Hello
I’ve been up and down the internet highway but I couldn’t find anything to help me with this issue.
I am developing a nextcloud app (https://apps.nextcloud.com/apps/emlviewer) and I would like to not include in my repository all dependencies in …/vendor/
So far I couldn’t find a way to have nextcloud run make or composer update when a client upgrades their version of the app, so I had to include with my release all files in vendor/.
I’m using mpdf as one of the dependencies included with composer, which comes with huge ttf font files. Without removing a few from my release, I was not able to publish it on nextcloud app store.
How have you guys been handling composer dependencies in your apps?
I appreciate your help!
Welcome 
Thank you for writing an app 
You don’t want to do that 
Some people have composer installed, some people have not, it might runs a outdated php version, people using shared webspace with strict permissions just to name a few. Including the dependencies with your release saves you a lot of trouble.
Should be possible to increase the limit.
I downloaded your app and looked at the vendor folder. I’m sure there is something wrong A complete symfony is installed as dependency (that’s also the reason for PHP Fatal error (Nextcloud 18.04, linuxserver/nextcloud:18.0.4-ls79) · Issue #15 · newroco/emlviewer · GitHub). composer install installs the dev dependencies by default.
default:
du -hs vendor/
55M vendor/
composer install --no-dev:
du -hs vendor/
46M vendor/
but there are still to many symfony components. Don't install symfony/console via composer by kesselb · Pull Request #636 · nextcloud/news · GitHub might help. Also composer/composer should be a dev dependency.
du -hs vendor/
43M vendor
Probably there are more dependencies in vendor/ that are actually not required to run the app itself. Happy digging 
1 Like
A general hint, for the release package you might want to use composer install --no-dev to just install runtime dependencies which already saves a lot on news.
Edit: Nevermind the following part I assumed this was for news, but it isn’t. Nevertheless it makes sense to explore the vendor folder a bit to see if everything in there is actually needed
The other major storage consumption seems to come from a test/ directory of the readability.php dependency. I cannot tell for sure if that is not needed at runtime but it might be a good idea to just exclude that from your app release tarball if that is possible:
âžś readability.php git:(master) âś— du -d 1 -h .
12K ./docker
180K ./src
19M ./test
20M .
Ideally that package should of course not have tests included in their composer package.
1 Like
That makes a lot of sense. Thank you for your help.
I simply removed /vendor from .gitignore, so everything was included in the tar ball. How do you suggest handling releases in the future?
Having /vendor in .gitignore so it’s not tracked with git. Then having perhaps a gulp script that would:
- delete the dev version of vendor,
- run
composer install --no-dev,
- create a tar ball including this version of vendor and then
-
run composer install to return to my development version