What should the composer.json file look like in a production environment?

Question

What should the composer.json file look like in a production environment?

I have a Symfony 2.1 project with additional packages installed through the composer. I want to deploy it to my production server, but I wonder if I need to change anything in the composer.json file. Here is my current file:

 { "name": "symfony/framework-standard-edition", "description": "The \"Symfony Standard Edition\" distribution", "autoload": { "psr-0": { "": "src/" } }, "require": { "php": ">=5.3.3", "symfony/symfony": "2.1.1", "doctrine/orm": ">=2.2.3,<2.4-dev", "doctrine/doctrine-bundle": "1.0.*", "twig/extensions": "1.0.*", "symfony/assetic-bundle": "2.1.*", "symfony/swiftmailer-bundle": "2.1.*", "symfony/monolog-bundle": "2.1.*", "sensio/distribution-bundle": "2.1.*", "sensio/framework-extra-bundle": "2.1.*", "sensio/generator-bundle": "2.1.*", "jms/security-extra-bundle": "1.2.*", "jms/di-extra-bundle": "1.1.*", "friendsofsymfony/user-bundle": "*", "knplabs/knp-paginator-bundle": "dev-master", "ornicar/gravatar-bundle": "dev-master", "liip/url-auto-converter-bundle": "dev-master" }, "scripts": { "post-install-cmd": [ "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installAssets", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installRequirementsFile" ], "post-update-cmd": [ "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installAssets", "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installRequirementsFile" ] }, "config": { "bin-dir": "bin" }, "minimum-stability": "dev", "extra": { "symfony-app-dir": "app", "symfony-web-dir": "web" } }

Should I change the minimum-stability setting?

Should I fix every requirement for one version without wildcards or "dev-master"?

Should I search http://packagist.org/ for the latest stable version of each dependency?

+7

symfony symfony-2.1 composer-php production

Gregoire Sep 11 '12 at 12:44

source share

1 answer

Clement herreman · Accepted Answer · 2012-09-11T13:32:11+0000

I think the most important is your composer. Not much composer .json.

Deploy the application on the test server, php composer.phar install , then run the tests so that everything is in order. If this is really normal, just deploy to composer.lock on the production server.

This way your fingerprints will look just like your test server. It is also useful if you have several front servers, the composer .lock ensures that everyone uses the same code.

you said

Should I fix every requirement for one version without wildcards or "dev-master"?

This is the role of composer.lock to “fix” everything. The .json composer talks about declaring dependencies and handling possible incompatibilities between versions. By default, you should keep stable versions if you don’t need some fancy new feature in the development branch or a fix that has not yet been merged.

Therefore, you should update your composer.lock, which is easier for automatic deployment.

What should the composer.json file look like in a production environment?

More articles: