search

craftcms / nitro

Speedy local dev environment for @craftcms.
https://getnitro.sh
MIT License
178 stars 24 forks source link

Does Nitro work with the COMPOSER_AUTH environment variable? #467

Closed jamesmacwhite closed 2 years ago

jamesmacwhite commented 2 years ago

Description

I have a Craft 3 project which is trying to pull in a private repo as a composer dependency. I am trying to use the COMPOSER_AUTH environment variable as this is portable across all environments.

The main composer.json has this:

 "repositories": [
     {
       "url": "https://github.com/xxxxxxxxxxx/xxxxxxxxxxxxx.git",
       "type": "git"
     }
]

However upon running composer update after adding the dependency I am getting:

Cloning failed using an ssh key for authentication, enter your GitHub credentials to access private repos
When working with _public_ GitHub repositories only, head to https://github.com/settings/tokens/new?scopes=&description=Composer+on+ae7cfe7257f4+2022-05-26+1801 to retrieve a token.
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+ae7cfe7257f4+2022-05-26+1801
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/tmp/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Token (hidden):

My .env file contains:

COMPOSER_AUTH="{\"github-oauth\":{\"github.com\":\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"}}"

I'm not sure if this is a Nitro thing, but I think I have the correct formatting of storing the token in an environment variable, however it appears composer cannot see it.

jasonmccallister commented 2 years ago

@jamesmacwhite are you running nitro composer or nitro ssh?

Also, if you are defining the environment variable in your .env composer won't read that by default.

jamesmacwhite commented 2 years ago

Tried both, but as you say I think it's probably due to COMPOSER_AUTH being in .env.

The auth.json method works for local dev, pipelines for other environments can use the environment variable, so I guess that's a solution.