Code Monkey home page Code Monkey logo

private-composer-installer's Introduction

private-composer-installer

Packagist version MIT license Build Status Coverage Status Packagist downloads

This is a Composer plugin offering a way to reference private package URLs within composer.json and composer.lock. It outsources sensitive dist URL parts (license keys, tokens) into environment variables or a .env file typically ignored by version control. This is especially useful when you can't use Private Packagist or Basic HTTP Auth because the source of a package is not in your control. This repository is inspired by acf-pro-installer.

Quick overview

  • This plugin is compatible with both Composer 2.x (latest) and 1.x.
  • When installing or updating a package, the dist URL {%VERSION} placeholder gets replaced by the version set in the package. In Composer 1 the dist URL version gets fulfilled before it is added to composer.lock.
  • Before downloading the package, {%VARIABLE} formatted placeholders get replaced by their corresponding environment variables in the dist URL. Env vars will never be stored inside composer.lock.
  • If an environment variable is not available for the given placeholder the plugin trys to read it from the .env file in the working directory or in one of the parent directories. The .env file gets parsed by vlucas/phpdotenv.
  • If an environment variable can't be resolved a MissingEnvException gets thrown.
  • Package dist URLs with no {%VARIABLE} formatted placeholders get ignored by this plugin.

Examples

Arbitrary private packages

Add the desired private package to the repositories field inside composer.json. Find more about Composer repositories in the Composer documentation. Specify the exact version to install, and use {%VARIABLE} placeholders to specify any sensitive tokens in your .env file.

{
  "type": "package",
  "package": {
    "name": "package-name/package-name",
    "version": "REPLACE_WITH_LATEST_PACKAGE_VERSION",
    "dist": {
      "type": "zip",
      "url": "https://example.com/package-name.zip?key={%PACKAGE_KEY}&version={%VERSION}"
    },
    "require": {
      "ffraenz/private-composer-installer": "^5.0"
    }
  }
}

Provide the private package dist URL inside the .env file:

PACKAGE_KEY=pleasedontusethiskey

Let Composer require the private package:

composer require "package-name/package-name:*"

WordPress plugins

WordPress plugins can be installed using the package type wordpress-plugin in conjunction with the composer/installers installer. In this example we are installing the ACF Pro plugin. Add following entry to the repositories field inside composer.json and set the desired ACF Pro version.

{
  "type": "package",
  "package": {
    "name": "advanced-custom-fields/advanced-custom-fields-pro",
    "version": "REPLACE_WITH_LATEST_ACF_VERSION",
    "type": "wordpress-plugin",
    "dist": {
      "type": "zip",
      "url": "https://connect.advancedcustomfields.com/index.php?a=download&p=pro&k={%PLUGIN_ACF_KEY}&t={%VERSION}"
    },
    "require": {
      "composer/installers": "^1.4",
      "ffraenz/private-composer-installer": "^5.0"
    }
  }
}

Provide the ACF Pro key inside the .env file. To get this key, login to your ACF account and scroll down to 'Licenses & Downloads'.

PLUGIN_ACF_KEY=pleasedontusethiskey

Let Composer require ACF Pro:

composer require "advanced-custom-fields/advanced-custom-fields-pro:*"

Configuration

The configuration options listed below may be added to the root configuration in composer.json like so:

{
  "name": "...",
  "description": "...",
  "require": {
  },
  "extra": {
    "private-composer-installer": {
      "dotenv-path": ".",
      "dotenv-name": ".env"
    }
  }
}

dotenv-path

Dotenv file directory relative to the root package (where composer.json is located). By default dotenv files are expected to be in the root package folder or in any of the parent folders.

dotenv-name

Dotenv file name. Defaults to .env.

Dependencies

This package heavily depends on vlucas/phpdotenv to load environment variables "automagically". This may cause version conflicts if your project already depends on it. Refer to this table to set the version of private-composer-installer accordingly or consider upgrading.

vlucas/phpdotenv private-composer-installer
^4.1, ^5.2 ^5.0
^4.0 ^4.0
^3.0 ^3.0, ^2.0
^2.2 ^1.0

Development

Install Composer dependencies:

docker-compose run --rm composer composer install

Before pushing changes to the repository run tests and check coding standards using following command:

docker-compose run --rm composer composer test

This is a project by Fränz Friederes and contributors

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.