repman-io / repman Goto Github PK

View Code? Open in Web Editor NEW

504.0 12.0 100.0 2.25 MB

Repman - PHP Repository Manager: packagist proxy and host for private packages

Home Page: https://repman.io

License: MIT License

PHP 82.93% Dockerfile 0.10% Shell 0.11% JavaScript 0.16% Twig 9.92% Jinja 6.78%

php composer packagist-mirror packagist repository-management packagist-proxy hacktoberfest private-packagist

repman's Introduction

Repman - PHP Repository Manager

Repman is a PHP repository manager. Main features:

free and open source
works as a proxy for packagist.org (speeds up your local builds)
hosts your private packages
allows to create individual access tokens
supports private package import from GitHub, GitLab and Bitbucket with one click
REST API
security scanner (with e-mail reports)

Documentation: https://repman.io/docs/

Requirements

PHP >= 7.4
PostgreSQL 11
var dir must be writeable
any web server

Installation

Docker

https://repman.io/docs/standalone/#docker-installation

Ansible

https://repman.io/docs/standalone/#ansible-playbooks-installation

Manual

git clone [email protected]:repman-io/repman.git
cd repman
composer install

Setup database:

bin/console doctrine:migrations:migrate #for postgres
bin/console doctrine:schema:create #for sqlite init as migrations are only postgres-compatible
bin/console messenger:setup-transports

Configuration

Mailer

To configure mailer transport, enter connection details in the MAILER_DSN environment variable

MAILER_DSN=smtp://user:[email protected]

Workers

To process messages asynchronously you must run worker:

bin/console messenger:consume async

Usage

Navigate your browser to instance address, you will see home page with usage instructions.

Local proxy

On dev env you may want to enable proxy to allow to create subdomains and tests composer organizations:

composer proxy-setup

This will create repman.wip domain. Then you can add other domains with:

symfony proxy:domain:attach your-organization.repman

CLI commands

bin/console repman:metadata:clear-cache - clear packages metadata cache (json files)
bin/console repman:create:admin <email> [<password>] - create a new user with admin privileges
bin/console repman:create:user <email> [<password>] - create a new (normal) user
bin/console repman:proxy:sync-releases - sync proxy releases with packagist.org
bin/console repman:security:scan-all - scan all synchronized packages
bin/console repman:security:update-db - update security advisories database, scan all packages if updated
bin/console repman:package:synchronize <packageId> - synchronize given package
bin/console repman:package:clear-old-dists - clear old private dev distributions files

API Integration

Callbacks:

/auth/{provider}/check
/register/{provider}/check
/user/token/{provider}/check

GitHub

Scopes:

registration: user:email
repositories: read:org, repo

GitLab

Scopes:

registration: read_user
repositories: api

Bitbucket

Scopes:

registration: email
repositories: repository, webhook

Self-hosted GitLab

To integrate with self-hosted GitLab, enter the instance url in the APP_GITLAB_API_URL environment variable

APP_GITLAB_API_URL='https://gitlab.organization.lan'

Docker

Override with docker-compose.override.yml if needed.
Set your domain (APP_HOST) in .env.docker.

If you wish to use your own certificate put key and certificate in:

docker/nginx/ssl/private/server.key
docker/nginx/ssl/certs/server.crt

Otherwise self-sign certificate will be generated.

To start all containers run:

docker-compose up

Support

In case of any problems, you can use:

Our documentation: repman.io/docs - it is also open sourced github.com/repman-io/repman-docs-pages
GitHub issue list: github.com/repman-io/repman/issues - feel free to create a new issue there
E-mail: contact [at] repman.io

License

The Repman project is licensed under the terms of the MIT.

However, Repman includes several third-party Open-Source libraries, which are licensed under their own respective Open-Source licenses.

Libraries or projects directly included in Repman

Tabler: MIT
Feather: MIT
Lucide: License: ISC
Postmark Transactional Email Templates: MIT
Libraries dynamically referenced via Composer: run composer license to get the latest licensing info about all dependencies.

