Page last updated:
Composer is activated when you supply a
You can require dependencies for packages and extensions. Extensions must be prefixed with the standard
ext-. If you reference an extension that is available to the buildpack, it will automatically be installed and enabled.
For a list of supported extensions,
see the Releases page of php-cnb in GitHub.
The buildpack uses the version of PHP specified in your
composer.lock file. Composer settings override the version set in the
The buildpack runs with a set of default values for Composer. You can adjust these values by adding a
buildpack.yml file to your application and setting any of the following values in it.
|composer.version||The version of Composer to use. It defaults to the latest bundled with the buildpack.|
|composer.install_options||A list of options that should be passed to
|composer.vendor_directory||Allows you to override the default vendor directory used by the buildpack. Must be a relative path. This is passed through to Composer instructing it where to create the
Vendor dependencies will be located under this relative path within the Composer layer. In addition, a symlink to this directory will be created at the same relative path under the application root.
|composer.install_global||A list of package names to be installed globally. This calls
To make it easier to read, dot notation is used in the table.
However, this should be expanded into YAML format.
Here is an example
--- php: version: 7.2.14 webserver: nginx nginx: version: 1.17.5 composer: install_options: '--no-dev --optimize-autoloader' vendor_directory: 'dependencies'
Composer uses GitHub’s API to retrieve zip files for installation into the application folder. If you do not vendor dependencies before pushing an app, Composer will fetch dependencies during staging using the GitHub API.
GitHub’s API is request-limited. If you reach your daily allowance of API requests (typically 60), GitHub’s API returns a
403 error and staging fails.
There are two ways to avoid the request limit:
- Vendor dependencies before pushing your application.
- Supply a GitHub OAuth API token.
To vendor dependencies, you must run
composer install before you push your application.
By default, dependencies need to exist in a
vendor directory under the root of your application.
Optionally, you can set
buildpack.yml to a different relative path
under your application root where your dependencies are stored.
Supply a GitHub Token
Composer can use GitHub API OAuth tokens, which increase your request limit, typically to 5000 per day.
During staging, the buildpack looks for this token in the environment variable
COMPOSER_GITHUB_OAUTH_TOKEN. If you supply a valid token, Composer uses it. This mechanism does not work if the token is invalid.
To supply the token, you can use either of the following methods:
cf set-env YOUR_APP_NAME COMPOSER_GITHUB_OAUTH_TOKEN "OAUTH_TOKEN_VALUE"
- Add the token to the
envblock of your application manifest.
Composer runs in the buildpack staging environment. Variables set with
cf set-env or with a manifest.yml ‘env’ block are visible to Composer.
$ cf push a_symfony_app --no-start $ cf set-env a_symfony_app SYMFONY_ENV "prod" $ cf start a_symfony_app
In this example,
a_symfony_app is supplied with an environment variable,
SYMFONY_ENV, which is visible to Composer and any scripts started by Composer.
Non-Configurable Environment Variables
User-assigned environment variables are applied to staging and runtime. The following environment variables cannot be overridden by users:
COMPOSER_HOME: Set to
COMPOSER_CACHE_DIR: Set to
COMPOSER_NO_INTERACTION: Set to
PHPRC: Set to
PHP_INI_SCAN_DIR: Set to