Monorepo - best practices

[TheCelavi]

Does anyone have any experience using this tool within monorepo setup? Care to share?

Thanks!

[icanhazstring]

Normally it should pick up your dependency usage just fine.
For example, I do run it in one of my projects, which is a monorepo. The structure looks like this:

root
  | - packages/first-package
    | - composer.json
  | - src
  - composer.json

The root composer.json contains all dependencies from all packages combined.
So checking for usage should be fine as long as your packages/ folder is listed in the psr-4 autoload of your root composer.json.

[TheCelavi]

I am not sure I am getting it correctly.

There is a root composer.json, let say composer-R.json, and there is package A within its own composer file, let say composer-A.json.

I want to check that composer-A.json does not have any extra package included which is not needed for package A.

Normally, I would run tool against composer-A.json. The problem are packages B, C, D... etc... within monorepo stated in composer-A.json, they should not be downloaded from repository, they should be used from "packages" directory.

Does my mumbo-jumbo makes any sense? Thanks!

[icanhazstring]

Ah I get it.
You are more or less looking for a grouped scan.

I mean it should be possible to do that if you run composer-unused in every package for now.

So on CI:

• cd into package
• composer install (--no-dev)
• run composer-unused

Not a real efficient way. But should work 😉

[TheCelavi]

I do not mind if it is efficient or not. Tool has purpose and cost, purpose beats the cost, still :)

[TheCelavi]

What about connected packages? Monorepo has packages A, B, C, D... A can depend on B and C.

I am driving two discussion in paralel, with Piveta as well here: maglnet/ComposerRequireChecker#366

Same idea, sam problem.

Maybe if I modify my question to:

"How would you use this tool against symfony/symfony?", per example here: https://github.com/symfony/symfony/blob/6.3/src/Symfony/Bridge/Doctrine/composer.json#L18

Note that current version of Symfony is 6, and let's say we have to bump it to 7.0, we can not release and then check, interdependencies have been changed.

Does this modification of question helps to understand the issue?

Thank you for your time as well!

[icanhazstring]

I think the last answer from marco does apply here:
maglnet/ComposerRequireChecker#366 (comment)

You would need to manipulate "how" the packages are installed.
Could be a symlink from "current" unreleased data, or released versions.

So other than that, just run composer-unused in the same manner as composer-require-checker for each individual package.