made with ❤️ by Buddy

repman's People

Contributors

Stargazers

Watchers

Forkers

akondas leesaferite dimaminka sztwiorok czuli sadortun inelo newera-systems emodric chris6578 code-watch karniv00l chronograph jeroeny igordepaula jfcalcerrada bash-stack lets-talk-nl sa-tasche pavog da-vinci-studio marmichalski namlee135 ketchliu ahmed-bhs ericek111 ediboko1980 pedro-stanaka mostafasoufi tiagosampaio teledor jmalinens noniagriconomie yell0ws open-source-contributions nahanil giggsey vidyli videni kswzr ramonsilva20 kotak-sampah jecklabs machii28 ehlers-work efrane shemgp devel-mf thomasboom89 brightwang alamirault xvilo bartluk dheineman anebi blmage bitexpert-forks mihaileu ninepointsvietnam danil42russia evilkoteg unique44 nikkuang 94noni hdw-werbeagentur adrianoaguiar adition azakhozhiy nerd4ever icrewsystemsofficial with1154 atypiccraft sstraakenbroek hunken marickvantuil xuandung38 cloudynes jinxipay paynl-peter zek triggerfishab evelinszabados mikk150 slappyslap ymorocutti naugrimm highlinecollegeits mobilefuse khoazero123 nekic misterunknown mickaelca zimmo-be aztecweb matushd justcoded worldbittoken alex-its dexit

repman's Issues

private repositories from custom gitlab pulled without auth ( fails with 401)

When trying to add a package from own gitlab :

the names of the repositories are listed (API)
but when repman tries to sync , it requests "upload-package" , without user credentials ( aka anonymous pull)
Gitlab Response is 401

→ using a git https://username:[email protected]:123/path/to/repo.git URL as workaround

GitLab Log Output

 Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"mygroup", "repository_id"=>"hereistherepo.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 23ms

APP_GITLAB_API_URL=https://myotherdomain.tld:8443 not working

set the env URL , but it keeps redirecting to gitlab.com

The checksum verification of the file failed

Hello,

can you shed some light on this issue. I am not entirely sure if this is a local setup issue.
I added your packagist.org repo as per instructions.
The repo was added to composer, as per instructions, and packagist disabled

"repositories": {
        "0": {
            "type": "composer",
            "url": "https://repo.magento.com/"
        },
        "dev": {
            "type": "path",
            "url": "./vendor-repo/*/*",
            "options": {
                "symlink": true
            }
        },
        "repman": {
            "type": "composer",
            "url": "https://repo.repman.io"
        },
        "packagist": false
    },

From that moment, ll packages fail to install, due to checksum error:

Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/symfony/console/4.1.12.0/9e87c798f67dc9fceeb4f3d57847b52d945d1a02.zip))Downloading (100%)         
  - Installing monolog/monolog (1.25.3): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/monolog/monolog/1.25.3.0/fa82921994db851a8becaf3787a9e73c5976b6f1.zip))Downloading (100%)         
  - Installing magento/zendframework1 (1.14.3): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/magento/zendframework1/1.14.3.0/726855dfb080089dc7bc7b016624129f8e7bc4e5.zip))Downloading (100%)         
  - Installing symfony/polyfill-php72 (v1.15.0): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/symfony/polyfill-php72/1.15.0.0/37b0976c78b94856543260ce09b460a7bc852747.zip))Downloading (100%)         
  - Installing symfony/polyfill-intl-idn (v1.15.0): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/symfony/polyfill-intl-idn/1.15.0.0/47bd6aa45beb1cd7c6a16b7d1810133b728bdfcf.zip))Downloading (100%)         
  - Installing ralouphie/getallheaders (3.0.3): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/ralouphie/getallheaders/3.0.3.0/120b605dfeb996808c31b6477290a714d356e822.zip))Downloading (100%)         
  - Installing guzzlehttp/psr7 (1.6.1): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/guzzlehttp/psr7/1.6.1.0/239400de7a173fe9901b9ac7c06497751f00727a.zip))Downloading (100%)         
  - Installing guzzlehttp/promises (v1.3.1): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/guzzlehttp/promises/1.3.1.0/a59da6cf61d80060647ff4d3eb2c03a2bc694646.zip))Downloading (connecting...)^C

If I remove all the repman stuff, it works fine, direct from packagist

✔ /vagrant/sites/magento2 [master|✚ 1…2] 
03:52 $ composer global remove repman-io/composer-plugin
Changed current directory to /home/vagrant/.composer
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 0 updates, 1 removal
  - Removing repman-io/composer-plugin (0.1.3)
Writing lock file
Generating autoload files
✔ /vagrant/sites/magento2 [master|✚ 1…2] 
03:53 $

Support for AD integration

Hi!

I think AD integration for user authentication would be a blast for most companies.
Do you plan such feature? Maybe it's possible to support you somehow in realization?

Best, Maciej

Error while installing self-hosted version

Ubuntu 19.10

username@host:~/projects/repman$ git clone https://github.com/repman-io/repman.git .
Cloning into '.'...
remote: Enumerating objects: 48, done.
remote: Counting objects: 100% (48/48), done.
remote: Compressing objects: 100% (39/39), done.
remote: Total 4520 (delta 11), reused 34 (delta 5), pack-reused 4472
Receiving objects: 100% (4520/4520), 987.59 KiB | 2.23 MiB/s, done.
Resolving deltas: 100% (2766/2766), done.
username@host:~/projects/repman$ docker-compose up
Creating network "repman_default" with the default driver
Creating volume "repman_app-var" with local driver
Creating volume "repman_app-public" with local driver
Creating volume "repman_docker-nginx-scripts" with local driver
Creating volume "repman_postgres-data" with default driver
Creating volume "repman_docker-nginx-ssl-private" with local driver
Creating volume "repman_docker-nginx-ssl-certs" with local driver
Creating volume "repman_docker-logs-nginx" with local driver
Pulling database (postgres:11.7-alpine)...
11.7-alpine: Pulling from library/postgres
cbdbe7a5bc2a: Pull complete
b52a8a2ca21a: Pull complete
e36a19831e31: Pull complete
f1aa26821845: Pull complete
412d098142b4: Pull complete
75d5ef10726d: Pull complete
ae3b5a8bbf62: Pull complete
e2f290791a5c: Pull complete
187b81308ed8: Pull complete
Pulling app (buddy/repman:0.1.1)...
0.1.1: Pulling from buddy/repman
aad63a933944: Pull complete
b61c449d5d91: Pull complete
3fde16e1397a: Pull complete
b1096698ab2a: Pull complete
96de990b7ad3: Pull complete
c280bfe25221: Pull complete
02be9679a029: Pull complete
01973f657634: Pull complete
75924d0578e0: Pull complete
7545938f30ed: Pull complete
789a97918005: Pull complete
084f29a924ef: Pull complete
3c7171c98fdf: Pull complete
2240a4e43a84: Pull complete
61e6336f9487: Pull complete
35b4698e1d5f: Pull complete
Pulling cron (buddy/repman:0.1.1)...
0.1.1: Pulling from buddy/repman
Pulling nginx (nginx:1.17-alpine)...
1.17-alpine: Pulling from library/nginx
cbdbe7a5bc2a: Already exists
c554c602ff32: Pull complete
Pulling mailhog (mailhog/mailhog:)...
latest: Pulling from mailhog/mailhog
d6a5679aa3cf: Pull complete
a1300bbb94d5: Pull complete
0f03c49950cb: Pull complete
b96c5d9bff5f: Pull complete
Creating repman_mailhog_1  ... done
Creating repman_database_1 ... done
Creating repman_app_1      ... error

ERROR: for repman_app_1  Cannot start service app: error while mounting volume '/var/snap/docker/common/var-lib-docker/volumes/repman_app-var/_data': failed to mount local volume: mount /home/username/projects/repman/var:/var/snap/docker/common/var-lib-docker/volumes/repman_app-var/_data, flags: 0x1000: no such file or directory

ERROR: for app  Cannot start service app: error while mounting volume '/var/snap/docker/common/var-lib-docker/volumes/repman_app-var/_data': failed to mount local volume: mount /home/username/projects/repman/var:/var/snap/docker/common/var-lib-docker/volumes/repman_app-var/_data, flags: 0x1000: no such file or directory
ERROR: Encountered errors while bringing up the project.

Preventing orphan organization

Addition to #56

remove last owner
change role to member of last owner

Create regular user from CLI (command)

Circumstances:

custom gitlab
disabled user registration to prevent spam

→ currently creating new users from cli as admin and dropping their rights , unsuitable for serious deployments

suggestions:

add bin/console repman:create:user command to add regular user
add web-gui option "only allow account creation from gitlab/github/providerXYZ" when there are ONLY gitlab/github/providerXYZ users

[Feature request] In stats, display cache hits / cache miss

Hi !

It would be very interesting to see in the statistics how many cache hits versus cache miss.

Have a good day !

Proxy support for other official repositories

Theoretically, we could support other official repositories, such as for example:

https://wpackagist.org/

Repman behind proxy

In https://github.com/repman-io/repman/blob/master/src/Controller/ProxyController.php#L34, The URL generated do not use APP_URL_SCHEME and APP_HOST

This have for effect in the situation where repman is behind a proxy that handle SSL (k8s Cert-manager Ingress), the router sees incoming request as HTTP instead of HTTPS.

There is two solution to that:

Using APP_HOST and APP_URL_SCHEME to generete the URLs instead of $this->generateUrl('index', [], RouterInterface::ABSOLUTE_URL)
Tell the router that we are indeed using SSL

 public/index.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/index.php b/public/index.php
index 6eddf35..04d4b95 100644
--- a/public/index.php
+++ b/public/index.php
@@ -6,6 +6,11 @@ use Symfony\Component\HttpFoundation\Request;

 require dirname(__DIR__).'/config/bootstrap.php';

+// If we are behing a load-balancer that takes care of HTTPS, we need to set the right headers
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+    $_SERVER['HTTPS'] = 'on';
+}
+
 if ($_SERVER['APP_DEBUG']) {
     umask(0000);

Proxy through organisation (proxy with auth tokens)

Would it be possible to proxy to Packagist through an organisation? At the moment, it seems that is only possible through the main domain.

The organisation instructions say to add the organisation repo, but then you need to go to the proxy instructions to add a different repository for the main proxy repo.

Our use case is to keep all traffic for composer packages going through a central location.

Could be as simple as adding the proxy instructions onto the organisation view, so it says:

{
    "repositories": [
        {"type": "composer", "url": "https://giggsey-test.repo.repman.io"},
        {"type": "composer", "url": "https://repo.repman.io"},
        {"packagist": false}
    ]
}

Add user to organization

Hi !

I am not sure if i am missing something, but is there a way to add other users to an organization ?

Thanks,
Samuel

custom gitlab still no syncing

#158 followup ...

the first entry is https://username:token , worked ,
custom gitlab entries get stuck ( and yes bin/console messenger:consume async is running )

Logs:

{"time":"2020-05-19T19:23:34.667Z","severity":"INFO","duration":234.94,"db":21.03,"view":213.91,"status":200,"method":"GET","path":"/api/v4/projects","params":[{"key":"simple","value":"true"},{"key":"order_by","value":"last_activity_at"},{"key":"owned","value":"true"}],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects","user_id":23,"username":"someuser","queue_duration":21.02,"gitaly_calls":1,"gitaly_duration":4.54,"correlation_id":"U7pPs8VDRH5"}
{"time":"2020-05-19T19:23:34.853Z","severity":"INFO","duration":149.55,"db":12.67,"view":136.88000000000002,"status":200,"method":"GET","path":"/api/v4/projects","params":[{"key":"membership","value":"false"},{"key":"order_by","value":"last_activity_at"},{"key":"owned","value":"true"},{"key":"page","value":"2"},{"key":"per_page","value":"20"},{"key":"simple","value":"true"},{"key":"sort","value":"desc"},{"key":"starred","value":"false"},{"key":"statistics","value":"false"},{"key":"with_custom_attributes","value":"false"},{"key":"with_issues_enabled","value":"false"},{"key":"with_merge_requests_enabled","value":"false"}],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects","user_id":23,"username":"someuser","queue_duration":23.96,"gitaly_calls":2,"gitaly_duration":12.32,"correlation_id":"ppcecS9JOB3"}
Started GET "/api/v4/projects?simple=true&order_by=last_activity_at&owned=true" for 0.0.0.0 at 2020-05-19 21:23:34 +0200
Started GET "/api/v4/projects?membership=false&order_by=last_activity_at&owned=true&page=2&per_page=20&simple=true&sort=desc&starred=false&statistics=false&with_custom_attributes=false&with_issues_enabled=false&with_merge_requests_enabled=false" for 0.0.0.0 at 2020-05-19 21:23:34 +0200
Started GET "/api/v4/projects?simple=true&order_by=last_activity_at&membership=true" for 0.0.0.0 at 2020-05-19 21:23:34 +0200
0.0.0.0 - - [19/May/2020:21:23:34 +0200] "GET /api/v4/projects?simple=true&order_by=last_activity_at&owned=true HTTP/2.0" 200 2347 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"
0.0.0.0 - - [19/May/2020:21:23:34 +0200] "GET /api/v4/projects?membership=false&order_by=last_activity_at&owned=true&page=2&per_page=20&simple=true&sort=desc&starred=false&statistics=false&with_custom_attributes=false&with_issues_enabled=false&with_merge_requests_enabled=false HTTP/2.0" 200 1786 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"
{"time":"2020-05-19T19:23:35.043Z","severity":"INFO","duration":167.44,"db":12.04,"view":155.4,"status":200,"method":"GET","path":"/api/v4/projects","params":[{"key":"simple","value":"true"},{"key":"order_by","value":"last_activity_at"},{"key":"membership","value":"true"}],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects","user_id":23,"username":"someuser","queue_duration":13.93,"gitaly_calls":1,"gitaly_duration":4.41,"correlation_id":"d4nM4bsioW2"}
{"time":"2020-05-19T19:23:35.476Z","severity":"INFO","duration":398.42,"db":10.77,"view":387.65000000000003,"status":200,"method":"GET","path":"/api/v4/projects","params":[{"key":"membership","value":"true"},{"key":"order_by","value":"last_activity_at"},{"key":"owned","value":"false"},{"key":"page","value":"2"},{"key":"per_page","value":"20"},{"key":"simple","value":"true"},{"key":"sort","value":"desc"},{"key":"starred","value":"false"},{"key":"statistics","value":"false"},{"key":"with_custom_attributes","value":"false"},{"key":"with_issues_enabled","value":"false"},{"key":"with_merge_requests_enabled","value":"false"}],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects","user_id":23,"username":"someuser","queue_duration":26.82,"gitaly_calls":2,"gitaly_duration":10.08,"correlation_id":"Bm2ICu7Fht7"}
Started GET "/api/v4/projects?membership=true&order_by=last_activity_at&owned=false&page=2&per_page=20&simple=true&sort=desc&starred=false&statistics=false&with_custom_attributes=false&with_issues_enabled=false&with_merge_requests_enabled=false" for 0.0.0.0 at 2020-05-19 21:23:35 +0200
0.0.0.0 - - [19/May/2020:21:23:35 +0200] "GET /api/v4/projects?simple=true&order_by=last_activity_at&membership=true HTTP/2.0" 200 2630 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"
0.0.0.0 - - [19/May/2020:21:23:35 +0200] "GET /api/v4/projects?membership=true&order_by=last_activity_at&owned=false&page=2&per_page=20&simple=true&sort=desc&starred=false&statistics=false&with_custom_attributes=false&with_issues_enabled=false&with_merge_requests_enabled=false HTTP/2.0" 200 2304 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"
{"time":"2020-05-19T19:23:36.869Z","severity":"INFO","duration":16.15,"db":3.11,"view":13.04,"status":200,"method":"GET","path":"/api/v4/projects/162/hooks","params":[],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects/:id/hooks","user_id":23,"username":"someuser","queue_duration":12.03,"correlation_id":"juHkkUtLjS8"}
{"time":"2020-05-19T19:23:36.936Z","severity":"INFO","duration":32.77,"db":5.28,"view":27.490000000000002,"status":201,"method":"POST","path":"/api/v4/projects/162/hooks","params":[{"key":"push_events","value":"1"},{"key":"tag_push_events","value":"1"},{"key":"url","value":"https://repman.some.where.else/hook/82d60d69-edb7-434b-8f35-d60fb5326e85"}],"host":"somegitlab.tld","remote_ip":"0.0.0.0, 0.0.0.0","ua":"php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)","route":"/api/:version/projects/:id/hooks","user_id":23,"username":"someuser","queue_duration":13.79,"correlation_id":"g7KNez7wdk3"}
Started GET "/api/v4/projects/162/hooks" for 0.0.0.0 at 2020-05-19 21:23:36 +0200
Started POST "/api/v4/projects/162/hooks" for 0.0.0.0 at 2020-05-19 21:23:36 +0200
0.0.0.0 - - [19/May/2020:21:23:36 +0200] "GET /api/v4/projects/162/hooks HTTP/2.0" 200 2 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"
0.0.0.0 - - [19/May/2020:21:23:36 +0200] "POST /api/v4/projects/162/hooks HTTP/2.0" 201 492 "" "php-gitlab-api (http://github.com/m4tthumphrey/php-gitlab-api)"

