News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerGrove Blog:
Running Composer with HHVM, not so fast!
April 21, 2014 @ 12:46:02

On the ServerGrove blog today they share some interesting results when it comes to using Composer on a normal PHP install versus using it inside of a HHVM instance.

HHVM is an open-source virtual machine developed by Facebook and designed for executing programs written in Hack and PHP. It offers increased performance for PHP, most of the time. [...] Since Composer needs to perform some heavy computations in order to resolve the dependencies of a project, it makes sense to use HHVM. However, the heavy computations are mainly done when running composer update, or when the composer.lock file has not yet been generated so this is where you will see most of your gains in execution time.

With a bit more testing, this is shown to be true (about a 7 second difference). However, this is only on the "update". The "install" command actually takes longer inside of the HHVM instance, regardless of if the JIT (Just In Time) compiler is disabled or not.

0 comments voice your opinion now!
composer install update speed performance benchmark

Link: http://blog.servergrove.com/2014/04/17/running-composer-hhvm-fast

Community News:
PHPUnit Announced End of Life on PEAR Installation Method
April 21, 2014 @ 10:29:53

There's a new addition to the GitHub wiki that's quite important for the PHPUnit users out there. Sebastian Bergmann has officially announced the end of life for the PEAR version of the installer for the popular PHPUnit tool.

Since PHPUnit 3.7, released in the fall of 2012, using the PEAR Installer was no longer the only installation method for PHPUnit. Today most users of PHPUnit prefer to use a PHP Archive (PHAR) of PHPUnit or Composer to download and install PHPUnit. Starting with PHPUnit 4.0 the PEAR package of PHPUnit was merely a distribution mechanism for the PHP Archive (PHAR) and many of PHPUnit's dependencies were no longer released as PEAR packages. Furthermore, the PEAR installation method has been removed from the documentation. We are taking the next step in retiring the PEAR installation method with today's release of PHPUnit 3.7.35 and PHPUnit 4.0.17.

Included in this end of life, they'll also be decommissioning pear.phpunit.de to happen no later than the end of 2014.

0 comments voice your opinion now!
pear phpunit install method composer phar download

Link: https://github.com/sebastianbergmann/phpunit/wiki/End-of-Life-for-PEAR-Installation-Method

Zumba Engineering Blog:
Enforce code standards with composer, git hooks, and phpcs
April 15, 2014 @ 09:13:48

The Zumba Engineering blog has a new post looking at a way you can control code quality and standards with the help of Composer, git hooks and the PHP Code Sniffer (phpcs) tools.

Maintaining code quality on projects where there are many developers contributing is a tough assignment. How many times have you tried to contribute to an open-source project only to find the maintainer rejecting your pull request on the grounds of some invisible coding standard? [...] Luckily there are tools that can assist maintainers. In this post, I'll be going over how to use composer, git hooks, and phpcs to enforce code quality rules.

These three technologies are combined together to make a more seamless experience for the developer while keeping the code quality high. Their method makes use of the "scripts" (post-install-cmd) feature of Composer to, after the installation of all packages, set up a git hook script that will run the phpcs checks on pre-commit. It's a pretty simple shell script that kicks back any errors it might find before the user can commit their changes.

0 comments voice your opinion now!
code standards composer git hook phpcs codesniffer install precommit

Link: http://engineering.zumba.com/2014/04/14/control-code-quality

Matthias Noback:
There's no such thing as an optional dependency
April 11, 2014 @ 11:19:19

In his latest post Matthias Noback suggests the idea that there's no such thing as an optional dependency when it comes to working with packages and Composer.

On several occasions I have tried to explain my opinion about "optional dependencies" (also known as "suggested dependencies" or "dev requirements") and I'm doing it again: "There's no such thing as an optional dependency." I'm talking about PHP packages here and specifically those defined by a composer.json file.

So that everyone's on the same page, he starts with an example of a true dependency in a sample adapter class. He asks the usual question - "what's needed to run this code?" - and looking a bit deeper at the "suggested" packages. As it turns out, some of these dependencies turn into actual requirements when you need certain features of the tool. He points out that this is a problem with quite a few packages in the Composer ecosystem and proposes a solution - splitting packages based on requirements. He gives an example based on his adapter with a Mongo requirement split off into a "knplabs/gaufrette-mongo-gridfs" package that's more descriptive of the requirements.

0 comments voice your opinion now!
optional dependency composer packagist suggested package

Link: http://php-and-symfony.matthiasnoback.nl/2014/04/theres-no-such-thing-as-an-optional-dependency/

Gary Hockin:
Less is More
April 07, 2014 @ 09:56:36

Gary Hockin has a new post to his site talking about how he's found that less is more when it comes to what to include in your "composer.json". He works through some of his own opinions on the matter and suggests a bit more thought before just including another library.

I have absolutely no doubt this post will be largely disagreed upon by many in the PHP community, but I've had a terrible day and I'm hoping that the process of just getting this off my chest will be therapeutic in some way. [...] So, today I sat down and started writing the tests for our new lightweight SDK that offsets much of the work needed in the delivery of the adverts to workers via a Beanstalk queue. It should have been so easy. Things went well for the early part until I realised that I wanted to be able to extract and serialise our Device object to put it into the queue, and then hydrate it back into a Device object inside the worker

He assumed that since he'd used Zend Framework 2 a good bit and there were no (declared) dependencies, he could directly use an individual component. Unfortunately, there was a dependency (ZendFilterChain), requiring another package to be added via Composer and pulled down. He points out that Composer has made this almost too easy and developers maybe aren't as thoughtful about the libraries they pull in because of it.

