I have a global composer file for my user which contains references to local packages like:
{
"repositories": [
{
"type": "path",
"url": "/vendorA/projectA",
"options": {
"symlink": true
}
},
{
"type": "path",
"url": "/vendorA/projectB",
"options": {
"symlink": true
}
},
{
"type": "path",
"url": "/vendorA/projectC",
"options": {
"symlink": true
}
}
]
}
In project C, I have a composer.json file similar to:
{
"name": "Project C"
"require": {},
"require-dev": {
"vendorA/projectA": "#dev",
"vendorA/projectB": "#dev"
},
"prefer-stable": true
}
When I composer require --dev vendorA/projectC, it symlinks Project C's folder under the vendor folder but not the requirements defined in Project C's composer.json file. I tested installing Project A and B and they work fine so it is not a situation where composer is not able to find the packages, but Projects A and B don't install as well when project C is installed as a dependency of another project.
I also tried "minimum-stability": "dev" which did not work either.
Anyone know if I am missing something?
Related
I am trying to set up Composer to work without internet access. I have set up a server in the local network with a Satis configured repository with the following configuration file:
{
"name": "private/composer",
"homepage": "http://<some_ip>:9500",
"repositories": [
{"type": "composer", "url": "https://packagist.org"}
],
"require-dependencies": true,
"require": { ... },
"archive": {
"directory": "offline",
"format": "zip"
},
"config": {
"preferred-install": "dist"
}
}
After running
$ ./satis/bin/satis build ./satis.json ./mirror
Everything works, I get my ./satis/mirror/offline directory filled up with .zip files of the packages I am mirroring from packagist.org.
In my Composer, project, I added the following sections to the composer.json configuration:
{
"repositories": [{
"type": "composer",
"url": "http://<some_ip>:9500"
}],
"config": {
"secure-http": false
},
...
}
I tried to run composer install then and I get an error about Composer not begin able to access https://packagist.org/packages.json. Why is it trying to do that? How can I make this process work without internet access?
Thank you!
By default Composer does not disable access to packagist.org when you add custom repos. You can disable it with the following config:
{
"repositories": [
{
"packagist.org": false
}
]
}
We've started to use Satis for a private composer repository.
All is going well - except something which we cannot figure out.
--
When we run the satis build - it generates the json and the zips to download.
Our config resembles something like
{
"name": "Premium Repositories",
"homepage": "https://some-website.com",
"require-all": false,
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:our-repo.git"
}
],
"archive": {
"directory": "dist"
}
}
The json it then generates contains something like
"some/package": {
"dev-master": {
"name": "some/package",
"version": "dev-master",
"version_normalized": "9999999-dev",
"source": {
"type": "git",
"url": "git#bitbucket.org:selesti/some-package.git",
"reference": "db0abb6a6983738d768b64684f82d178059b85b4"
},
"dist": {
"type": "zip",
"url": "https://some-domain/dist/some/package/some-package-dev-master-ec67bc.zip",
"reference": "db0abb6a6983738d768b64684f82d178059b85b4",
"shasum": "f04821a159f6f19ea6e5be8624d88f32b168e205"
},
"require": {
"magento/framework": ">=100.0.0",
"php": "~5.5.0|~5.6.0|>=7.0.0",
"some/core": ">=3.0.0"
},
"time": "2018-02-16T09:00:56+00:00",
"type": "magento2-module"
}
}
We can clearly see from this it contains both the zip and the source.
This seems to mean that when we run composer install it tries to install the source version first - which fails as it doesn't have read-access - then it falls back to the dist, which works.
Is this the natural behaviour of composer if there is a source field within the composer.lock ? - And if so, is it possible for satis to not generate the source object, so it automatically goes straight to the dist key?
