Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Composer: Stability and Semantic Versioning Demystified (Madison PHP)

23d971deeb3975a7d28246192fbbe7b7?s=47 Beau Simensen
November 16, 2013

Composer: Stability and Semantic Versioning Demystified (Madison PHP)

Understanding stability and semantic versioning makes a huge impact on daily life with Composer. Learn how to decode Composer's solver errors, get a better understanding of semantic versioning, how dependencies interact with each other when it comes to stability, and how to use Composer features like branch aliases to make things run more smoothly.

23d971deeb3975a7d28246192fbbe7b7?s=128

Beau Simensen

November 16, 2013
Tweet

More Decks by Beau Simensen

Other Decks in Programming

Transcript

  1. Composer: Stability and Semantic Versioning Demystified Madison PHP November 16th,

    2013
  2. @beausimensen simensen on Freenode #composer #madisonphp

  3. None
  4. Dependency Manager for PHP

  5. https://packagist.org

  6. Over 19,000 Packages

  7. composer.json

  8. { “name”: “acme/my-project”, “description”: “Acme’s My Project”, “license”: “MIT”, “require”:

    { “silex/silex”: “1.1.*” }, “autoload”: { “psr-0”: { “Acme\\MyProject\\”: “src” } } }
  9. { “name”: “acme/my-project”, “description”: “Acme’s My Project”, “license”: “MIT”, “require”:

    { “silex/silex”: “1.1.*” }, “autoload”: { “psr-0”: { “Acme\\MyProject\\”: “src” } } }
  10. { “name”: “acme/my-project”, “description”: “Acme’s My Project”, “license”: “MIT”, “require”:

    { “silex/silex”: “1.1.*” }, “autoload”: { “psr-0”: { “Acme\\MyProject\\”: “src” } } }
  11. { “name”: “acme/my-project”, “description”: “Acme’s My Project”, “license”: “MIT”, “require”:

    { “silex/silex”: “1.1.*” }, “autoload”: { “psr-0”: { “Acme\\MyProject\\”: “src” } } }
  12. $ composer install Loading composer repositories with package information Installing

    dependencies (including require-dev) - Installing psr/log (1.0.0) - Installing symfony/routing (v2.3.7) - Installing symfony/debug (v2.3.7) - Installing symfony/http-foundation (v2.3.7) - Installing symfony/event-dispatcher (v2.3.7) - Installing symfony/http-kernel (v2.3.7) - Installing pimple/pimple (v1.1.0) - Installing silex/silex (v1.1.2) Writing lock file Generating autoload files $
  13. Semantic Versioning http://semver.org/

  14. MAJOR.MINOR.PATCH

  15. MAJOR.MINOR.PATCH Which number do you increment and why?

  16. MAJOR.MINOR.PATCH When you make API incompatible changes

  17. MAJOR.MINOR.PATCH When you add backwards-compatible functionality

  18. MAJOR.MINOR.PATCH When you make backwards-compatible bug fixes

  19. Pre-Release Identifiers (Composer “Stability”) •1.0.0-alpha •1.0.0-beta.1 •1.0.0-RC2 •1.0.0 (stable)

  20. Version Constraints

  21. Exact Versions 1.0.2

  22. Ranges >=1.0,<2.0

  23. Wildcards 1.0.*

  24. Next Significant Release Tilde Operator

  25. Next Significant Release ~1.2 >=1.2,<2.0

  26. Next Significant Release ~1.2.3 >=1.2.3,<1.3

  27. Let’s You Know What You Are Getting Into

  28. Safe 1.3.* Only get bug fixes.

  29. Reasonably Safe 1.* Get bug fixes and new features.

  30. Crazy Sauce * Composer allows this, but don’t. Just don’t.

  31. Other Version Schemes Can Be Used But don’t expect Composer

    to read your mind and do anything smart with them.
  32. Version Constraint Considerations

  33. If the dependency specifications are too tight, you are in

    danger of version lock (the inability to upgrade a package without having to release new versions of every dependent package). — Semantic Versioning http://semver.org/
  34. If dependencies are specified too loosely, you will inevitably be

    bitten by version promiscuity (assuming compatibility with more future versions than is reasonable). — Semantic Versioning http://semver.org/
  35. Deep Dependency Resolution

  36. { “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*” } }

  37. { “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*” } } {

    “name”: “dflydev/doctrine-orm-service-provider”, “require”: { “pimple/pimple”: “1.*”, “doctrine/orm”: “~2.3” } }
  38. { “require”: { “dflydev/doctrine-orm-service-provider”: “1.0.*”, “silex/silex”: “1.1.*”, “pimple/pimple”: “1.0.*”, “doctrine/orm”:

    “2.4.*” } } { “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*” } } { “name”: “dflydev/doctrine-orm-service-provider”, “require”: { “pimple/pimple”: “1.*”, “doctrine/orm”: “~2.3” } }
  39. Conflicts

