Composer Cloud Resolver

Background

The story of the Composer Cloud Resolver

  • «update» does the heavy lifting with all the dependency resolving based on your «composer.json» and writes the result of it into the «composer.lock» file. That’s the one that needs a lot of RAM.
  • «install» downloads all the packages based on the «composer.lock» and installs them into your «vendor» directory. It doesn’t impose any sepcial requirements on RAM at all.
I allow myself to paste a screenshot of one of the slides of Jordi’s and Nils’ presentations where I find the process is nicely illustrated.
  • Composer Plugins can do things during the resolving process so for security reasons I had to disable plugins
  • I also had to disable the autoloader and execution of scripts
  • Local repositories as well as artifact ones cannot work within a cloud so I had to validate for those not being present and deny such requests
  • The platform information is always different from the one in the cloud so I had to make it mandatory that this information is sent to the cloud
  • I/O of Composer needed to be redirected somewhere different than the CLI output and I noticed that I not only need to provide the resulting «composer.lock» but also the Composer output. How else would one know why something didn’t work?
  • The cloud would be either public or need authentication. For Contao’s case it’s public but to prevent it from being used by anybody I had to add checks for certain packages to be required in the «composer.json»
  • I needed a way to pass the packages to update and options like «with-dependencies», «profile» or «prefer-lowest» but at the same time other options had to be disallowed because they are either dangerous or make no sense within a cloud such as «no-interaction» or «working-dir».

The Composer Cloud Resolver

Here’s an illustration of the current setup I’ve presented at the Contao keynote this week.

So it’s Open Source, right? Where can I find it?

--

--

--

Open-minded Swiss dev, creating stuff mainly with PHP. Especially interested in performance and APIs. When not at work, I like sports and Scotch!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Product Update No. 20 is here.

Support Golff Roadmap V2 to get 10,000 GOF airdrop reward

Trying to understand Counting Sort? (+ Code)

How a Java Program will get executed?

Using Python’s Django Framework and how does it work

Java Garbage Collector

🗣️When the #DeFi space faces a provocation in the form of millions of stride yield locked to be…

Our planet is starving for a solution

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yanick Witschi

Yanick Witschi

Open-minded Swiss dev, creating stuff mainly with PHP. Especially interested in performance and APIs. When not at work, I like sports and Scotch!

More from Medium

Setup TKG 1.5.1 Management cluster on AWS cloud

Using Dynamic Blocks in Terraform

Secure your Cloud Native application with IBM Cloud App ID

AWS Backup Plan for EBS Volumes With Terraform