I usually would not recommend deployment via git and running composer on your prod server for several reasons like f.e. the network. I rather believe in builds.
But sometimes its just too convenient :)
So i have this uncritical smaller API app where the hosting has git, ssh access and i am in full control and i decided too keep it simple.
For deploy i login via ssh and make a git pull too fetch the code.
Now we need to make a composer install, if the composer.lock has changes to fetch all php dependencies.
Therefor i found a handy bash script, tweaked it a bit and installed it as post-merge git hook.
Install the hook:
cd project nano .git/hooks/post-merge #paste & edit the script chmod 775 .git/hooks/post-merge
What it does?
After all code from the git pull is merged into the working tree, the hook checks if the composer.lock has changed. If so it will run a composer install.
Note that it runs with –no-dev since we are on production and dont need f.e. phpunit there.
I know you know, but let it be said again: run composer install not composer update, as you never should run composer update on production, read why here.
So here is the bash:
#/usr/bin/env bash # MIT © Sindre Sorhus - sindresorhus.com # forked by Gianluca Guarini # phponly by Ivo Bathke ;) changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)" check_run() { echo "$changed_files" | grep --quiet "$1" && eval "$2" } # `composer install` if the `composer.lock` file gets changed # to update all the php dependencies check_run composer.lock "composer install --no-dev"