Containers app and consumer constantly failing when APP_HOST is changed

Hi guys,

I don't know if it is only me, but when I change the APP_HOST to something different than repman.wip I constantly get
this error:

Thanks

do ssh keycan or disable strict host verification during checkout

as suggested , git checkout from custom gitlab / git url was tried ,

repman still uses /root/ directory , chown /chgrp was necessary to make it work
synchronization Error :

Error: Failed to execute git clone --mirror '[email protected]/path/to/repo.git' '/root/.composer/cache/vcs/my-gitlab-group-path.git/'

Cloning into bare repository '/root/.composer/cache/vcs/my-gitlab-group-path.git'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

MySQL as persistent storage

Hi,

In your requirements you mentioned PostgreSQL 11, will this project work with Mysql ?

Thanks,
Samuel

repman uses /root/.composer/cache/ for checkout

even when running as www-data ( also installed as www-data) , git version uses /root/.composer/cache/

Composer V2 support for providers-api

Some minor changes are needed:

proxy support for metadata-url (this is done in #100, thanks to @sadortun)
proxy support for providers-api (optional)
repo support for metadata-url
repo support for providers-api (optional)

Possible impact on composer funding

If I understand this correctly, offering a similar service to private packagist for free will likely reduce the revenue of private packagist. By doing this, the fundings available to the composer project will go down. How does having this service free help support composer and packagist?

