Tuesday, January 18, 2022

[FIXED] How to provide access to a git repository that is used by Composer

      , , , ,      No comments   

Issue

To manage my libraries I use Composer, so I set the dependencies in composer.json and then add (ever in composer.json) the remote addresses of the private repositories where the code resides.

When running composer update/install I'm prompted with a request for the access keys to those private repository.

Now, I'm trying to deploy a Symfony 2 app to Heroku.

The problem arises when Heroku tries to download the packages from my private repositories: how can I provide to Heroku access to those repositories?

Here is a sample composer.json configuration:

"require": {
    "my/private-package": "~1.0",
},
"repositories": [
    {
        "type": "git",
        "url": "https://Aerendir@bitbucket.org/Aerendir/private-package"
    }
]

This configuration is explained in the Composer Documentation (it works also without Satis, except for the "problem" with Heroku :) - or other cloud hosting I think).

There, about athentication, is explained:

Note that if your private packages are hosted on GitHub, your server should have an ssh key that gives it access to those packages, and then you should add the --no-interaction (or -n) flag to the command to make sure it falls back to ssh key authentication instead of prompting for a password. This is also a good trick for continuous integration servers.

Now, the questions are 2:

  1. BitBucket has deployment keys but I can also set a SSH key.
  2. What about Heroku SSH keys?

So, how can i give to Heroku access to my private repositories on BitBucket? How can I download private repositories hosted on BitBucket from the composer install command that Heroku does on deploying?


Solution

The correct answer is using COMPOSER_AUTH as an environment variable set directly in Heroku dashboard.

The value of the variable should be something like this:

{
   "http-basic":{
      "bitbucket.org":{
         "username":"hello@aerendir.me",
         "password":"y0UrH4rdT0Gu3sSp4SsW0rd"
      }
   }
}

If set, Composer will read it and use its value to connect to BitBucket.

This is the correct approach as it is secure and doesn't force you to make your passwords going around in the web through the various services you use (or will use) to build and deploy your app.

References:

COMPOSER_AUTH



Answered By - Aerendir

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...