danielbachhuber/composer-lock-updater
Composer 安装命令:
composer require danielbachhuber/composer-lock-updater
包简介
Run composer-lock-updater in your CI system for bot-powered composer.lock pull requests.
README 文档
README
Run composer-lock-updater in your CI system for bot-powered composer.lock pull requests.
When you run clu, it:
- Clones a given git repository to a working
/tmp/directory. - Runs
composer updatewithin the working directory. - Submits a pull request if changes are detected to a tracked
composer.lockfile.
Et voila! Now your dependencies are no longer six months out of date.
composer-lock-updater is different than dependabot in that it bundles all of your updates into one pull request, instead of creating separate pull requests for each dependency.
Installing | Using | Integrate with Travis CI
Installing
composer-lock-updater is a PHP library that can be installed with Composer:
composer global require danielbachhuber/composer-lock-updater
composer-lock-updater depends on composer and git being available on the system. For use with GitHub, also install the official hub CLI tool. For use with GitLab, you can use the unofficial lab CLI tool that emulates hub.
Both hub and lab will need to be authenticated with their respective services in order to create the pull/merge requests.
Support for other providers
Copy clu-config.dist.json to $COMPOSER_HOME/clu-config.json to add support for your git repository provider, or to make adjustments to the pull request commands. For example, to add support for a Bitbucket-Pantheon project using Terminus Bitbucket Plugin, create the following clu-config.json:
{
"providers": {
"terminus": {
"provider": "terminus",
"exec": ["terminus"],
"pr_create": "terminus pr-create --title=\"Update Composer dependencies\" --description %s",
"pr_list": "terminus pr-list",
"pr_close": "terminus pr-close %d -y",
"title_pattern": "%(\\d+)\\s+Update Composer dependencies\\s+clu\\-([0-9-]*)%"
}
}
}
Using
Run composer-lock-updater within an existing GitHub repository with:
clu
composer-lock-updater defaults to using git config --get remote.origin.url. If you'd like to specify a different value, either pass the repository URL as the first positional argument or define a CLU_GIT_URL environment variable.
To use composer-lock-updater with a GitLab repository, use:
clu --provider=gitlab
composer-lock-updater also supports the following environment variables to modify its behavior:
CLU_COMPOSER_INSTALL_ARGS: Arguments passed tocomposer install; defaults to--no-dev --no-interaction.CLU_COMPOSER_UPDATE_ARGS: Arguments passed tocomposer update; defaults to--no-progress --no-dev --no-interaction.CLU_GIT_NAME: Name used for Git commits; defaults to 'composer-lock-update'.CLU_GIT_EMAIL: Email used for Git commits; defaults to 'composer-lock-update@localhost'.
Integrate with Travis CI
This wouldn't be very useful if it didn't run automatically for you.
To configure composer-lock-updater to run on Travis master branch builds, add the following to your .travis.yml file:
after_script:
- |
###
# Only run on one job of a master branch build
###
if [ -z "$CLU_RUN" ] || [ "$TRAVIS_BRANCH" != master ] ; then
echo "composer.lock update disabled for this build"
return
fi
###
# Install composer-lock-updater
###
export PATH="$HOME/.composer/vendor/bin:$PATH"
composer global require danielbachhuber/composer-lock-updater
###
# Install hub for creating GitHub pull requests
#
# You could also replace this with lab to create GitLab merge requests.
###
wget -O hub.tgz https://github.com/github/hub/releases/download/v2.2.9/hub-linux-amd64-2.2.9.tgz
tar -zxvf hub.tgz
export PATH=$PATH:$PWD/hub-linux-amd64-2.2.9/bin/
###
# Optional: install Sensio Labs security checker to include security advisories in PR comments
###
mkdir -p $HOME/bin
wget -O $HOME/bin/security-checker.phar http://get.sensiolabs.org/security-checker.phar
chmod +x $HOME/bin/security-checker.phar
###
# Run composer-lock-updater
###
clu $CLU_REPO_URL
To grant commit and pull request access to the Travis build, define these private environment variables in the Travis control panel:
GITHUB_TOKEN=<personal-oauth-token>
CLU_REPO_URL=https://<personal-oauth-token>:x-oauth-basic@github.com/<org>/<repo>.git
Make sure to replace <personal-oauth-token>, <org> and <repo> with the appropriate values.
Lastly, because of the CLU_RUN environment variable, composer-lock-updater is disabled by default. Enable it for one job per build by modifying your environment matrix:
matrix:
include:
- php: 7.1
env: WP_VERSION=latest PHP_APCU=enabled CLU_RUN=1
- php: 7.0
env: WP_VERSION=latest PHP_APCU=enabled
- php: 5.6
env: WP_VERSION=latest PHP_APCU=enabled
Because composer-lock-updater is running on the after_script step, make sure to verify it's working correctly, because it won't fail your build if misconfigured.
danielbachhuber/composer-lock-updater 适用场景与选型建议
danielbachhuber/composer-lock-updater 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 8.19k 次下载、GitHub Stars 达 16, 最近一次更新时间为 2017 年 06 月 09 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 danielbachhuber/composer-lock-updater 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 danielbachhuber/composer-lock-updater 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 8.19k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 16
- 点击次数: 17
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-06-09