Composer has the option to load several dependencies only while being in development, so the tools will not be installed in production (on the live server). This is (in theory) very handy for scripts that only make sense in development, like tests, fake-data-tools, debugger, etc.
The way to go is to add an additional require-dev
block with the tools you need in dev:
"require-dev": {
"codeception/codeception": "1.6.0.3"
}
and then (theoretically) load these dependencies via
composer install --dev
Problem & Question:
Composer has changed the behaviour of install
and update
dramatically in 2013, require-dev
-dependencies are now installed by default (!), feel free to create a composer.json with a require-dev
block and perform an composer install
to reproduce.
As the most accepted way to deploy is to push the composer.lock (that holds your current composer setup) and then do an composer install
on the production server, this will also install the development stuff.
What's the correct way to deploy this without installing the -dev dependencies ?
Note: I'm trying to create a canonical Q/A here to clarify the weird Composer deployment. Feel free to edit this question.
composer.lock
should never be added to the Git repo, NEVER. The right approach is to use composer update on staging and then synch the file into production (if everything works, of course). Staging must be the exact copy of a production environment.composer.lock
should be part of.gitignore
.