To put it simpley the best I can: we have a private VC repo with a list of composer packages we use internally -- [our-bitbucket.com]/comp/
Each package has it's own repo. Each package is namespaced under [orgname]/ within their composer.json configuration.
What I'm trying to do is clean up this mess:
"repositories": [
{
"type": "vcs",
"url": "ssh://git#our-bitbucket.com/comp/package1",
"options": {
"ssh2": {
"username": "git",
"pubkey_file": ".ssh/pub-key",
"privkey_file": ".ssh/priv-key"
}
}
},
{
"type": "vcs",
"url": "ssh://git#our-bitbucket.com/comp/package2",
"options": {
"ssh2": {
"username": "git",
"pubkey_file": ".ssh/pub-key",
"privkey_file": ".ssh/priv-key"
}
}
},
// [... a dozen more times ...]
],
Is there any better and simpler way manage this? This repo list is getting pretty large. We need to clean it up. I don't suppose there's some way to add a global options for the keys? By host?
Here's a solution I found that assists in cleaning up this file: storing credentials in .ssh/config, modifying the URLs to match the config setting. e.g.
.ssh/config:
Host our-bitbucket.com
User git
IdentityFile /root/.ssh/priv-key
# ----------------------------
satis.json
"repositories": [
{"type": "vcs", "url": "ssh://git#our-bitbucket.com/comp/package2"},
//[... dozen more lines ...]
]
It at least saves us from having to define a priv/pub key for each and every repo definition.
Related
When pointing satis to a Gitlab repo, it chooses a dist url that mirrors the source url instead of finding the Gitlab Release and using the dist zip artifact.
Let's say your satis.json looks like this:
{
"repositories": [
{ "type": "vcs", "url": "git#gitlab.com:group-name/project-name.git" },
],
"require-all": true
}
When you run satis build satis.json, satis will create a packages.json that looks like this:
{
"packages": {
"group-name/project-name": {
"v1.0.1": {
"name": "group-name/project-name",
"version": "v1.0.1",
"version_normalized": "1.0.1.0",
"source": {
"type": "git",
"url": "git#gitlab.com:group-name/project-name.git",
"reference": "68da091ec3d6891e8519095a8066b28eb2261c20"
},
"dist": {
"type": "zip",
"url": "https://gitlab.com/api/v4/projects/group-name%2Fproject-name/repository/archive.zip?sha=68da091ec3d6891e8519095a8066b28eb2261c20",
"reference": "68da091ec3d6891e8519095a8066b28eb2261c20",
"shasum": ""
},
"require": {
"composer/installers": "v1.0.6"
},
"require-dev": {
"wp-coding-standards/wpcs": "^2.2"
},
"time": "2020-01-13T04:39:57+00:00",
"type": "wordpress-plugin"
}
}
}
The problem
The dist.url is simply an API call to Gitlab to generate a zip of the files as they appear within the git repo.
But I'm carefully constructing a zip distributable as part of my CI builds that contains minified javascript, generated css, etc. This zip distributable is then attached to a Gitlab Release as an artifact.
I want satis to find my GitLab Release and use the zip artifact in the dist.url. In my case, it would look something like this:
"dist": {
"type": "zip",
"url": "https://gitlab.com/api/v4/projects/11301246/jobs/400678589/artifacts/project-name-1.0.1.zip",
},
I am trying to set up Composer to work without internet access. I have set up a server in the local network with a Satis configured repository with the following configuration file:
{
"name": "private/composer",
"homepage": "http://<some_ip>:9500",
"repositories": [
{"type": "composer", "url": "https://packagist.org"}
],
"require-dependencies": true,
"require": { ... },
"archive": {
"directory": "offline",
"format": "zip"
},
"config": {
"preferred-install": "dist"
}
}
After running
$ ./satis/bin/satis build ./satis.json ./mirror
Everything works, I get my ./satis/mirror/offline directory filled up with .zip files of the packages I am mirroring from packagist.org.
In my Composer, project, I added the following sections to the composer.json configuration:
{
"repositories": [{
"type": "composer",
"url": "http://<some_ip>:9500"
}],
"config": {
"secure-http": false
},
...
}
I tried to run composer install then and I get an error about Composer not begin able to access https://packagist.org/packages.json. Why is it trying to do that? How can I make this process work without internet access?
Thank you!
By default Composer does not disable access to packagist.org when you add custom repos. You can disable it with the following config:
{
"repositories": [
{
"packagist.org": false
}
]
}
I have a rare case where I have two packagists in play here because I'm working on a Drupal Project. I have https://packagist.org and http://packagist.drupal-composer.org/.
The problem here is that they both define the package drupal/coder. One of them respects the composer.json, and the other does not, but generates one. I'm fixing to go create an issue over here that tells them to respect the composer.json is one is available.
I would like to use the package from packagist.org, but since I define packagist.drupal-composer.org, I'm not able to.
Is there a way to identify a package from a specific source, or to redefine a repository that already has a package.
