repositories [here](https://getcomposer.org/doc/05-repositories.md). – Pierre Feb 18 '14 at 11:52
  • 1
    I agree that this is the best way forward. There are a number of ways you can use "private" code using Composer. Rafael hinted at most of them. – Beau Simensen Feb 18 '14 at 14:56
  • 1
    Paul, Satis is a water down version of packagist. All you need is to ensure the server with Satis and your dev/prod machines have access to the repositories. They will not be on Packagist, but in your projects you can tell composer to go look in your "own packagist", i have done it in my company as well. https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md – Rafael Dohms Feb 18 '14 at 16:22
  • Thanks for the replies guys! I've edited my original question above with my reply as I'm hitting a second hurdle. – Paul Dragoonis Feb 19 '14 at 09:49
  • I'd suggest adding your repositories key to the question so we can check you've done that properly – Rawkode Feb 19 '14 at 11:16
  • @rawkode, he mentioned they are private. Anyway, solved it with him in private. – Rafael Dohms Feb 19 '14 at 11:41
  • In the spirit of StackOverflow, can one of you please include the answer for future people looking at this question. Thanks – Rawkode Feb 19 '14 at 11:57
0

I think this maybe sounds a bit similar to what you want to do, so I thought I'd post the link in case was helpful and you hadn't already seen it How do I use a Git submodule with a Composer loaded library?

Community
  • 1
  • 1
Tocacar
  • 475
  • 3
  • 12
-2

You should use a .gitignore file containing something like that:

    web/bundles/
    app/cache/*
    app/logs/*
    app/sessions/*
    build/
    vendor

When developing you should launch php composer.phar update from time to time. When your work is validated, you should commit the composer.lock file with your development.

When deploying, you can then just launch php composer.phar install.

Michaël P
  • 1
  • This does not really address the "git submodule with own composer dependencies" issue. – Sven Feb 18 '14 at 20:57