PHP Versions Question posted in
You can find a list of all versions here.

How can I install a single specific package from composer.json, to install developer tools? – PHP Versions

I’m using PHP_CodeSniffer in my GitLab CI/CD pipelines to ensure my code is properly formatted. The job looks like follows:

stages:
  - test
  - build
  - deploy

coding_standard:
  stage: test
  script:
    - curl -OL https://squizlabs.github.io/PHP_CodeSniffer/phpcs.phar
    - php phpcs.phar --extensions=php .

That’s working as expected. However, the exact version of the tool is not specified here. So if there’s suddenly a new major version of PHP_Codesniffer, the CI/CD job might fail, although my PHP code hasn’t changed.
Furthermore, I currently have the tool installed globally on my local machine. In that way, I cannot have a specific version of the tool for every PHP project.

Now I’d like to add the tool as Composer dev-dependency (require-dev).

In the CI/CD job I would then call composer install instead of downloading the tool via curl.

The problem: That will download all packages needlessly, instead of just PHP_Codesniffer and its dependencies. Can I prevent that?

Tags:

2

Answers


  1. 0

    Why not download any tagged version from Github through https://github.com/squizlabs/PHP_CodeSniffer/releases, like https://github.com/squizlabs/PHP_CodeSniffer/releases/download/3.6.0/phpcs.phar?

    Using a PHAR is better than installing such stuff using Composer, as you might install other incompatible dependencies that way (this is not the case with phpcs, but other tools like phpmd install other dependencies from Symfony)

    Login or Signup to reply.
  2. 0

    You can’t do this with composer. You can’t even install "only the dev dependencies". It’s all the dependencies, all the non-dev dependencies, and that’s all.

    And it’s generally a bad idea to install this kind of dependency as a project dependency, since very easily you can enter in dependency hell for reasons beyond your actual application needs. Development tools should not bring that level of complexity and danger to your deployment strategy.

    To get around this, you could use something like the Composer Bin Plugin to isolate these dependencies and yet install them through composer. Then on CI you’d run composer install on this directory only, and run the tool from this location (or symlink it to bin, which is what the plugin does when it’s installed, but you wouldn’t have it installed in CI if you are not installing all the dependencies anyway).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search