tooly-composer-script

With tooly composer-script you can version needed PHAR files in your project's composer.json without adding them directly to a VCS,

to save disk space at vcs repository
to be sure that all developers in your project get the required toolchain
to prepare a CI/CD System
(optional) to automatically check the GPG signature verification for each tool

Every PHAR file will be saved in the composer binary directory.

Example

An real example can be found here.

Requirements

PHP >= 5.6
Composer

Install

To use the script execute the following command:

composer require --dev tm/tooly-composer-script

Then add the script in the composer.json under "scripts" with the event names you want to trigger. For example:

...
"scripts": {
    "post-install-cmd": "Tooly\\ScriptHandler::installPharTools",
    "post-update-cmd": "Tooly\\ScriptHandler::installPharTools"
  },
...

Look here for more informations about composer events.

Sample usage

The composer.json scheme has a part "extra" which is used for the script. Its described here.

In this part you can add your needed phar tools under the key "tools".

...
"extra": {
    ...
    "tools": {
      "phpunit": {
        "url": "https://phar.phpunit.de/phpunit-5.5.0.phar",
        "sign-url": "https://phar.phpunit.de/phpunit-5.5.0.phar.asc"
      },
      "phpcpd": {
        "url": "https://phar.phpunit.de/phpcpd-2.0.4.phar",
        "only-dev": true,
        "rename": true
      },
      "security-checker": {
        "url": "http://get.sensiolabs.org/security-checker.phar",
        "force-replace": true
      },
    }
    ...
  }
...

Parameters

url (required)

After you add the name of the tool as key, you need only one further parameter. The "url". The url can be a link to a specific version, such as x.y.z, or a link to the latest version for this phar.

rename (optional, default false)

Rename the downloaded tool to the name that is used as key.

sign-url (optional, default none)

If this parameter is set tooly checks if the PHAR file in url has a valid signature by comparing signature in sign-url.

This option is useful if you want to be sure that the tool is from the expected author.

Note: For the check you need a further requirement and a GPG binary in your $PATH variable.

You can add the requirement with this command: composer require tm/gpg-verifier

This check often fails if you dont has the public key from the tool author in your GPG keychain.

fallback-url (optional, default none)

This option is useful if you want to add an extra layer of stability to your daily build processes.

In case the required url is not accessible and a fallback-url is set, tooly uses the fallback url to download the phar file. The fallback url can be a link to a specific version, such as x.y.z, or a link to the latest version for this phar.

force-replace (optional, default false)

Every time you update or install with composer the phar tools are checked. You are asked if you want to overwrite the existing phar if the remote and local phar has not the same checksum.

Except you set this parameter.

This option is useful if you has a link to the latest version of a tool and always want a replacement. Or you run composer in non-interactive mode (for example in a CI system) and want a replacement.

But is also useful if some require-dev library has one of the tools as own requirement.

only-dev (optional, default true)

This parameter means that this phar is only needed in developing mode. So the command composer [install|update] --no-dev ignores this phar tool.

Note: Therefore tooly must be a no-dev requirement

A note to PhpStorm or other IDE users

To furthermore have auto-suggestion you should set the "include_path" option in the project.

Contributing

Please refer to CONTRIBUTING.md for information on how to contribute.

tommy-muehle/tooly-composer-script

tommy-muehle

Reviews

Repository Details