He makes a call out to developers to remember the idea behind the MicroPHP Manifesto and really think about the code they're puling in, how large it is and if it's what they really need. He's not suggesting that Composer is the problem, rather the blind usage of it without thinking through the implications.

0 comments voice your opinion now!
less more library composer packagist include

Link: http://blog.hock.in/2014/04/05/less-is-more

SitePoint PHP Blog:
Composer Cheatsheet
April 01, 2014 @ 11:22:35

The SitePoint PHP blog has a new post from Matthew Setter today sharing a Composer cheatsheet he recently discovered with an example of the common commands and "composer.json" file structure.

Unless you've been living under a rock, today's PHP isn't your grandmother's PHP; it's an entirely different, much more elegant and mature language with countless improvements and additions. One of the key additions is Composer, the de facto standard for managing PHP project dependencies which, by default, gives you access to hundreds of ready-made libraries, via Packagist.org.

He goes through the parts of the guide, introducing some of the commands and covering the details of the full "composer.json" JSON structure. There's also a video introduction if you'd like the more visual version.

0 comments voice your opinion now!
composer cheatsheet introduction commands json structure

Link: http://www.sitepoint.com/composer-cheatsheet

Matthew Turland:
Travis and Composer and virtPHP, oh my!
March 27, 2014 @ 10:28:55

Matthew Turland has a new post today to his site looking at the combination of three different technologies - TravisCI, Composer and VirtPHP - and an odd error he was getting from his build about a missing requirement "php".

In the first build, everything worked fine under 5.4 and 5.5, but upon getting to the composer install instruction to install project dependencies and PHPUnit, the job for 5.3 failed with some rather unintuitive output from Composer that implied it didn't recognize the platform package requirement that I'd provided for the minimum PHP version. [...] Since the cause of my issue wasn't immediately obvious from Composer's output, my first thought was that I needed to begin my attempt at troubleshooting the issue by replicating it on my local machine.

This is where VirtPHP came in. This tool provides an environment where you can install and configure multiple PHP configurations and switch between them easily. It provides a "glue" between the phpenv and php-build projects to make management of the results simpler. He talks about how he configured and set up his environments...and figured out his Composer problem.

0 comments voice your opinion now!
travisci composer error virtphp environment

Link: http://matthewturland.com/2014/03/26/travis-and-composer-and-virtphp-oh-my

ServerGrove Blog:
Composer 101
March 21, 2014 @ 12:14:12

You might have heard about Composer but aren't quite sure what all the fuss is about it. In this new tutorial on the ServerGrove blog, they introduce you to it, help you get it installed and show how it can help you make dependency management simpler.

Composer is a tool for dependency management in PHP. It allows us to declare the libraries (packages from now on) on which our project depends on and downloads them for us. With many high quality packages available to us, the are redefining they way we are building PHP software. You can browse through the wide variety of packages at the composer main repository packagist.org. Composer is a simple tool to use and this tutorial will go over the installation and usage basics.

They walk you through the installation (or either *nix or Windows) and help you get started with your first "composer.json" configuration file. They talk about "composer.lock" and the role it plays and how Composer uses is (and the json version) to pull in dependencies for your libraries of choice. The article also briefly covers the "composer" command and the options it provides.

0 comments voice your opinion now!
composer dependency management package introduction

Link: http://blog.servergrove.com/2014/03/19/composer-tutorial/

Lorna Mitchell:
Using Composer Without GitIgnoring Vendor/
March 12, 2014 @ 12:45:23

In her latest post Lorna Mitchell looks at a method, when using Composer and git, to fix an issue around subdirectories that are git repositories and git thinking they should be submodules instead.

Recent additions to the joind.in API have introduced some new dependencies so we decided we'd start using Composer to manage these - but we don't want to run composer unsupervised. I'm sure this will bring the rain of "just run composer install, it's probably mostly almost safe" criticism, but actually it's quite tricky to run Composer without excluding vendor/ from source control so I thought I'd share how we did it so that anyone who wants to do so can learn from my experience!

She starts by describing the usual use of Composer - making the "composer.json", running the install and see the "vendor" directory being added. When she tried to check in the dependencies, git gave her an error about wanting them to be submodules. Instead, she figured out a way to add a line to the .gitignore to have it disregard the "vendor/.git" directory, making it work as expected.

0 comments voice your opinion now!
composer vendor install gitignore git

Link: http://www.lornajane.net/posts/2014/using-composer-without-gitignoring

Pádraic Brady:
PHP Package Signing My Current Thoughts
March 10, 2014 @ 11:57:49

Pádraic Brady has a new post sharing some of his ideas around PHP package signing and a few possible ways to approach (and possibly solve) the problem.

We figured out how to write good code. We figured out how to write good code in a reusable way...for the most part. We figured out how to distribute and mix all that good reusable code in a sensible fashion. Can we now figure out how to do it all securely? [...] The problem with package signing from my perspective is tied up in a phrase most of you would know: The needs of the many outweigh the needs of the few. Thank you, Spock.

He compares two different alternatives, Public-key infrastructure (PKI) vs (Pretty Good Privacy) GPG, and how the idea of trust fits into the picture. He also points out an unfortunate fact when it comes to the initial adoption of package signing methods - people are lazy (and cheap). They want to get things done and not have extra steps. Signing their packages would be one of these steps. He suggests an alternative, though, using double signatures to verify the integrity and validity of its contents. He also talks about the role that metadata plays in the overall package ecosystem and how signing it as well could be part of the solution.

0 comments voice your opinion now!
package signature signing metadata packagist composer

Link: http://blog.astrumfutura.com/2014/03/php-package-signing-my-current-thoughts


Community Events











Don't see your event here?
Let us know!


install release podcast opinion introduction symfony2 language composer security facebook hack hhvm application unittest component performance package series database framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework