WEBVTT NOTE Created by CaptionSync from Automatic Sync Technologies www.automaticsync.com 00:00:00.956 --> 00:00:05.856 align:middle It's time to demystify something incredible: tractor beams. 00:00:06.356 --> 00:00:09.386 align:middle Well actually, we haven't figured those out yet... 00:00:09.536 --> 00:00:15.766 align:middle so let's demystify something else, something that's already been happening behind the scenes. 00:00:15.766 --> 00:00:19.366 align:middle First commit everything, with a nice message: 00:00:22.506 --> 00:00:25.916 align:middle Let's install a new feature called the Symfony Security Checker. 00:00:26.646 --> 00:00:28.336 align:middle This is a great tool.... 00:00:28.656 --> 00:00:34.336 align:middle but... full disclosure: we're mostly installing it to show of the recipe system. 00:00:34.816 --> 00:00:40.566 align:middle Ooooo. Run: git status Ok, there are no changes. 00:00:41.746 --> 00:00:47.206 align:middle Now run: composer require sec-checker Once again, 00:00:47.386 --> 00:00:51.016 align:middle sec-checker should not be a valid package name! 00:00:51.316 --> 00:00:52.476 align:middle So what's going on? 00:00:53.576 --> 00:00:55.636 align:middle Move over and open composer.json. 00:00:55.636 --> 00:01:00.116 align:middle Our project began with just a few dependencies. 00:01:00.606 --> 00:01:06.236 align:middle One of them was symfony/flex: this is super important. 00:01:06.236 --> 00:01:09.846 align:middle Flex is a Composer plugin with two superpowers. 00:01:10.496 --> 00:01:12.896 align:middle The first superpower is the alias system. 00:01:13.016 --> 00:01:16.826 align:middle Find your browser and go to symfony.sh. 00:01:18.156 --> 00:01:23.996 align:middle This is the Symfony "recipe" server: we'll talk about what that means next. 00:01:23.996 --> 00:01:25.136 align:middle Search for "security". 00:01:26.146 --> 00:01:30.826 align:middle Ah, here's a package called sensiolabs/security-checker. 00:01:31.246 --> 00:01:37.596 align:middle And below, it has aliases: sec-check, sec-checker, security-check and more. 00:01:37.596 --> 00:01:43.906 align:middle Thanks to Flex, we can say composer require sec-checker, or any of these aliases, 00:01:44.066 --> 00:01:46.936 align:middle and it will translate that into the real package name. 00:01:47.616 --> 00:01:50.106 align:middle Yep, it's just a shortcut system. 00:01:50.106 --> 00:01:52.426 align:middle But the result is really cool. 00:01:53.176 --> 00:01:54.256 align:middle Need a logger? 00:01:54.456 --> 00:01:55.986 align:middle composer require logger. 00:01:56.486 --> 00:01:57.416 align:middle Need to send emails? 00:01:57.646 --> 00:01:59.286 align:middle composer require mailer. 00:01:59.516 --> 00:02:00.666 align:middle Need a tractor beam? 00:02:01.006 --> 00:02:04.216 align:middle composer require, wait, no, we can't help with that one. 00:02:05.376 --> 00:02:07.276 align:middle Back in composer.json, yep! 00:02:07.626 --> 00:02:11.966 align:middle Composer actually added sensiolabs/security-checker. 00:02:12.406 --> 00:02:15.266 align:middle That's the first superpower of Flex. 00:02:15.946 --> 00:02:20.296 align:middle The second superpower is even better: recipes. 00:02:20.776 --> 00:02:23.826 align:middle Mmmm. Go back to your terminal and... 00:02:23.916 --> 00:02:30.826 align:middle yes! It did install and, check this out: "Symfony operations: 1 recipe". 00:02:31.276 --> 00:02:35.406 align:middle Then, "Configuring sensiolabs/security-checker". 00:02:36.416 --> 00:02:37.386 align:middle What does that mean? 00:02:38.386 --> 00:02:40.936 align:middle Run: git status Woh! 00:02:40.936 --> 00:02:46.286 align:middle We expected composer.json and composer.lock to be updated. 