How to automatically run composer update on new app release


I’ve been up and down the internet highway but I couldn’t find anything to help me with this issue.
I am developing a nextcloud app ( and I would like to not include in my repository all dependencies in …/vendor/
So far I couldn’t find a way to have nextcloud run make or composer update when a client upgrades their version of the app, so I had to include with my release all files in vendor/.

I’m using mpdf as one of the dependencies included with composer, which comes with huge ttf font files. Without removing a few from my release, I was not able to publish it on nextcloud app store.

How have you guys been handling composer dependencies in your apps?

I appreciate your help!

Welcome :wave: Thank you for writing an app :+1:

You don’t want to do that :wink: Some people have composer installed, some people have not, it might runs a outdated php version, people using shared webspace with strict permissions just to name a few. Including the dependencies with your release saves you a lot of trouble.

Should be possible to increase the limit.

I downloaded your app and looked at the vendor folder. I’m sure there is something wrong :wink: A complete symfony is installed as dependency (that’s also the reason for composer install installs the dev dependencies by default.


du -hs vendor/
55M	vendor/

composer install --no-dev:

du -hs vendor/
46M	vendor/

but there are still to many symfony components. might help. Also composer/composer should be a dev dependency.

du -hs vendor/
43M	vendor

Probably there are more dependencies in vendor/ that are actually not required to run the app itself. Happy digging :sunglasses:

1 Like

A general hint, for the release package you might want to use composer install --no-dev to just install runtime dependencies which already saves a lot on news.

Edit: Nevermind the following part I assumed this was for news, but it isn’t. Nevertheless it makes sense to explore the vendor folder a bit to see if everything in there is actually needed

The other major storage consumption seems to come from a test/ directory of the readability.php dependency. I cannot tell for sure if that is not needed at runtime but it might be a good idea to just exclude that from your app release tarball if that is possible:

➜ readability.php git:(master) ✗ du -d 1 -h .      
12K	./docker
180K	./src
19M	./test
20M	.

Ideally that package should of course not have tests included in their composer package.

1 Like

That makes a lot of sense. Thank you for your help.
I simply removed /vendor from .gitignore, so everything was included in the tar ball. How do you suggest handling releases in the future?
Having /vendor in .gitignore so it’s not tracked with git. Then having perhaps a gulp script that would:

  • delete the dev version of vendor,
  • run composer install --no-dev,
  • create a tar ball including this version of vendor and then
  • run composer install to return to my development version