Distributing projects compiled into PHAR

November 10, 2020

We have seen, in a previous article, how it is possible to compile a Symfony project as a PHAR. If this manipulation is quite simple to set up, the distribution must be straightforward to avoid wasting time for the project maintainers.

As a reminder, we need to have two projects in this context: a source project (i.e. readable source code) and a binary project (i.e. PHAR archive). It will therefore be necessary to set up automated processes so that the binary is updated after each commit and after each new release.

I will use the syntax of GitHub Actions to illustrate the rest of the article, but the logic remains the same if you use GitLab, for example.

Initialization

Before going any further, we must initialize the file which will contain the configuration: .github/workflows/continuous-deployment.yml at the root of our project. In this first example, we need to trigger an automated process after each commit on the master branch.

Then, we will start to complete it with: the name of the automated process, the name of the event that triggers it, and the system requirements for its execution.

 1name: Continuous Deployment
 2
 3on:
 4  push:
 5    branches: ['master']
 6
 7jobs:
 8  tests:
 9    name: Deployment
10    runs-on: ubuntu-latest
11
12    steps:
13      - name: 'Prepare the build context'
14        uses: actions/checkout@v1
15
16      - name: 'Install system requirements'
17        run: |
18          sudo apt update
19          sudo apt install -y libicu-dev
20          sudo apt-fast install -y --no-install-recommends \
21            php7.4 php7.4-ctype php7.4-intl php7.4-mbstring php7.4-pcov php7.4-sqlite php7.4-xml

Permissions

In addition to the system prerequisites, there are two other things to consider.

  1. The configuration of an SSH key with write access to the binary project.
  2. The Git configuration to keep a clean history and sign automatic commits.

Signing commits is not required. The most important thing is do not enter your private key directly in this file. Instead, use the GitHub secrets.

 1      - name: 'Load the keys used to deploy the PHAR archive'
 2        run: |
 3          mkdir -p ~/.ssh
 4          echo "${{ secrets.PRIVATE_DEPLOY_KEY }}" > ~/.ssh/id_rsa
 5          chmod 600 ~/.ssh/id_rsa
 6          echo "${{ secrets.PRIVATE_SIGNING_KEY }}" | gpg --import          
 7      - name: 'Configure the committer identity'
 8        run: |
 9          git config --global user.email "name@domain.tld"
10          git config --global user.name "Firstname Lastname"
11          git config --global commit.gpgsign "true"
12          git config --global user.signingkey "XXXXXXXXXXXXXXXX"

Building process

Just before compiling, we have to install the project dependencies. I usually take advantage of this step to check that there is no desynchronization between my composer.json file and my composer.lock file.

This last prerequisite passed, we can execute the compilation of our project.

1      - name: 'Install Composer dependencies'
2        run: |
3          composer validate --strict --ansi
4          composer install --optimize-autoloader --classmap-authoritative --ansi          
5      - name: 'Compile the PHAR archive'
6        run: |
7          composer dump-env prod
8          ./bin/console cache:warmup
9          docker run --volume="$(pwd):/app:delegated" ajardin/humbug-box compile --ansi

Deployment process

It’s now time to update the binary project. Here is a procedure that allows keeping an intelligible history.

  1. First, we clone the binary project into a temporary directory.
  2. We copy the previously generated PHAR inside this one.
  3. We index the change, and we include in the commit message a reference to the commit which is at the origin of the automated process.
  4. And finally, we push these changes on the binary project.

By doing this, we will have an almost similar history between the two projects.

 1      - name: 'Prepare the local Git repository which contains the PHAR archive'
 2        run: |
 3          git clone git@github.com:organization/project.git /tmp/project
 4          mkdir -p /tmp/project/bin/
 5          cp ./build/project.phar /tmp/project/bin/project          
 6      - name: 'Update the remote Git repository which contains the PHAR archive'
 7        run: |
 8          cd /tmp/project
 9          git add bin/project
10          git commit --message="Update to commit ${{ github.sha }}"
11          git push origin HEAD:master

Releases management

The release of a new release is almost identical to the deployment of a new commit. Only the event that triggers the process and the final step are different.

 1name: Release Version
 2
 3on:
 4  push:
 5    tags: ['v*.*.*']
 6
 7jobs:
 8  release:
 9    name: Release
10    runs-on: ubuntu-latest
11
12    steps:
13
14      # [...]
15
16      - name: 'Update the remote Git repository which contains the PHAR archive'
17        run: |
18          tag_name=$(git show "${{ github.ref }}" --no-patch --format="" | head -n1 | awk '{print $2}')
19          tag_message=$(git show "${{ github.ref }}" --no-patch --format="" | tail -n1)
20          cd /tmp/project
21          git add bin/project
22          git commit --message="Update to version ${tag_name}"
23          git push origin HEAD:master
24          git tag "${tag_name}" --message="${tag_message}" --force --sign
25          git push origin "${tag_name}" --force

Composer

Last but not least, you need to add a composer.json file to the binary project to indicate the location of the PHAR archive. This way, Composer will be able to process it correctly.

1{
2    "name": "organization/project",
3    "...": "...",
4    "bin": "bin/xyz"
5}