  40. { "require": { "silex/silex": "1.1.*", "pimple/pimple": "2.0.*@dev" } }

  41. $ composer install Loading composer repositories with package information Installing

    dependencies (including require-dev) Your requirements could not be resolved to an installable set of packages. Problem 1 - silex/silex v1.1.0 requires pimple/pimple 1.* -> satisfiable by pimple/pimple[1.0.0, 1.1.x-dev, v1.0.1, v1.0.2, v1.1.0]. - silex/silex v1.1.1 requires pimple/pimple 1.* -> satisfiable by pimple/pimple[1.0.0, 1.1.x-dev, v1.0.1, v1.0.2, v1.1.0]. - silex/silex v1.1.2 requires pimple/pimple ~1.0 -> satisfiable by pimple/pimple[1.0.0, 1.1.x-dev, v1.0.1, v1.0.2, v1.1.0]. - Can only install one of: pimple/pimple[2.0.x-dev, 1.0.0]. - Can only install one of: pimple/pimple[2.0.x-dev, 1.1.x-dev]. - Can only install one of: pimple/pimple[v1.0.1, 2.0.x-dev]. - Can only install one of: pimple/pimple[v1.0.2, 2.0.x-dev]. - Can only install one of: pimple/pimple[v1.1.0, 2.0.x-dev]. - Installation request for pimple/pimple 2.0.*@dev -> satisfiable by pimple/pimple[2.0.x-dev]. - Installation request for silex/silex 1.1.* -> satisfiable by silex/silex[v1.1.0, v1.1.1, v1.1.2]. Potential causes: - A typo in the package name - The package is not available in a stable-enough version according to your minimum-stability setting.
  42. Where Do Versions Come From?

  43. Tags and Branches git, mercurial, subversion

  44. Tags

  45. Tags If it can be parsed for semantic versioning, awesome.

  46. Tags If it cannot be parsed for semantic versioning, it

    is treated as if it were an “exact” version.
  47. v2.0.1 2.0.1 (2.0.*)

  48. 2.0.1 2.0.1 (2.0.*)

  49. 2.0.1-RC1 2.0.1-RC1 (2.0.*@RC)

  50. 2.0.1g 2.0.1g (2.0.1g)

  51. Branches

  52. Branches Composer automatically detects numbered branches as development versions. Branch

    named 2.0 is treated as 2.0.x-dev
  53. Branches Composer can alias a named branch to a specific

    development version. Branch named master is treated as 2.0.*@dev
  54. master dev-master

  55. testing dev-testing

  56. 2.0 2.0.x-dev (2.0.*@dev)

  57. 2.0-experimental dev-2.0-experimental (2.0.*@dev won’t work!)

  58. Branch Aliases

  59. { “extra”: { “branch-alias”: { “dev-master”: “2.0.x-dev” } } }

  60. When starting a new library that is to be distributed

    via Packagist / Composer, be SURE to set up your dev-master branch alias. — Don Gilbert https://twitter.com/dilbert4life/status/380137097614458881
  61. How Do You Target Branches and Non- Stable Versions?

  62. { “require”: { “symfony/yaml”: “3.5-cat”, “silex/silex”: “1.1@dev”, “pimple/pimple”: “dev-master” }

    }
  63. Stability

  64. Stability Minimum stability controlled by the root package. (Minimum stability

    defaults to “stable”)
  65. Stability { “minimum-stability”: “alpha” }

  66. Stability Stability can be controlled on a package-by-package basis by

    the root package.
  67. Stability { “require”: { “silex/silex”: “~1.1@dev”, “symfony/http-foundation”: “@beta” }, “minimum-stability”:

    “alpha” }
  68. Stability Composer solver errors are fun.

  69. { "require": { "pimple/pimple": "2.0.*" } } Stability

  70. $ composer install Loading composer repositories with package information Installing

    dependencies (including require-dev) Your requirements could not be resolved to an installable set of packages. Problem 1 - The requested package pimple/pimple 2.0.* could not be found. Potential causes: - A typo in the package name - The package is not available in a stable-enough version according to your minimum-stability setting Stability
  71. $ composer install Loading composer repositories with package information Installing

    dependencies (including require-dev) Your requirements could not be resolved to an installable set of packages. Problem 1 - The requested package pimple/pimple 2.0.* could not be found. Potential causes: - A typo in the package name - The package is not available in a stable-enough version according to your minimum-stability setting Stability
  72. Stability Even if your package requires something @dev, users of

    your package won’t get it unless they explicitly ask for it.
  73. { “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*@dev” } } R

  74. R { “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*@dev” } }

    { “name”: “dflydev/doctrine-orm-service-provider”, “require”: { “pimple/pimple”: “1.*@beta”, “silex/silex”: “1.1.*”, “doctrine/orm”: “~2.3” } }
  75. { “require”: { “dflydev/doctrine-orm-service-provider”: “1.0.*”, “pimple/pimple”: “1.0.*” } } {

    “name”: “silex/silex”, “require”: { “pimple/pimple”: “1.*@dev” } } { “name”: “dflydev/doctrine-orm-service-provider”, “require”: { “pimple/pimple”: “1.*@beta”, “silex/silex”: “1.1.*”, “doctrine/orm”: “~2.3” } } R
  76. Questions? https://joind.in/10064 @beausimensen