Composer private repos
How to access private composer repositories during git deployment.
# What are private Composer packages?
Modern PHP app development utilizes Composer as a dependency manager. There are many great open source packages out there. But your company code is probably not intended to be released to the public or you rely on a third party package which is not open source. That's when you use private Composer repositories.
# Hosting private Composer repos
Private composer repos can be hosted.
- Private GitHub repos
- Self hosted Satis like service such as Packeton
- Packagist.com - commercial by makers of Composer with
- Repman.io - by Buddy.works
# A - Using SSH Keys
Alternatively you can limit access to a specific SSH keys. To use your private Composer repo in Git deployment you need to set up authentication so your fortrabbit app can access your external repo (probably hosted on GitHub). For this you need a public and private SSH key-pair.
The private key will be stored in the deployment environment of your App that composer can use it but nobody else. The command shows the public key, in the example is starting with ssh-rsa AAA... and ending with ..odTimp. You can now install the key in your private Git repository. You can re-run this command at any time to view or change the current key of your app.
# B - Using oAuth or HTTP Basic Auth
In the script below we generate a global auth.json file that contains credentials to access a GitHub repo using oAuth, and another private repo which is protected with Basic HTTP auth, in our example Laravel Nova. This is just for the sake of demonstration, you will probably need to adjust it to your needs.
Since you don't want to keep secrets in your git history, you can store them in ENV vars.
// Github token example if ($github_oauth = getenv("GH_TOKEN")) { echo "Configure auth for github-oauth.github.com" . PHP_EOL; shell_exec("/usr/local/bin/composer config --global github-oauth.github.com {$github_oauth}"); } // HTTP basic auth example if (getenv("NOVA_USER") && getenv("NOVA_PASS")) { $nova_username = getenv("NOVA_USER"); $nova_password = getenv("NOVA_PASS"); echo "Configure auth for http-basic.nova.laravel.com" . PHP_EOL; shell_exec("/usr/local/bin/composer config --global http-basic.nova.laravel.com {$nova_username} {$nova_password}"); }add-auth.phpphp
Additionally, you need to set the COMPOSER_HOME env var and the env vars you use in the script in the dashboard:
COMPOSER_HOME=/tmp/.composer GH_TOKEN= ...yaml
After deploying the two files you are set to access your private repos.
# Link your private repo
Now you can add your private repositories to your composer.json file as usual:
{ "repositories": [ { "type": "vcs", "url": "git@github.com:my-company/my-package.git" } ], "require": { "my-company/my-package": "^1.2.3" } }json
Found a tpyo?Edit