Thanks
I'm not sure if you can exclude source repos from Satis output, but as an alternative, you can tell Composer to use dist repos by default with configuration similar to:
{
"config": {
"preferred-install": "dist"
}
}
You can also specify preferred-install config on package by package basis, as per docs:
{
"config": {
"preferred-install": {
"my-organization/stable-package": "dist",
"my-organization/*": "source",
"partner-organization/*": "auto",
"*": "dist"
}
}
}
I have three projects (p1, p2, p3) in a local Gitlab installation. The project p1 requires p2, the project p2 requires p3.
The p2/composer.json looks like this:
{
"name": "my-group/p2",
...
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.local.dev/my-group/p3.git"
}
],
"config": {
"gitlab-token": {
"gitlab.com": "my-token"
}
},
"require": {
"my-group/p3": "dev-develop"
}
}
The command 'composer install' works for the p2 project without any problems.
The p1/composer.json looks like:
{
"name": "my-group/p1",
...
"minimum-stability": "dev",
"prefer-stable": true,
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.local.dev/my-group/p2.git"
}
],
"config": {
"gitlab-token": {
"gitlab.com": "my-token"
}
},
"require": {
"my-group/p2": "dev-develop"
}
}
The command 'composer install' displays for the project p1 the following error message:
$ composer install
...
Problem 1
- Installation request for my-group/p2 dev-develop -> satisfiable by my-group/p2[dev-develop].
- my-group/p2 dev-develop requires my-group/p3 dev-develop -> no matching package found.
According to https://getcomposer.org/doc/05-repositories.md#repository, the repositories option is only evaluated from the root composer.json. So, if you don't make p3 available through satis or some other services that covers multiple repositories, this won't work
The following composer.json works:
{
"name": "my-group/p1",
...
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.local.dev/my-group/p2.git"
},
{
"type": "vcs",
"url": "ssh://git#git.local.dev/my-group/p3.git"
}
],
"config": {
"gitlab-token": {
"gitlab.com": "my-token"
}
},
"minimum-stability": "dev",
"prefer-stable": true,
"require": {
"my-group/p2": "dev-develop"
}
}
The problem is, that I do not know, what the project p2 requires and I do not want to have all internal projects in the composer.json.
I have composer.json on project:
{
"repositories": [
{
"type": "vcs",
"url": "git#git.test.ua:bmp/composer.git"
}
],
"require": {
"pack/composer": "dev-master"
},
"minimum-stability": "dev"
}
git#git.test.ua:bmp/composer.git - it's my repo, that containe next composer.json file:
{
"name": "pack/composer",
"repositories": [
{
"type": "vcs",
"url": "git#git.test.ua:components/curl.git"
}
],
"minimum-stability": "dev",
"require": {
"php": ">=5.4.0",
"pack/curl": "dev-master"
},
"autoload": {
"psr-4": {
"pack\\composer\\": ""
}
}
}
git#git.test.ua:components/curl.git - also my repo, that containe next composer.json file:
{
"name": "pack/curl",
"autoload": {
"psr-4": {
"pack\\curl\\": ""
}
},
"minimum-stability": "dev"
}
When I try to do composer install on my project, I receive next error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for pack/composer dev-master -> satisfiable by pack/composer[dev-master].
- pack/composer dev-master requires pack/curl dev-master -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
I already add param:
"minimum-stability": "dev"
If I remove require section from the seckond composer.json file the no error any more.
"pack/curl": "dev-master"
How fix it, I need this require?
