Does the content downloaded by composer need to be submitted to git?

The following tutorial column of composer will introduce to you the question of whether the content downloaded by composer needs to be submitted to git. I hope it will be helpful to friends who need it!

Specific question:

I would like to ask all the students who use Composer, will you submit the content of the files downloaded through Composer to Git?
I saw the article Should I Commit the dependencies in my vendor directory on the official Faq. Some people suggested not to submit it to Git. So how should I deal with the problem of re-composer install when switching branches? If the vendor is submitted to the repository, how should the .git folder in the package be handled?

*Correction composer update should be composer install

Solution:

In fact, whether it is branch development or deployment to the production environment , no matter how you write the wildcard rules for the version number in composer.json, what we are most concerned about is always the most fundamental content: At the time of development, what is the specific version number of all the dependent libraries we used?

This content is supported by the composer.lock file. By maintaining lock files, composer itself records the specific versions of all dependent libraries in the project after any changes are made to the dependent libraries. Please read the documentation about this file (https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file).

You should always submit the composer.lock file to the repository, and after switching branches or deploying, use composer install to install the specific dependency versions specified in the lock file.

In this sense, it is correct whether you submit the vendor directory to the main repository. It is a trade-off choice whether to submit or not:

If submitted:

Advantages: "Pull and use" convenience.

Disadvantages: Duplication of information. Because of the specific version you developed at the time, the lock file has been recorded. In other words, the vendor folder expresses the same thing.

Disadvantage: Risk of introducing inconsistency. Because although Composer ensures that the lock file is consistent with the vendor directory, submitting it to the git repository is a manual act after all. You can't guarantee that you won't fall behind one of the two.

If you do not submit, the advantages and disadvantages will be reversed. Not to be repeated again.

My thoughts are: I suggest you stick to the idea of ​​"correctness over ease of use". My suggestion is not to submit to the vendor, but just use the lock file to maintain the version of the dependent library at the time of development.

If you submit, please be sure to follow the following two guidelines:

(1) Be sure to ensure that the submission of the two files vendor and composer.lock is synchronized. If one is mentioned, the other must be mentioned.
Any development, if only one of the commits is submitted, must be held accountable.
The reason for this is: Although we submit to the vendor to ensure that it is available immediately after pulling it, git has a partial checkout function - for a Composer project, I have the right to follow the convention of the Composer project and not check out vendor directory, but pull down the actual code and then do a composer install. You can't say I'm wrong.
(If anyone says this is wrong, I support you to expose your unscrupulous company and technical director on SF and Zhihu every minute)

(2) Be sure to follow Composer’s instructions for submitting the vendor folder Suggestion (https://getcomposer.org/doc/faqs/should-i-commit-the-dependencies-in-my-vendor-directory.md), ignore all .git directories of sub-library, and only submit the ones in vendor Code of practice.
Believe me, the actual code in the vendor and the management files of the git library itself under vendor/**/.git are definitely related to the above-water part and the underwater part of the iceberg. If you don't ignore it, people will die. It's not an exaggeration.

It must also be pointed out that during branch development, even if you do not synchronize the vendor through the repository, but only synchronize composer.lock, it will not cause a waste of time.

When switching between two branches, it is nothing more than switching back and forth between two specific versions. Composer itself caches all downloaded libraries. The composer install after each branch pull will definitely hit all caches, without repeatedly consuming download time.

The above is the detailed content of Does the content downloaded by composer need to be submitted to git?. For more information, please follow other related articles on the PHP Chinese website!