Should add array_values here to prevent the serialized value to transform into json object 🤷

Originally posted by @marmichalski in #49

PLEASEDELETETHIS:do ssh keycan or disable strict host verification during checkout:PLEASEDELETETHIS

as suggested , git checkout from custom gitlab / git url was tried ,

repman still uses /root/ directory , chown /chgrp was necessary to make it work
synchronization Error :

Error: Failed to execute git clone --mirror '[email protected]/path/to/repo.git' '/root/.composer/cache/vcs/my-gitlab-group-path.git/'

Cloning into bare repository '/root/.composer/cache/vcs/my-gitlab-group-path.git'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

/login not found + There are no commands defined in the "proxy:domain" namespace.

after manual install , and migrations , at the proxy-setup step:

There are no commands defined in the "proxy:domain" namespace.

Also the / page redirects to /login and this gives a 404

Just wanted to say awesome work

Hey guys

Ok this isn't an issue, but just wanted to say this is a game changer for PHP devs. I've spread the word in the WordPress community so hopefully you'll see a bunch of new users soon.

Keep up the great work and thanks for making this open source.

How create default admin user

How I can create local admin user for self-hosted install?

404 when downloading zip

When installing, I get the following error:

Installing companyname/packagename (dev-feature/skip-triggers 089c4aa): Downloading (failed) Failed, trying the next URL (404: The "https://companyname.repo.repman.io/dists/companyname/packagename/b9073f99786cfba24db9854fc115c959/089c4aa941b8c68b073dbc39b20fca32016ac70c.zip" file could not be downloaded (HTTP/1.1 404 Not Found)) Loading from cache

What might be going wrong here? The package is fully synced up, I added the token to my composer and added the repositories section to my composer.json.

Add help modal when fetching repo from providers

This will help people to understand it better, here is nice example:

Support for self-hosted GitLab

Hi!

I have another feature request.
Could you add a possibility to setup GitLab URL, so I could use private, self hosted GitLab instance istead of gitlab.com?
It could be configured by .env variable, nothing funcy needed.
Thanks in advance!

Best, Maciej

[Feature request] Support for OpenID Connect

Support for OpenID Connect

Weak Password Check

The password reset dialog ( and the console command ) allow weak passwords like abc123

Organization members

Currently, the organization has only the owner - the user who created it.

Members - will give the opportunity to manage people in the organization, send invitations and remove them.

Features:

invite by e-mail
two manage scope: member, admin

Package synchronization stuck

Hi !

I've added a package from a repository where Repman do not have access, and the sync is stuck, and there is no way to delete the package.

Have a good day,
Samuel

repman-io/composer-plugin causes The checksum verification of the file failed

Hello,

So here is the situation:

I am running a composer.json with the following repositories setup.
Take note that repo.repman.io is not directly part of my wanted list of repos.
That is intentional. There is a custom private repo.

"repositories": {
        "0": {
            "type": "path",
            "url": "./vendor-repo/*/*",
            "options": {
                "symlink": true
            }
        },
        "1": {
            "type": "composer",
            "url": "http://satis.example.com:8181"
        },
        "2": {
            "type": "composer",
            "url": "https://private.repo.repman.io"
        },
        "packagist.org": false,
        "data-migration-tool": {
            "type": "git",
            "url": "https://github.com/magento/data-migration-tool"
        }
    },

Your package manager plugin is installed at this point.
This is running in a clean folder. This is the first time composer is run, and there is no lock file.

Loading composer repositories with package information
Updating dependencies (including require-dev)         
Package operations: 507 installs, 0 updates, 0 removals
  - Installing magento/zendframework1 (1.14.3): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/magento/zendframework1/1.14.3.0/726855dfb080089dc7bc7b016624129f8e7bc4e5.zip))Downloading (100%)         
  - Installing laminas/laminas-zendframework-bridge (1.0.3): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/laminas/laminas-zendframework-bridge/1.0.3.0/bfbbdb6c998d50dbf69d2187cb78a5f1fa36e1e9.zip))Downloading (100%)         
  - Installing laminas/laminas-stdlib (3.2.1): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/laminas/laminas-stdlib/3.2.1.0/2b18347625a2f06a1a485acfbc870f699dbe51c6.zip))Downloading (100%)         
  - Installing container-interop/container-interop (1.2.0): Downloading (100%)         
 Failed, trying the next URL (0: The checksum verification of the file failed (downloaded from https://repo.repman.io/dists/container-interop/container-interop/1.2.0.0/79cbf1341c22ec75643d841642dd5d6acd83bdb8.zip))Downloading (100%)         
  - Installing laminas/laminas-validator (2.13.4): Downloading (connecting...)^C

and continues as above example

I took note that these are pointing to repo.repman.io
I removed your composer plugin:

02:21 $ composer global remove repman-io/composer-plugin
Changed current directory to /home/vagrant/.composer
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 0 updates, 1 removal
  - Removing repman-io/composer-plugin (0.1.3)
Writing lock file
Generating autoload files

after which the same composer install/update commands work.