Update:
{
"repositories": [
{"type": "vcs", "url": "https://git.test.ua/components/composer.git"},
{"type": "vcs", "url": "https://git.test.ua/components/curl.git"}
],
"require-dev": {
"pack/composer": "dev-master"
},
"minimum-stability": "dev"
}
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Installing pack/composer (dev-master 886d220)
Cloning 886d22082d4aa341731ebd87f280ee0f5a05fe37
Writing lock file
Generating autoload files
Update2 composer.lock file
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is #generated automatically"
],
"hash": "cc5c1fc7000544f6cfd9ba03a3ee4567",
"packages": [],
"packages-dev": [
{
"name": "pack/composer",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://git.test.ua/components/composer.git",
"reference": "886d22082d4aa341731ebd87f280ee0f5a05fe37"
},
"require-dev": {
"pack/curl": "dev-master"
},
"type": "library",
"autoload": {
"psr-4": {
"pack\\composer\\": ""
}
},
"time": "2015-04-24 07:13:31"
}
],
"aliases": [],
"minimum-stability": "dev",
"stability-flags": {
"pack/composer": 20
},
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": []
}
Composer does not browse repositories recursively, i.e. ALL repositories that may contain software have to be mentioned in the root composer.json file.
You don't mention the repository of the pack/curl package there, so Composer cannot find this package.
I assume that "pack" is the vendor name you added partially in your question, because the error message still mentions "shkarbatov" as the vendor name.
Best way to avoid having to add hundreds of personal repositories everywhere is to have a packagist-like Composer repo that is mentioned everywhere and contains the metadata of all code repositories. Have a look at Satis.
Update:
Now after seeing your composer.lock file, the situation is clear: You are NOT using require to add your packages, but require-dev. This is for development dependencies (like adding PHPUnit or stuff needed to develop the package) of the root package only - any dev dependencies of packages added to the root package are NOT installed.
Change the dependencies of packages you need for production use to require all levels!
I've successfully set up Satis on my own server and am able to pull in packages from it.
However, dependencies that are required in those private packages are constantly being cloned at their bleeding edge version instead of the specified version constraint. I think that Satis is creating a local mirror of the latest dev-version. However I do not want to have a local mirror, I just need them to install directly from Packagist.
So how do I need to setup the project / package / Satis to have the dependencies in those private packages installed from Packagist?
Thanks.
This is my Satis build file:
{
"name": "Package Server",
"homepage": "http://packages.URL",
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:USERNAME/REPO.git",
"options": {
"ssh2": {
"username": "USERNAME",
"pubkey_file": "PUBFILE",
"privkey_file": "PRIVATEFILE"
}
}
}
],
"require-all": true
}
And this is the composer.json file of the project requiring the private package (package has no tagged releases):
{
"name": "Test Project",
"description": "",
"require": {
"php": ">=5.4.0",
"USERNAME/REPO": "*"
},
"repositories": [
{
"type": "composer",
"url": "http://packages.URL"
}
],
"minimum-stability": "dev"
}
And this is the private package's composer.json:
{
"name": "USERNAME/RPO",
"description": "",
"require": {
"php": ">=5.4.0",
"illuminate/support": "5.0.*",
"vinkla/hashids": "~1.0"
},
"minimum-stability": "dev"
}
In your Satis config you defined "require-all": true.
This is default and selects all versions of all packages in the repository you defined.
You could try to remove "require-all": true in favor of a require section.
This means that Satis will only contain these specific packages and their versions, like so:
"require": {
"company/packageA": "*",
"company/packageB": "1.2.3",
"company/packageC": "2.0.0"
}
It's package cherry picking on Satis
So if I understand correctly I need to add the private packages that are available in the specified private repository in the require key and their own dependencies will then install from Packagist?
Add require-dependencies - this tells Satis to mirror not only the packages specified in the "require" section, but also all their dependencies.
See https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#resolving-dependencies
Is it possible to have multiple packages resided in one defined repository or does every single package need their own repository url entry in Satis?
I think it's not possible to have multiple packages in one "type": "vcs" repository.
With "type": "composer" and a cloned packagist you can store multiple repos.
Think of http://drupal-composer.org with http://packagist.drupal-composer.org/.
{
"repositories": [
{ "type": "vcs", "url": "https://github.com/somewhere/packageA" },
{ "type": "composer", "url": "https://packagist.org" }
],
"require": {
"package/packageA": "somewhere-dev",
"phpunit/phpunit": "*"
},
"require-dependencies": true
}