Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom register for composer #2574

Closed
alexander-akait opened this issue Sep 28, 2018 · 5 comments · Fixed by #2650
Closed

Support custom register for composer #2574

alexander-akait opened this issue Sep 28, 2018 · 5 comments · Fixed by #2650
Assignees
@rarkins
Labels
manager:composer Composer (PHP) package manager priority-4-low Low priority, unlikely to be done unless it becomes important to more people type:feature Feature (new functionality)

Comments

@alexander-akait
Copy link

What would you like Renovate to be able to do?

Will be great if renovate will support custom registers.

Example:

{
  "name": "wp-theme",
  "type": "wordpress-theme",
  "license": "MIT",
  "description": "Description.",
  "homepage": "https://insteria.com",
  "repositories": [
    {
      "type": "composer",
      "url": "https://wpackagist.org"
    }
  ],
  "extra": {
    "installer-paths": {
      "./plugins/{$name}/": [
        "type:wordpress-plugin"
      ],
    }
  },
  "require": {
    "php": "^7.1",
    "composer/installers": "~1.6.0",
    "wpackagist-plugin/breadcrumb-navxt": "~5.0.0"
  }
}

Describe the solution you'd like

I don't know.

Describe alternatives you've considered

I don't know.

Additional context

Doesn't exist.
@rarkins
Copy link
Collaborator

rarkins commented Sep 28, 2018

In the above example, I assume that this part:

  "repositories": [
    {
      "type": "composer",
      "url": "https://wpackagist.org"
    }
  ],

translates to: "use https://wpackagist.org for all package lookups"?

But is it a complete mirror? It looks like it isn't?

  • Is Renovate/composer somehow meant to guess which packages are from wpackagist vs packagist?
  • Or, is Renovate/composer meant to try wpackagist first and for all the ones that fail it then tries the regular packagist?

@rarkins rarkins added type:feature Feature (new functionality) needs-requirements priority-4-low Low priority, unlikely to be done unless it becomes important to more people manager:composer Composer (PHP) package manager labels Sep 28, 2018
@alexander-akait
Copy link
Author

@rarkins Hm, i think we need look on composer logic. I can do this in near future.

@rarkins rarkins mentioned this issue Oct 14, 2018
Closed
@rarkins
Copy link
Collaborator

rarkins commented Oct 14, 2018
edited
Loading

@Jamesking56 could you add your use case here? You mentioned using a Satis repository but I'm not sure if you use it selectively or for all packages.

I think this issue is a prerequisite before we can implement authentication for private packages in #2354.

To implement this, once we have settled on the correct logic to use:

  1. Extend the composer extract function to include necessary host information, probably in the purl field

  2. Extend the packagist lookup function to recognise the extracted host information and do the right thing.

Links on the composer.json repositories field:

This text seems to answer my question from above:

Note: Order is significant here. When looking for a package, Composer will look from the first to the last repository, and pick the first match. By default Packagist is added last which means that custom repositories can override packages from it.

It seems like this is a try/fail/try type of approach, i.e. it's expected that you try the first in repositories even if it has only 1 or 2 of the packages, and eventually you fall back to using Packagist as the default. None of our other lookups so far use this approach so I need to think if we need to make any internal API changes to accommodate it, or embed all the logic into lib/datasource/packagist.

The second challenge is that the list of reposotories can potentially be quite long and I'm not sure if appropriate to embed it into the purl.

I had expected to support only type "composer" to start with, i.e. not type vcs or package or pear. But I wonder if Satis is completely compatible with our current Packagist source code? More on Satis here

@rarkins rarkins mentioned this issue Oct 14, 2018
Merged
4 tasks
@rarkins rarkins self-assigned this Oct 14, 2018
@rarkins
Copy link
Collaborator

rarkins commented Oct 14, 2018

I've started this moving in #2650 and discovered a few things.

First, packagist.org seems to include a "convenience" url for packages (e.g. https://packagist.org/packages/foo.json) that other ones may not, so we need to implement "proper" lookups.

I haven't found any foolproof guide to this so far, but hopefully this is right:

Because these URLs include hashes, they can be cached indefinitely to reduce the load.

rarkins added a commit that referenced this issue Oct 16, 2018
@rarkins
feat(composer): custom registries and basic auth (#2650)
0f1710f 
Adds support for custom Packagist registries.

- [x] Support dynamic packages.json interface for wpackagist.org
- [x] Support static packages.json for satis
- [x] Support basic auth using hostRules
- [x] Write basic auth to `auth.json`

Closes #2574, Closes #2354
@renovate-bot
Copy link
Collaborator

🎉 This issue has been resolved in version 13.101.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

corecanarias pushed a commit to corecanarias/renovate that referenced this issue Oct 24, 2018
@rarkins @corecanarias
feat(composer): custom registries and basic auth (renovatebot#2650)
2601530 
Adds support for custom Packagist registries.

- [x] Support dynamic packages.json interface for wpackagist.org
- [x] Support static packages.json for satis
- [x] Support basic auth using hostRules
- [x] Write basic auth to `auth.json`

Closes renovatebot#2574, Closes renovatebot#2354
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rarkins rarkins

Labels
manager:composer Composer (PHP) package manager priority-4-low Low priority, unlikely to be done unless it becomes important to more people type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(composer): custom registries and basic auth renovatebot/renovate
3 participants
@alexander-akait @rarkins @renovate-bot