Reputation: 13781
Composer won't load private repository within private repository?
So I am trying to leverage the power of composer packages to make my application more modular. So my main application is now depending on a private repository which I am pulling in like so:
"repositories": [
{
"type": "vcs",
"url": "../tenant-package.git"
}
],
"require": {
"archiveonline/tenant-package": "dev-master#a9ee4ec"
},
This works well and it pulls in the tenant-package locally and if I update the url to a bitbucket url, it still works fine. Now the tenant-package has another private dependency called repository-package which I pull in the tenant-package like so:
"repositories": [
{
"type": "vcs",
"url": "https://[email protected]/archiveonline/repository-package.git"
}
],
"require": {
"archiveonline/repository-package": "dev-master#e4ce518"
},
Now when I do a composer update in tenant-package, I can look into the vendor directory to find archiveonline/repository-package. Similarly when I do a composer update in my main application, I can find archiveonline/tenant-package in the vendor directory but I cannot find archiveonline/repository-package. What am I doing wrong? Am I missing something? Is this not the way to do it?
Upvotes: 1
Views: 810
Answers (1)
Reputation: 70863
Composer has to know about all possible repositories before deciding which packages are available. By default, only packagist.org is on the list and knows about all publicly published packages.
If you want to add individual repositories, you have to add them all into the root package. You cannot use repositories that are mentioned in packages you require in the root package indirectly.
Composer will scan the all repositories for information about any included packages, but if it would allow indirect package links, this search might never end if a package either points to a long list of other packages (a very evil denial of service if included in a public package you use), or it will recursively continue to find new repositories with new links to other repositories and so on.
The design decision was being made to only use the repository knowledge of the root package composer.json, so that is where all your Git repos would have to be mentioned.
As you can imagine, this is tedious, so there is some help: Satis. You'd configure it to know about all your repositories, and it will collect all meta data it finds in one place. Running it creates some static files that you'd have to serve via HTTP or HTTPS, and you point to this location in all your composer.json files with "type":"composer", "url": "http://example.com/your/satis/path".
Whenever you add a new package or new version of a new package, after Satis updated the meta data files, Composer will know about them and allow adding any package from anywhere in the most recent (non-conflicting) version.
Upvotes: 1
Related Questions
- How do I add an empty directory to a Git repository?
- How do I change the URI (URL) for a remote Git repository?
- How do I revert a Git repository to a previous commit?
- How do I push a new local branch to a remote Git repository and track it too?
- Reset local repository branch to be just like remote repository HEAD
- How do I update or sync a forked repository on GitHub?
- How do I properly force a Git push?
- How do I resolve merge conflicts in a Git repository?
- How do you push a tag to a remote repository using Git?
- How to determine the URL that a local Git repository was originally cloned from