The satis.example.com:8181 repo is 100% satis composer repo, which is a mirror for packages we use in the site (magento2)

[Feature Request] Automatically pull in new packages

I am currently running a Satis server that I've modded a little - there's a pipeline in our Buddy server (heh) that regularly scans all projects in the GitHub org, checks whether there's a composer.json file in there and the type field is set to library. All found repositories are then added to the registry.
Now that was a very crude, "get it done quick" solution - obviously having webhooks in place would be way better.

Having things set up this way would allow a seamless integration with the git provider: Any composer project on GitHub can naturally be installed from the package repository.

Packages from git with ssh

I want to add packages from an internal git repository with ssh, so I tried to add an ssh key to the app container and also set the GIT_SSH_COMMAND env variable in .env.docker.

But then I recognized that the ssh binary is missing in the container as well. Do you have this feature on your roadmap or any plans to support repositories via ssh?

Database initialization

Hi!

Could you please add in the readme instruction on how to initialize the database ?

Seems that

bin/console doctrine:migrations:migrate
is not enough

I receive the following exception when creating packages

SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "messenger_messages" does not exist LINE 1: INSERT INTO messenger_messages (body, headers, queue_name, c... ^

Security scanner

This feature will allow you to scan (sensiolabs/security-checker) downloaded packages and display the scan results in the package list.

the latest package will always be scanned
it will be possible to run the scanner again for the selected package
each package will have a scan history
if possible we will add a warning for composer to display a relevant warning for the end user

Checksum verification failed, 404

composer install fails due to errors with packages hosted on repman.io. The log shows the following:

  - Installing messengerpeople/specification-database (v1.1.1): Downloading
 Failed, trying the next URL (404: The "https://ourhandle.repo.repman.io/dists/ourhandle/packagename/1.1.1.0/a8b7d5c6d095fb50e07fc5e420f45164513902ca.tar" file could not be downloaded (HTTP/1.1 404 Not Found))Downloading    Failed to download ourhandle/packagename from dist: The "https://api.github.com/repos/ourhandle/packagename/zipball/a8b7d5c6d095fb50e07fc5e420f45164513902ca" file could not be downloaded (HTTP/1.1 404 Not Found)

This is probably similar to #84, but our versions never contain slashes but look like v1.2.3 instead. It's also similar to #67, but the error does occur for the repman.io sources too, not only for GitHub.
As @akondas pointed out in #67, we do have checksums in the lock file, but composer seems to insert it automatically.

As we have multiple engineers working together, I suspect one of them has an older composer version that causes the "broken" lockfile. Specifically, the last one who committed a lockfile change in one of our projects had 1.8.0 installed. His lockfile looked like this:

{
    "name": "ourhandle/packagename",
    "version": "v1.1.1",
    "source": {
        "type": "git",
        "url": "[email protected]:ourhandle/packagename.git",
        "reference": "a8b7d5c6d095fb50e07fc5e420f45164513902ca"
    },
    "dist": {
        "type": "tar",
        "url": "https://api.github.com/repos/ourhandle/packagename/zipball/a8b7d5c6d095fb50e07fc5e420f45164513902ca",
        "reference": "a8b7d5c6d095fb50e07fc5e420f45164513902ca",
        "shasum": "e098ed99b0e445508105b9256d15baf648c9b907",
        "mirrors": [
            {
                "url": "https://ourhandle.repo.repman.io/dists/%package%/%version%/%reference%.%type%",
                "preferred": true
            }
        ]
    },

Executing composer install with this file causes the installation to fail due to the above mentioned error. If I do composer update however, the lockfile is updated to the following:

{
    "name": "ourhandle/packagename",
    "version": "v1.1.1",
    "source": {
        "type": "git",
        "url": "[email protected]:ourhandle/packagename.git",
        "reference": "a8b7d5c6d095fb50e07fc5e420f45164513902ca"
    },
    "dist": {
        "type": "zip",
        "url": "https://api.github.com/repos/ourhandle/packagename/zipball/a8b7d5c6d095fb50e07fc5e420f45164513902ca",
        "reference": "a8b7d5c6d095fb50e07fc5e420f45164513902ca",
        "shasum": "",
        "mirrors": [
            {
                "url": "https://ourhandle.repo.repman.io/dists/%package%/%version%/%reference%.%type%",
                "preferred": true
            }
        ]
    },

Diff being the dist.type being zip instead of tar and dist.shasum being empty in the working configuration.

