[英]How do I handle having a repository inside another repository when using Composer?
I have a project and I use Git for doing version control in this project. 我有一个项目,我使用Git在该项目中进行版本控制。 Within this project I have to add a few libraries as dependencies (more specifically PHPUnit and Guzzle).
在这个项目中,我必须添加一些库作为依赖项(更具体地说是PHPUnit和Guzzle)。 The requirements say that these libraries have to live in a folder of my project and I have to use composer to install/update them.
要求说这些库必须位于我项目的文件夹中,并且我必须使用composer来安装/更新它们。
So I did that and my directory structure looks something like this: 所以我做到了,我的目录结构看起来像这样:
project
|----- .git
|----- libs
|---- guzzle
|---- .git
|---- phpunit
|---- .git
So the guzzle
and phpunit
folders both have a separate .git
folder. 因此,
guzzle
和phpunit
文件夹中都有一个单独的.git
文件夹。 This is because, as far as I can tell, composer makes a clone of the master branch from github in order to retrieve the source code of these libraries. 据我所知,这是因为作曲家从github复制了master分支,以便检索这些库的源代码。
So I did a commit+push on a remote repository. 因此,我在远程存储库上进行了一次commit + push。 However, when someone else pulls from that repository, the files contained in the
libs/guzzle
and libs/phunit
folders do not appear in that person's working directory. 然而,当别人从仓库拉,包含在文件
libs/guzzle
和libs/phunit
文件夹不会出现在此人的工作目录。
I'm thinking this is because of the 2 .git
folders. 我在想这是因为有2个
.git
文件夹。
How can I fix this ? 我怎样才能解决这个问题 ? I tried searching the documentation of composer for a way to specify in
composer.json
to get ONLY the last snapshot so to speak. 我尝试在composer的文档中搜索一种在
composer.json
指定的方法,以便仅获得最后的快照。 But I couldn't find anything. 但是我什么也找不到。
I also thought about deleting the .git
directories, but won't that break everything if I try to do a composer update
in a few months ? 我还考虑过删除
.git
目录,但是如果我尝试在几个月内进行composer update
,那不会破坏一切吗?
Did anyone have this sort of problem in the past ? 过去有人遇到过这种问题吗? How did you solve it ?
您是如何解决的?
I have some comments and explanations. 我有一些评论和解释。
First, your usage of Composer created git clone
artefacts. 首先,您对Composer的使用创建了
git clone
人工制品。 While this isn't completely bad, it should be avoided because cloning a repo of an active project usually is a lot more data than installing a released version. 尽管这并不十分糟糕,但应避免使用它,因为克隆活动项目的存储库通常比安装已发布的版本多得多的数据。
Try to use --prefer-dist
if you can. 如果可以,请尝试使用
--prefer-dist
。 This will download ZIP files of the version, not clone from Github. 这将下载该版本的ZIP文件,而不是从Github克隆的文件。 Note that this option is the default for stable versions, which brings me to the next point...
请注意,此选项是稳定版本的默认选项,这将使我进入下一步。
Do use stable versions. 请使用稳定版本。 Do not use
dev-master
versions if you can avoid it. 如果可以避免,请不要使用
dev-master
版本。 You mentioned using PHPUnit and Guzzle. 您提到使用PHPUnit和Guzzle。 Both are released in stable versions that you can use.
两者均以可用的稳定版本发布。 Do it.
做吧 There is no benefit with these two libraries to use unstable development versions, unless you absolutely need a feature.
这两个库使用不稳定的开发版本没有任何好处,除非您绝对需要某个功能。 The problem with using an unstable version might not be showing right away.
使用不稳定版本的问题可能不会立即显示。 But think about what would happen half a year from now.
但是考虑一下半年后会发生什么。 Somebody updates your dependencies pointing to
dev-master
, which now points to whatever happened since then. 有人更新了您的依赖,指向
dev-master
,它现在指向此后发生的一切。 PHPUnit or Guzzle might have had a new major release with incompatible changes. PHPUnit或Guzzle可能有一个新的主要版本,具有不兼容的更改。 And now your project breaks unnecessarily.
现在,您的项目不必要地中断了。
Another thing is the requirement to put external libraries in defined folders. 另一件事是要求将外部库放在定义的文件夹中。 It is doable, but it shouldn't really be done.
这是可行的,但实际上不应该这样做。 Composer does work with any folder, but my usual reaction to seeing a
composer.json
in the top level directory is to expect getting a vendor
folder containing the autoload.php
. Composer可以使用任何文件夹,但是我通常会在顶级目录中看到
composer.json
,这是希望得到一个包含autoload.php
的vendor
文件夹。 Changing this needs a little bit more of explanation to a new developer who might also expect Composer to work as default as possible. 更改此设置需要向新开发人员提供更多解释,新开发人员也可能希望Composer尽可能使用默认设置。 Because there is no reason to put Composer-managed dependencies anywhere, they are best put where everyone would expect them.
因为没有理由将Composer管理的依赖项放在任何地方,所以最好将它们放在每个人都期望的位置。 Don't change the
vendor
folder if you don't have to. 无需更改
vendor
文件夹。
And the last point is: Do commit your composer.lock
, but don't commit the vendor
folder. 最后一点是: 提交
composer.lock
,但不要提交vendor
文件夹。 This is because the vendor folder might contain traces of the source control systems used by the external libraries, and these might confuse your projects source control. 这是因为供应商文件夹可能包含外部库使用的源代码管理系统的跟踪,而这些跟踪跟踪可能会使您的项目的源代码管理混乱。 The correct workflow is to commit the
composer.lock
, and everybody checking out your project has to run composer install
to grab these dependencies from the internet. 正确的工作流程是commit
composer.lock
,每个签出您的项目的人都必须运行composer install
来从互联网上获取这些依赖项。 This also applies to deployment scripts that do the checkout. 这也适用于执行签出的部署脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.