According to their website, Composer is a dependency manager for PHP. While true, I think this is a bit of an understatement. I’m fairly new to Composer, but it’s revolutionising my workflow.
Package in Private Repo
You may need to keep your work in a private VCS repo while it’s still in the early stages of development. It’s easy to set up git repos as public packages on Packagist, the PHP package repository - but if you need to keep work private you can set Composer up to use a private repo. Here’s a simple example
composer.json for such a use case:
This assumes that you’re accessing your private repo by means of SSH keys.
Use a Specific Tag or Commit
To lock your project to a specific commit, add a hash to
dev-master followed by a git tag or commit reference:
Now when you run
composer update, your project remains locked to a specific version (in this case, tag 1.0.5) of the required package.
In the long run, you’re better off creating public Composer packages from your work:
Note: This feature has severe technical limitations, as the composer.json metadata will still be read from the branch name you specify before the hash. You should therefore only use this as a temporary solution during development to remediate transient issues, until you can switch to tagged releases. The Composer team does not actively support this feature and will not accept bug reports related to it. https://getcomposer.org/doc/04-schema.md#package-links
comments powered by Disqus