00:02:46.676 --> 00:02:50.236 align:middle But there are also changes to a symfony.lock file 00:02:50.546 --> 00:02:53.826 align:middle and we suddenly have a brand new config file! 00:02:55.206 --> 00:02:59.776 align:middle First, symfony.lock: this file is managed by Flex. 00:03:00.486 --> 00:03:03.346 align:middle It keeps track of which recipes have been installed. 00:03:04.286 --> 00:03:05.136 align:middle Basically... 00:03:05.366 --> 00:03:07.746 align:middle commit it to git, but don't worry about it. 00:03:09.436 --> 00:03:14.756 align:middle The second file is config/packages/dev/security_checker.yaml. 00:03:15.776 --> 00:03:19.186 align:middle This was added by the recipe and, cool! 00:03:19.386 --> 00:03:22.486 align:middle It adds a new bin/console command to our app! 00:03:23.546 --> 00:03:26.806 align:middle Don't worry about the code itself: you'll understand 00:03:26.806 --> 00:03:29.986 align:middle and be writing code like this soon enough! 00:03:30.026 --> 00:03:40.926 align:middle The point is this: thanks to this file, we can now run: php bin/console security:check Cool! 00:03:41.316 --> 00:03:44.286 align:middle This is the recipe system in action! 00:03:44.806 --> 00:03:48.566 align:middle Whenever you install a package, Flex will execute the recipe 00:03:48.566 --> 00:03:50.466 align:middle for that package, if there is one. 00:03:51.086 --> 00:03:56.196 align:middle Recipes can add configuration files, create directories, or even modify files 00:03:56.196 --> 00:04:02.506 align:middle like .gitignore so that the library instantly works without any extra setup. 00:04:03.176 --> 00:04:05.046 align:middle I love Flex. 00:04:05.736 --> 00:04:10.166 align:middle By the way, the purpose of the security checker is that it checks to see 00:04:10.166 --> 00:04:14.386 align:middle if there are any known vulnerabilities for packages used in our project. 00:04:15.016 --> 00:04:16.236 align:middle Right now, we're good! 00:04:16.786 --> 00:04:19.286 align:middle But the recipe made one other change. 00:04:20.146 --> 00:04:27.206 align:middle Run: git diff composer.json Of course, composer require added the package. 00:04:27.746 --> 00:04:30.676 align:middle But the recipe added a new script! 00:04:32.576 --> 00:04:36.686 align:middle Thanks to that, whenever we run: composer install when it finishes, 00:04:37.056 --> 00:04:39.596 align:middle it runs the security checker automatically. 00:04:39.596 --> 00:04:47.006 align:middle So cool! Oh, and I won't show it right now, but Flex is even smart enough 00:04:47.006 --> 00:04:51.026 align:middle to uninstall the recipes when you remove a package. 00:04:51.846 --> 00:04:55.426 align:middle That makes testing out new packages fast and easy. 00:04:55.466 --> 00:04:57.536 align:middle So you might be wondering... 00:04:57.846 --> 00:04:59.266 align:middle where do these recipes live? 00:04:59.976 --> 00:05:00.806 align:middle Great question! 00:05:01.146 --> 00:05:01.716 align:middle They live... 00:05:02.216 --> 00:05:03.426 align:middle in the cloud. 00:05:03.716 --> 00:05:05.686 align:middle I mean, they live on GitHub. 00:05:05.686 --> 00:05:11.226 align:middle On symfony.sh, click "Recipe" next to the Security checker. 00:05:15.106 --> 00:05:19.416 align:middle Ah, it takes us to the symfony/recipes repository. 00:05:20.556 --> 00:05:26.126 align:middle Here, you can see what files will be added and a few other changes described in manifest.json. 00:05:27.006 --> 00:05:33.536 align:middle All recipes either live in this repository, or another one called symfony/recipes-contrib. 00:05:34.416 --> 00:05:37.396 align:middle There's no important difference between the two repositories: 00:05:37.806 --> 00:05:41.436 align:middle but the official recipes are watched more closely for quality. 00:05:42.906 --> 00:05:47.426 align:middle Next! Let's put the recipe system to work by installing Twig 00:05:47.426 --> 00:05:49.586 align:middle so we can create proper templates.