1

I'm running ubuntu 14.04 and noticed that when I run composer.phar update for packages having dependency for vendors like google, doctrine, twig, etc. it stores its downloaded files in my local ~/.composer/cache/files/vendor. However, when I created a library package myself, and "required" it in another test package, it did not download these in the /cache/files/ folder (but did add entries to /repo/https---packagist.org/*.json files).

I would like to know under what circumstances does composer.phar download the files and stores in cache? I'm asking this because I'm going to build a lot of apps in future including components like doctrine, symfony and zend frameworks and I don't want composer.phar to waste internet bandwidth by downloading a copy of each of these frameworks again and again for each app. Of course, another advantage is that in case I decide to switch ubuntu and move on to some other distro, I don't want to download a ton of composer packages all over again.

My personal guess is that since I haven't tagged my lib package in the github repo (it is still dev-master) it is not storing in cache. Can someone confirm that please?

1.composer.json require section of app having dependency on google/apiclient:

"require": {
    "google/apiclient": "1.*.*"
}

2.composer.json require section of app having dependency on prahladyeri/indiegogo:

"require": {
    "prahladyeri/indiegogo": "dev-master"
},
"license": "MIT",
"minimum-stability": "dev"
Prahlad Yeri
  • 3,567
  • 4
  • 25
  • 55

1 Answers1

2

If Composer clones a git repository, it is not using the cache.

Tagged releases will be downloaded as ZIP files from the Github API, because they are usually smaller in size than the whole repository, and they are put into the cache directory.

Release early, release often. Nobody will object if you tag every commit that you feel is stable and may be used. Using semantic versioning, you have so many options to label unstable versions that are still evolving, but you help your users a great deal.

Sven
  • 69,403
  • 10
  • 107
  • 109
  • Thanks! How do I know whether composer is cloning the repo or installing zip packages? Is it because of the `dev-master` version I've specified? – Prahlad Yeri Dec 05 '15 at 17:28
  • Dependencies on branches are cloning the repository by default. This makes incremental updates faster because Composer will simply pull into an existing clone. However, depending on branches is very bad for software stability, because every new commit can possibly be downloaded as an update by someone, and if this breaks anything, people will be unhappy. Tagging releases usually is done when the developer of a package is confident that the last part of his work is finished, and consumers of the package can select this new or the last existing version when updating - impossible with a branch. – Sven Dec 05 '15 at 17:43
  • OK, here is what happened: I tagged a version called "v0.1.0" (now [packagist](https://packagist.org/packages/prahladyeri/indiegogo) is also pointing to the same version as my github). Now, I changed my app's require section as: `"prahladyeri/indiegogo": "0.*"` and said `composer.phar update`. It updated the app, but still not caching it! What am I missing? – Prahlad Yeri Dec 05 '15 at 17:52
  • If Composer cloned a repo, it will not change to ZIP download because this would be inefficient. You have to delete your `vendor` folder and run `composer install` again. You can signal your preferred way of access by using the options `--prefer-dist` (download) or `--prefer-source` (clone) when doing this. See https://getcomposer.org/doc/03-cli.md#install – Sven Dec 05 '15 at 18:22
  • Thanks a lot @Sven. Deleting the `vendor` folder should have been obvious, but somehow skipped my mind! – Prahlad Yeri Dec 05 '15 at 19:01