We use Composer to manage Adobe Commerce on cloud infrastructure dependencies and upgrades and provide context about the included packages, what the packages do, and how they fit together. We highly recommend experience with Composer.

Composer manages required libraries and dependencies for your project and installs them in the vendor directory.

Composer files

For Adobe Commerce on cloud infrastructure, we use the composer.json and composer.lock files, located in the project root directory, to manage the modules list, packages, dependencies, and so on for determining upgrades, patches, hotfixes, and more.

Extension and module developers use the composer.json file to manage product installations and upgrades. See Install, manage, and upgrade extensions.

The composer.lock file stores a set of exact version dependencies that satisfy all of the version constraints of every requirement for every package in the dependency tree of the project.

Common commands:

Command Description
composer update Updates to the latest versions of the dependencies. You must update every time you edit dependencies in the composer.json file. This updates the composer.lock file.
composer install Reads the composer.lock file to download dependencies. You must keep an up-to-date copy of composer.lock in your Adobe Commerce on cloud infrastructure repository.

The workflow is as follows:

  1. Make a change to composer.json. For example, edit this file when installing an extension or module.
  2. Run composer update.
  3. Add composer.lock to or update it in your Cloud Git repository.
  4. Push the changes to the Cloud environment, which causes Cloud to build and deploy the environment.

During the build phase, the Cloud environment runs composer install on a fresh clone of your Git branch to retrieve the latest dependencies.


The vendor/magento/magento-cloud-metapackage should be the only package in the require section of your composer.json. This is a metapackage and does not contain any code.

The metapackage depends on the appropriate versions of vendor/magento/ece-patches, vendor/magento/ece-tools and vendor/magento/product-enterprise-edition. At any given version, this package requires the same version of magento/product-enterprise-edition. For example, to use Adobe Commerce version 2.2.0, for example, composer.json must specify a requirement for magento/magento-cloud-metapackage version 2.2.0.

This package depends on a floating version of vendor/magento/magento-cloud-configuration (abbreviated MCC). It depends on the major and minor version of MCC that correspond to the specified Adobe Commerce version, and floats on the patch version so that compatible updates to this packages can be automatically pulled by running composer update.

The main packages of this metapackage are the following:

  • vendor/magento/ece-tools—The ece-tools package is compatible with Adobe Commerce version 2.1.4 and later to provide a rich set of features you can use to manage your Adobe Commerce on cloud infrastructure project. It contains scripts and Adobe Commerce on cloud infrastructure commands designed to help manage your code and automatically build and deploy your projects.
  • vendor/magento/product-enterprise-edition—This metapackage requires application components, including modules, frameworks, themes, and so on.
  • vendor/fastly2/magento2—This module manages the Fastly CDN & services for the Pro Staging and Production and Starter Production environments. See Fastly Documentation.
  • vendor/magento/module-paypal-on-boarding—This module provides PayPal payment gateway checkout by connecting to your PayPal merchant account. See PayPal On-Boarding tool.

Base packages and file marshalling

Adobe Commerce contains two base packages: magento/magento2-base and magento/magento2-ee-base. These packages contain interstitial files that cannot be classified as extensions, themes, frameworks, or language packages; for example, sample server configuration files, PHP entry points, and so on.

These files are location-dependent, and cannot reside in the vendor directory. They are distributed as part of the base packages, and they rely on hooks located in the magento/magento-composer-installer package, which marshals them to the appropriate locations.

One way in which Adobe Commerce on cloud infrastructure deploys differently than other installation types is that it does not marshal base packages on the Cloud environment. This could change in a future Cloud release, but for now, on the Cloud environment—specifically, the marshalling functionality of magento/magento-composer-installer—it is disabled.

When upgrading to a new Adobe Commerce on cloud infrastructure version or adding, removing, or changing any packages that rely on file marshaling, you must:

  1. Run composer update locally.

    The new version of the base packages are marshalled out into the Cloud project root directory, which means files are added, removed, and changed.

    File marshalling works on your local system but not on the Cloud server.

  2. Add and commit these updated files to your Cloud Git repository.
  3. Push the changes to your Cloud Integration environment.

See Patch Adobe Commerce on cloud infrastructure.

This makes sure that base files are placed in the correct location and are under source control. If you notice any problems after deploying an updated version of Adobe Commerce, one of the first things to check is whether all of the base package files were added to source control.