Sorry for the long issue. So the actual question is - was there any known change in checksum handling in newer composer versions? And by extension, is repman.io incompatible with older versions? That would be an interesting requirement to show in the Readme.

Configuration issue/question

Hi @akondas

I have a few config questions for you:

Question 1

In the home page, you have config info for the Proxy

And under the Organisation, repo for the organisation

If i understand correctly, both org.repo...... and repo.... are needed. Is it correct ?

Question 2

I have 30+ packages in repman, but if i take a look inside the composer cache, the

.../Composer/repo/https---org.repo.repman.example.com/packages.json only contains 8 packages

When i do a composer update, composer report that -> no matching package found. for a few packages

(i also tried to Update, the package, and to delete and re-add them)

Is it normal ?

Package View Improvements

A copy button for the package name (makes installation much easier)
Ability to view the README for a package
List of available releases
List of dependencies

Mimics our commonly used features from satis/packagist

Pulling in github package using git@ gets stuck

Hello,

Accidentally pulled a public git repo using the git ssh url:
[email protected]:ProxiBlue/Magento-2-Product-Images-Order-View-.git

That has now locked up the package install, and the package is just sitting syncing, and never quits or completes.

So, I tried to use the https:// git url, adding teh same package (yes it allowed me), but even that is stuck.

So, in general, I think something is broke.

Note: I had this package in the packages listed, but update did not work - claimed no updates, so I deleted, and retried from scratch - ended up in above result.

Not detecting all versions of package

We use the cloud version.

I synced a GitHub repo, and according to repman, the latest version is 1.5.1. However, the package already has some new releases:

What is going wrong?

GitLab package list limited to 40

I've got access to a lot more than 40 repos in GitLab, but only 40 appear in the packages list when trying to add a new package. I assume this is because of an issue with the pagination in the GitLab API, but because there's no way to manually add a repo, I'm unable to add any repos that don't appear in those 40.

Hide external providers login/register buttons

There is no option to hide the github/gitlab/buddy login buttons on the start page ..

Possibility to generate composer auth tokens for proxy repository

There is no option to protect the "main" repman from being used as open proxy...
and a method to allow by (sub-)domain is needed ..

Workaround: ( apache behind nginx proxy)

enable mod-remoteip and mod-authz-host ( because reverse dns of incoming proxy is e.g. .webproxy when not using mod-remoteip and you cannot differ between ingress proxy and other containers from same host )
in <server>:
RemoteIPHeader X-Forwarded-For
in <directory>

     Require ip 127.
     Require host localhost
     Require host .mycompany.com
     Require host .oneofmycompanyservers.com
     Require host .webproxy

Allow for public (read-only) access in organization

This issue is a continuation of the thread from reddit:

I mean adding a package to an organisation, and guests being able to browse and download those packages.

We could do an option in your organization's settings that would allow open access for added packages.

Support packages where the version numbers are available via an 3rd party API

An example of such package would be the no-content package from WordPress which only contains the WordPress files you need to be able to install WordPress using composer.

{
  packages: {
    example/wordpress-no-content: {
      "%VERSION%": {
        "name": "example/wordpress-no-content",
        "version": "%VERSION%",
        "dist": {
          "type": "zip",
          "url": "https://downloads.wordpress.org/release/wordpress-%VERSION%-no-content.zip"
        },
        require: {
          johnpbloch/wordpress-core-installer: "^1.0"
        },
        type: "wordpress-core"
      }
    }
  }
}
Where %VERSION% is the specific WordPress version.

The API for the latest version numbers is available from https://api.wordpress.org/core/version-check/1.7/

Would there be a way to automatically get the latest versions from the API, add those versions to some kind of storage/DB, and have the repository list all available versions, without having to fork the project? (even if it requires custom code to obtain and store the available versions)

repman-io / repman Goto Github PK

repman's Introduction

Repman - PHP Repository Manager

Requirements

Installation

Docker

Ansible

Manual

Configuration

Mailer

Workers

Usage

Local proxy

CLI commands

API Integration

GitHub

GitLab

Bitbucket

Self-hosted GitLab

Docker

Support

License

Libraries or projects directly included in Repman

repman's People

Contributors

Stargazers

Watchers

Forkers

repman's Issues

Circumstances:

suggestions:

Question 1

Question 2

Recommend Projects

Recommend Topics

Recommend Org