Symfony 4: Flex and Aliases

Video loading...

  • 0:03
    Symfony 4: Flex and Aliases with Ryan Weaver
  • 0:07
    It’s time to demystify something incredible:
  • 0:11
    tractor beams.
  • 0:13
    Well, actually, we haven’t figured those out yet.
  • 0:16
    So, let’s demystify something else,
  • 0:19
    something that’s already been happening behind the scenes.
  • 0:24
    First, commit everything with a nice message.
  • 0:29
    Let’s install a new feature called The Symfony Security Checker.
  • 0:33
    This is a great tool, but, full disclosure,
  • 0:37
    we’re mostly installing it to show off the Recipe system.
  • 0:41
    Ooh!
  • 0:43
    Run, git status.
  • 0:46
    OK, there are no changes.
  • 0:48
    Now run, composer require sec-checker.
  • 0:53
    Once again, sec-checker should not be a valid package name.
  • 0:58
    So what’s going on?
  • 1:00
    Move over and open composer.json.
  • 1:03
    Our project began with just a few dependencies.
  • 1:07
    One of them was symfony/flex.
  • 1:10
    This is super important.
  • 1:13
    Flex is a composer plugin with 2 superpowers.
  • 1:17
    The first superpower is the alias system.
  • 1:20
    Find your browser and go to symfony.sh.
  • 1:25
    This is the Symfony Recipe Server.
  • 1:27
    We’ll talk about what that means next.
  • 1:30
    Search for security.
  • 1:33
    Ah, here’s a package called sensiolabs/security-checker,
  • 1:38
    and below, it has Aliases: sec-check, sec-checker, security-check,
  • 1:44
    and more.
  • 1:45
    Thanks to Flex, we can say composer require sec-checker
  • 1:49
    or any of these aliases,
  • 1:51
    and it will translate that into the real package name.
  • 1:54
    Yep, it’s just a shortcut system.
  • 1:57
    But the result is really cool.
  • 2:00
    Need a logger? composer require logger
  • 2:03
    Need to send e-mails? composer require mailer
  • 2:06
    Need a tractor beam? composer require…
  • 2:09
    Wait, no, we can’t help with that one.
  • 2:12
    Back in composer.json – yep,
  • 2:14
    composer actually added sensiolabs/security-checker.
  • 2:19
    That’s the first superpower of Flex.
  • 2:22
    The second superpower is even better. Recipes. Mmm!
  • 2:29
    Go back to your terminal, and yes, it did install.
  • 2:33
    And check this out. Symfony operations: 1 recipe
  • 2:38
    Then, Configuring sensiolabs/security-checker.
  • 2:43
    What does that mean?
  • 2:45
    Run git status.
  • 2:47
    Whoa!
  • 2:48
    We expected composer.json and composer.lock to be updated.
  • 2:53
    But there are also changes to a symfony.lock file,
  • 2:57
    and we suddenly have a brand new config file.
  • 3:02
    First, symfony.lock.
  • 3:04
    This file is managed by Flex.
  • 3:07
    It keeps track of which recipes have been installed.
  • 3:11
    Basically, commit it to git, but don’t worry about it.
  • 3:16
    The second file is
  • 3:17
    config>packages>dev /security_checker.yaml.
  • 3:22
    This was added by the recipe.
  • 3:25
    And cool, it adds a new bin console command to our app.
  • 3:30
    Don’t worry about the code itself.
  • 3:32
    You'll understand and be writing code like this soon enough.
  • 3:37
    The point is this – thanks to this file,
  • 3:40
    we can now run PHP ./bin/console security:check.
  • 3:47
    Cool!
  • 3:48
    This is the recipe system in action.
  • 3:51
    Whenever you install a package,
  • 3:53
    Flex will execute the recipe for that package,
  • 3:56
    if there is one.
  • 3:58
    Recipes can add configuration files, create directories,
  • 4:01
    or even modify files like .gitignore,
  • 4:04
    so that the library instantly works without any extra setup.
  • 4:10
    I love Flex.
  • 4:12
    By the way,
  • 4:13
    the purpose of the security-checker
  • 4:15
    is that it checks to see if there are any known vulnerabilities
  • 4:19
    for packages used in our project.
  • 4:22
    Right now, we’re good.
  • 4:23
    But, the recipe made 1 other change.
  • 4:27
    Run, git diff composer.json.
  • 4:30
    Of course, composer require added the package,
  • 4:34
    but the recipe added a new script.
  • 4:39
    Thanks to that,
  • 4:40
    whenever we run composer install, when it finishes,
  • 4:44
    it runs the security-checker automatically.
  • 4:47
    So cool!
  • 4:49
    Oh, and I won't show it right now,
  • 4:51
    but Flex is even smart enough to uninstall the recipes
  • 4:56
    when you remove a package.
  • 4:58
    That makes testing out new packages fast and easy.
  • 5:03
    So, you might be wondering, where do these recipes live?
  • 5:06
    Great question!
  • 5:08
    They live in the cloud.
  • 5:10
    I mean, they live on GitHub.
  • 5:13
    On Symfony.sh,
  • 5:15
    click Recipe, next to the security-checker.
  • 5:22
    Ah, it takes us to the symfony/recipes repository.
  • 5:27
    Here you can see what files will be added,
  • 5:30
    and a few other changes described in manifest.json.
  • 5:34
    All recipes either live in this repository
  • 5:36
    or another one called symfony/recipes–contrib.
  • 5:41
    There's no important difference between the 2 repositories,
  • 5:44
    but the official recipes are watched more closely for quality.
  • 5:49
    Next, let’s put the Recipe system to work by installing Twig,
  • 5:54
    so we can create proper templates.

Symfony 4: Flex and Aliases

Loading...

Let's learn about the Composer plugin Flex and Flex's two superpowers: aliases and recipes. Aliases will ease the process of dependency installation and recipes will help us make sure everything is working in our dependency upon installation.

Downloads: 
Log in or sign up to download companion files.
Additional resources: