I've successfully set up Satis on my own server and am able to pull in packages from it.
However, dependencies that are required in those private packages are constantly being cloned at their bleeding edge version instead of the specified version constraint. I think that Satis is creating a local mirror of the latest dev-version. However I do not want to have a local mirror, I just need them to install directly from Packagist.
So how do I need to setup the project / package / Satis to have the dependencies in those private packages installed from Packagist?
Thanks.
This is my Satis build file:
{
"name": "Package Server",
"homepage": "http://packages.URL",
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:USERNAME/REPO.git",
"options": {
"ssh2": {
"username": "USERNAME",
"pubkey_file": "PUBFILE",
"privkey_file": "PRIVATEFILE"
}
}
}
],
"require-all": true
}
And this is the composer.json file of the project requiring the private package (package has no tagged releases):
{
"name": "Test Project",
"description": "",
"require": {
"php": ">=5.4.0",
"USERNAME/REPO": "*"
},
"repositories": [
{
"type": "composer",
"url": "http://packages.URL"
}
],
"minimum-stability": "dev"
}
And this is the private package's composer.json:
{
"name": "USERNAME/RPO",
"description": "",
"require": {
"php": ">=5.4.0",
"illuminate/support": "5.0.*",
"vinkla/hashids": "~1.0"
},
"minimum-stability": "dev"
}
In your Satis config you defined "require-all": true.
This is default and selects all versions of all packages in the repository you defined.
You could try to remove "require-all": true in favor of a require section.
This means that Satis will only contain these specific packages and their versions, like so:
"require": {
"company/packageA": "*",
"company/packageB": "1.2.3",
"company/packageC": "2.0.0"
}
It's package cherry picking on Satis
So if I understand correctly I need to add the private packages that are available in the specified private repository in the require key and their own dependencies will then install from Packagist?
Add require-dependencies - this tells Satis to mirror not only the packages specified in the "require" section, but also all their dependencies.
See https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#resolving-dependencies
Is it possible to have multiple packages resided in one defined repository or does every single package need their own repository url entry in Satis?
I think it's not possible to have multiple packages in one "type": "vcs" repository.
With "type": "composer" and a cloned packagist you can store multiple repos.
Think of http://drupal-composer.org with http://packagist.drupal-composer.org/.
{
"repositories": [
{ "type": "vcs", "url": "https://github.com/somewhere/packageA" },
{ "type": "composer", "url": "https://packagist.org" }
],
"require": {
"package/packageA": "somewhere-dev",
"phpunit/phpunit": "*"
},
"require-dependencies": true
}
Related
I've been a bit confused how Composer loads dependencies of a private repository project. I have found this link but I am not sure if this comment is referring to nested repositories or simply any dependency of a repository. To clarify my situation:
I have a private git repository that I am attempting to add as a dependency for a project.
The private git repository is also a composer project, which contains a composer.json which requires publicly available packages.
I have the following code in my composer.json for the project.
"repositories": [
{
"type": "package",
"package": {
"name": "{vendor}/{package-name}",
"version": "{arbitrary-version}",
"type": "package",
"source": {
"url": "git#github.com:{github-username}/{github-repository}.git",
"type": "git",
}
}
}
]
"require": {
"{vendor}/{package-name}": "^0.0.1"
}
So if I were to do composer update on the project after these changes it will successfully download my package from the private repository, but it does not trigger a check/update on the composer.json of the private repository - so no vendor folder is created and critical dependencies are not installed. The private repository composer.json is below:
{
"name": "{vendor}/{package-name}",
"description": "{removed}",
"type": "library",
"require": {
"illuminate/database": "^5.6",
"chumper/zipper": "1.0.x",
"symfony/debug": "^4.0",
"vlucas/phpdotenv": "^2.4"
},
}
So my question is, is what I want to do achievable with a private repository via composer and if so does anybody know where I am going wrong?
package type is for non-composer dependencies. If you use this type, Composer will not even look for composer.json file inside of defined package source, you need to include all required information about package inside of the package declaration in your project composer.json:
"repositories": [
{
"type": "package",
"package": {
"name": "{vendor}/{package-name}",
"description": "{removed}",
"type": "library",
"require": {
"illuminate/database": "^5.6",
"chumper/zipper": "1.0.x",
"symfony/debug": "^4.0",
"vlucas/phpdotenv": "^2.4"
},
"version": "{arbitrary-version}",
"source": {
"url": "git#github.com:{github-username}/{github-repository}.git",
"type": "git",
}
}
}
]
But in your case (you have a package with proper composer.json) you should use vcs type:
"repositories": [
{
"type": "git",
"url": "git#github.com:{github-username}/{github-repository}.git"
}
]
We've started to use Satis for a private composer repository.
All is going well - except something which we cannot figure out.
--
When we run the satis build - it generates the json and the zips to download.
Our config resembles something like
{
"name": "Premium Repositories",
"homepage": "https://some-website.com",
"require-all": false,
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:our-repo.git"
}
],
"archive": {
"directory": "dist"
}
}
The json it then generates contains something like
"some/package": {
"dev-master": {
"name": "some/package",
"version": "dev-master",
"version_normalized": "9999999-dev",
"source": {
"type": "git",
"url": "git#bitbucket.org:selesti/some-package.git",
"reference": "db0abb6a6983738d768b64684f82d178059b85b4"
},
"dist": {
"type": "zip",
"url": "https://some-domain/dist/some/package/some-package-dev-master-ec67bc.zip",
"reference": "db0abb6a6983738d768b64684f82d178059b85b4",
"shasum": "f04821a159f6f19ea6e5be8624d88f32b168e205"
},
"require": {
"magento/framework": ">=100.0.0",
"php": "~5.5.0|~5.6.0|>=7.0.0",
"some/core": ">=3.0.0"
},
"time": "2018-02-16T09:00:56+00:00",
"type": "magento2-module"
}
}
We can clearly see from this it contains both the zip and the source.
This seems to mean that when we run composer install it tries to install the source version first - which fails as it doesn't have read-access - then it falls back to the dist, which works.
Is this the natural behaviour of composer if there is a source field within the composer.lock ? - And if so, is it possible for satis to not generate the source object, so it automatically goes straight to the dist key?
Thanks
I'm not sure if you can exclude source repos from Satis output, but as an alternative, you can tell Composer to use dist repos by default with configuration similar to:
{
"config": {
"preferred-install": "dist"
}
}
You can also specify preferred-install config on package by package basis, as per docs:
{
"config": {
"preferred-install": {
"my-organization/stable-package": "dist",
"my-organization/*": "source",
"partner-organization/*": "auto",
"*": "dist"
}
}
}
I have two private repositories, let's call them RepoA and RepoB. RepoA is required by the RepoB and they are both private repos on gitlab with the port 620.
Here are the composer.json in both repo:
Repo A
{
"name": "namespace/repoA",
"description": "My repository A.",
"require": {
"php": ">=5.4"
}
}
Repo B
{
"name": "namespace/repoB",
"description": "My repository B.",
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoA.git"
}
],
"require": {
"namespace/repoA": "dev-master"
}
}
Now let's say I have a project (ProjectA), which I want to install RepoB.
Project A
{
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoB.git"
}
],
"require": {
"namespace/repoB": "dev-master"
}
}
However, when I run my composer install, I get the following error:
Problem 1
- Installation request for namespace/repoB dev-master -> satisfiable by namespace/repoB[dev-master].
- namespace/repoB dev-master requires namespace/repoA dev-master -> no matching package found.
I understand that it's unable to find the package since it's a private repository, but since it's inside the repositories of the repoB, why is it not fetching it?
I thought it would work if I added the repositories to the Project A:
{
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoA.git"
},
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoB.git"
}
],
"require": {
"namespace/repoB": "dev-master"
}
}
But it still does not work until I add it into my require of my Project Aas well:
{
"repositories": [
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoA.git"
},
{
"type": "vcs",
"url": "ssh://git#git.domain.com:620/namespace/repoB.git"
}
],
"require": {
"namespace/repoB": "dev-master",
"namespace/repoA": "dev-master"
}
}
Now my question is... How can I make composer install my repoA by specifying only my repoB?
You cannot and here is an explanation: Why can't Composer load repositories recursively?
I have composer.json on project:
{
"repositories": [
{
"type": "vcs",
"url": "git#git.test.ua:bmp/composer.git"
}
],
"require": {
"pack/composer": "dev-master"
},
"minimum-stability": "dev"
}
git#git.test.ua:bmp/composer.git - it's my repo, that containe next composer.json file:
{
"name": "pack/composer",
"repositories": [
{
"type": "vcs",
"url": "git#git.test.ua:components/curl.git"
}
],
"minimum-stability": "dev",
"require": {
"php": ">=5.4.0",
"pack/curl": "dev-master"
},
"autoload": {
"psr-4": {
"pack\\composer\\": ""
}
}
}
git#git.test.ua:components/curl.git - also my repo, that containe next composer.json file:
{
"name": "pack/curl",
"autoload": {
"psr-4": {
"pack\\curl\\": ""
}
},
"minimum-stability": "dev"
}
When I try to do composer install on my project, I receive next error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for pack/composer dev-master -> satisfiable by pack/composer[dev-master].
- pack/composer dev-master requires pack/curl dev-master -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
I already add param:
"minimum-stability": "dev"
If I remove require section from the seckond composer.json file the no error any more.
"pack/curl": "dev-master"
How fix it, I need this require?
Update:
{
"repositories": [
{"type": "vcs", "url": "https://git.test.ua/components/composer.git"},
{"type": "vcs", "url": "https://git.test.ua/components/curl.git"}
],
"require-dev": {
"pack/composer": "dev-master"
},
"minimum-stability": "dev"
}
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Installing pack/composer (dev-master 886d220)
Cloning 886d22082d4aa341731ebd87f280ee0f5a05fe37
Writing lock file
Generating autoload files
Update2 composer.lock file
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is #generated automatically"
],
"hash": "cc5c1fc7000544f6cfd9ba03a3ee4567",
"packages": [],
"packages-dev": [
{
"name": "pack/composer",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://git.test.ua/components/composer.git",
"reference": "886d22082d4aa341731ebd87f280ee0f5a05fe37"
},
"require-dev": {
"pack/curl": "dev-master"
},
"type": "library",
"autoload": {
"psr-4": {
"pack\\composer\\": ""
}
},
"time": "2015-04-24 07:13:31"
}
],
"aliases": [],
"minimum-stability": "dev",
"stability-flags": {
"pack/composer": 20
},
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": []
}
Composer does not browse repositories recursively, i.e. ALL repositories that may contain software have to be mentioned in the root composer.json file.
You don't mention the repository of the pack/curl package there, so Composer cannot find this package.
I assume that "pack" is the vendor name you added partially in your question, because the error message still mentions "shkarbatov" as the vendor name.
Best way to avoid having to add hundreds of personal repositories everywhere is to have a packagist-like Composer repo that is mentioned everywhere and contains the metadata of all code repositories. Have a look at Satis.
Update:
Now after seeing your composer.lock file, the situation is clear: You are NOT using require to add your packages, but require-dev. This is for development dependencies (like adding PHPUnit or stuff needed to develop the package) of the root package only - any dev dependencies of packages added to the root package are NOT installed.
Change the dependencies of packages you need for production use to require all levels!
I use a local repository ("depA") within my projects composer.json:
"repositories": [
{
"type": "package",
"package": {
"name": "marc/depA",
"version": "dev-master",
"source": {
"url": "/Users/Marc/Sites/depA",
"type": "git",
"reference": "develop"
}
}
}
],
"require": {
"marc/depA": "dev-master",
This works like a charm but it won't resolve dependencies from "depA". This means since "depA" requires "depB" (in composer.json of "depA") -> "depB" wont be installed.
Is this even possible with local packages?
Thanks,
Marc
You are defining the package inline so if you do it like this you must redefine all the requires etc inline as well. That's really not the best way to go at it. If it's a git repo and it has a composer.json you'd better use a vcs repository e.g.:
{
"repositories": [
{
"type": "vcs",
"url": "/Users/Marc/Sites/depA"
}
],
"require": {
"marc/depA": "dev-master",
}
}