I tried to add
{
"type": "vcs",
"url": "http://git.drupal.org/project/coder.git"
}
in my repositories to no avail. Doing a composer update; composer show simply shows me the package from packagist.drupal-composer.org. Additionally, defining:
{
"type": "composer",
"url": "http://packagist.org"
}
Provides me with the same results.
My last thought is to define a "package" and point it at the repository with a different name but seems like a lame work around because then I have to maintain "versions".
Yes thats definitely a problem. But here is a workaround, just the package definition above packagist.drupal-composer.org to your composer.json.
"repositories": [
{
"type": "composer",
"url": "https://packagist.org/p/drupal/coder.json"
},
{
"type": "composer",
"url": "http://packagist.drupal-composer.org"
}
]
You define Drupal's packagist as Composer type repo.
You define a git repo for the drupal/coder repo.
Both definitions go into the repository section.
Now: all packages are fetched from http://packagist.drupal-composer.org/, except drupal/coder.
Here you go:
{
"type": "project",
"repositories": [
{
"type": "git",
"url": "http://git.drupal.org/project/coder.git"
},
{
"type": "composer",
"url": "packagist.drupal-composer.org"
}
],
"require": {
"drupal/coder": "8.2.1"
}
}
I've successfully set up Satis on my own server and am able to pull in packages from it.
However, dependencies that are required in those private packages are constantly being cloned at their bleeding edge version instead of the specified version constraint. I think that Satis is creating a local mirror of the latest dev-version. However I do not want to have a local mirror, I just need them to install directly from Packagist.
So how do I need to setup the project / package / Satis to have the dependencies in those private packages installed from Packagist?
Thanks.
This is my Satis build file:
{
"name": "Package Server",
"homepage": "http://packages.URL",
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:USERNAME/REPO.git",
"options": {
"ssh2": {
"username": "USERNAME",
"pubkey_file": "PUBFILE",
"privkey_file": "PRIVATEFILE"
}
}
}
],
"require-all": true
}
And this is the composer.json file of the project requiring the private package (package has no tagged releases):
{
"name": "Test Project",
"description": "",
"require": {
"php": ">=5.4.0",
"USERNAME/REPO": "*"
},
"repositories": [
{
"type": "composer",
"url": "http://packages.URL"
}
],
"minimum-stability": "dev"
}
And this is the private package's composer.json:
{
"name": "USERNAME/RPO",
"description": "",
"require": {
"php": ">=5.4.0",
"illuminate/support": "5.0.*",
"vinkla/hashids": "~1.0"
},
"minimum-stability": "dev"
}
In your Satis config you defined "require-all": true.
This is default and selects all versions of all packages in the repository you defined.
You could try to remove "require-all": true in favor of a require section.
This means that Satis will only contain these specific packages and their versions, like so:
"require": {
"company/packageA": "*",
"company/packageB": "1.2.3",
"company/packageC": "2.0.0"
}
It's package cherry picking on Satis
So if I understand correctly I need to add the private packages that are available in the specified private repository in the require key and their own dependencies will then install from Packagist?
Add require-dependencies - this tells Satis to mirror not only the packages specified in the "require" section, but also all their dependencies.
See https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#resolving-dependencies
Is it possible to have multiple packages resided in one defined repository or does every single package need their own repository url entry in Satis?
I think it's not possible to have multiple packages in one "type": "vcs" repository.
With "type": "composer" and a cloned packagist you can store multiple repos.
Think of http://drupal-composer.org with http://packagist.drupal-composer.org/.
{
"repositories": [
{ "type": "vcs", "url": "https://github.com/somewhere/packageA" },
{ "type": "composer", "url": "https://packagist.org" }
],
"require": {
"package/packageA": "somewhere-dev",
"phpunit/phpunit": "*"
},
"require-dependencies": true
}
I have the following in my composer.json, for bear/package it is picking up the alternative git repo, but not for bear/skeleton. For bear/skeleton it is getting the main repo checkout da04548 from packagist, rather than 6b3bd0ae16 from the github.com/mackstar account.
Does anyone know why this works for one repo and not the other?
Thanks in advance.
{
"name": "mackstar/spout",
"description":"A BEAR.Sunday based CMS",
"keywords":[
"PHP",
"CMS"
],
"authors":[
{
"name": "Richard McIntyre"
}
],
"repositories": [
{
"type": "vcs",
"url": "https://github.com/mackstar/BEAR.Skeleton"
},
{
"type": "vcs",
"url": "https://github.com/mackstar/BEAR.Package"
}
],
"require":{
"php":">=5.4.0",
"ext-curl":"*",
"bear/resource":"0.9.*",
"bear/skeleton":"dev-develop",
"bear/package":"dev-develop",
The issue is that the new bear/package introduced a require on composer/installers in version dev-master, which is not allowed by your minimum stability or requires, so that package can not be installed.
If you add "composer/installers":"#dev" to your requires or "minimum-stability":"dev" to the top level it should select the custom git repo for this package as well.