I have a Laravel application and I need to update a couple of dependencies. My problem is that I only have the production environment, as I developed this site before I started using GIT.
Is this the correct way of performing the upgrade:
Edit the version number under "Require" in composer.json file.
In Terminal, do "Composer install" or "Composer update".
And then only the changes to version number will be updated/installed, correct?
Are there anything that typically goes wrong doing this, or any other things to take into consideration? Since I'm on production I will of course take backup before.
You never want to run composer update on the production server.
General process for adding/updating/removing packages:
Edit the composer.json file locally to have the packages/versions you want.
Run composer update still on your local machine. This will generate a new composer.lock file.
Make sure your app still works with the new versions / packages.
Deploy both the new composer.json and the composer.lock file to production.
Run composer install --no-dev on the production server.
The basic difference between composer install and composer update is that update looks at your composer.json file and checks each package for new versions. It then updates the composer.lock file with the exact versions it used.
The install function instead looks at your composer.lock file rather than your composer.json file and installs the exact versions specified there.
My problem is, that I do not have a local dev for this project as it was my first project in PHP, and I didn't use Git. I know its not a good practice and in v2 I am using Git, but in the meantime I need to update one dependency. Is there any way of running composer install on my production server? Or any other way to resolve this issue?
You don't need an entire working local version of the app with a database and server to run the commands. You just need the application files (and you can skip the vendor directory if you need to download the files).
Just run the update, upload the composer.json and composer.lock files, then run composer install --no-dev on the production server.
suppose, i have only ftp-posibility to visit filestore of production server (i don't have access to ssh aтв similar things). in this case, it is enough to download vendor-folder, the new composer.json and the composer.lock file to production?
I just signed up to the website only to add a teeny tiny note on this. Please keep in mind that the website WON'T BE WORKING ANYMORE until the update finishes. I was too happy when I first read this post that I decided to run the suggested procedure in production, and BOOM all the server network have been offline for a good half hour. Do everything on a separate private snapshot, then slowly replace the production servers with the ones generated after the update... or else.
Apart from this, thank you for this post, it was super useful
