search

ffraenz / private-composer-installer

Composer install helper outsourcing sensitive keys from the package URL into environment variables
MIT License
227 stars 16 forks source link
acf composer composer-plugin dotenv hacktoberfest packagist wordpress

readme

private-composer-installer

Packagist version MIT license Build Status Coverage Status Packagist downloads

This is a Composer plugin offering a way to reference private package URLs within composer.json and composer.lock. It outsources sensitive dist URL parts (license keys, tokens) into environment variables or a .env file typically ignored by version control. This is especially useful when you can't use Private Packagist or Basic HTTP Auth because the source of a package is not in your control. This repository is inspired by acf-pro-installer.

Quick overview

Examples

Arbitrary private packages

Add the desired private package to the repositories field inside composer.json. Find more about Composer repositories in the Composer documentation. Specify the exact version to install, and use {%VARIABLE} placeholders to specify any sensitive tokens in your .env file.

{
  "type": "package",
  "package": {
    "name": "package-name/package-name",
    "version": "REPLACE_WITH_LATEST_PACKAGE_VERSION",
    "dist": {
      "type": "zip",
      "url": "https://example.com/package-name.zip?key={%PACKAGE_KEY}&version={%VERSION}"
    },
    "require": {
      "ffraenz/private-composer-installer": "^5.0"
    }
  }
}

Provide the private package dist URL inside the .env file:

PACKAGE_KEY=pleasedontusethiskey

Let Composer require the private package:

composer require "package-name/package-name:*"

WordPress plugins

WordPress plugins can be installed using the package type wordpress-plugin in conjunction with the composer/installers installer. In this example we are installing the ACF Pro plugin. Add following entry to the repositories field inside composer.json and set the desired ACF Pro version.

{
  "type": "package",
  "package": {
    "name": "advanced-custom-fields/advanced-custom-fields-pro",
    "version": "REPLACE_WITH_LATEST_ACF_VERSION",
    "type": "wordpress-plugin",
    "dist": {
      "type": "zip",
      "url": "https://connect.advancedcustomfields.com/index.php?a=download&p=pro&k={%PLUGIN_ACF_KEY}&t={%VERSION}"
    },
    "require": {
      "composer/installers": "^1.4",
      "ffraenz/private-composer-installer": "^5.0"
    }
  }
}

Provide the ACF Pro key inside the .env file. To get this key, login to your ACF account and scroll down to 'Licenses & Downloads'.

PLUGIN_ACF_KEY=pleasedontusethiskey

Let Composer require ACF Pro:

composer require "advanced-custom-fields/advanced-custom-fields-pro:*"

Configuration

The configuration options listed below may be added to the root configuration in composer.json like so:

{
  "name": "...",
  "description": "...",
  "require": {
  },
  "extra": {
    "private-composer-installer": {
      "dotenv-path": ".",
      "dotenv-name": ".env"
    }
  }
}

dotenv-path

Dotenv file directory relative to the root package (where composer.json is located). By default dotenv files are expected to be in the root package folder or in any of the parent folders.

dotenv-name

Dotenv file name. Defaults to .env.

Dependencies

This package heavily depends on vlucas/phpdotenv to load environment variables "automagically". This may cause version conflicts if your project already depends on it. Refer to this table to set the version of private-composer-installer accordingly or consider upgrading.

vlucas/phpdotenv private-composer-installer
^4.1, ^5.2 ^5.0
^4.0 ^4.0
^3.0 ^3.0, ^2.0
^2.2 ^1.0

Development

Install Composer dependencies:

docker-compose run --rm composer composer install

Before pushing changes to the repository run tests and check coding standards using following command:

docker-compose run --rm composer composer test

This is a project by Fränz Friederes and contributors