medusa.json changes

[robocoder]

Currently, medusa.json follows this format:

{
    "repositories": [
    ],
    "require": [
        "guzzle/guzzle"
    ],
    "repodir": "web/repositories",
    "satisurl": "http://user:password@satis.host:port/repositories",
    "satisconfig": "satis.json"
}

Proposing that we change medusa to:

1. use satis.json
2. modify satis.json format to accommodate medusa configuration
3. simplify configuration

Example satis.json:

{
    "name": "My Repository",
    "homepage": "http://packages.example.org",
    // if using medusa, these are the local repositories
    "repositories": [
        { "type": "vcs", "url": "http://github.com/mycompany/privaterepo" },
        { "type": "vcs", "url": "http://svn.example.org/private/repo" },
        {
            "type": "vcs",
            "url": "http://github.com/mycompany/privaterepo2"
            // optional security
            "options": {
                // either use ssh
                "ssh2": {
                    "username": "composer",
                    "pubkey_file": "/home/composer/.ssh/id_rsa.pub",
                    "privkey_file": "/home/composer/.ssh/id_rsa"
                },
                // or ssl
                "ssl": {
                    "local_cert": "/home/composer/.ssl/composer.pem",
                }
            }
        }
    ],
    // list all versions of packages (i.e., "*" for all repositories)
    "require-all": true,
    // otherwise be more specific
    "require": {
        "company/package": "*",
        "company/package2": "*",
        "company/package3": "2.0.0"
    },
    // create downloads (dist packages), i.e., using composer --prefer-dist
    "archive": {
        "directory": "dist",
        "format": "tar",
        "prefix-url": "https://amazing.cdn.example.org",
        "skip-dev": true
    },
<!-- THIS IS THE NEW STUFF -->
    // medusa mirroring packages, i.e., using composer --prefer-source
    "source": {
        // non-packagist repositories
        "repositories": [
            {
                // pseudo package name; used for repo directory structure
                "name": "myvendor/package",
                // default if unspecified
                "type": "vcs",
                "url": "git@othervcs:myvendor/package.git"
            },
            {
                "name": "myvendor/package2",
                // use this option to only mirror the dependencies found in composer.json
                "type": "composer"
                "url": "git@othervcs:myvendor/package2.git",
            }
        ],
        // package repositories
        "require": [
            "guzzle/guzzle"
        ],
        // this becomes optional; was "repodir"; satis already assumes "web", so we'll default to "web/repositories"
        "repository-dir": "web/repositories",
        // was "satisurl";
        "prefix-url": "http://user:password@satis.host:port/repositories",
        // optional; otherwise overwrites satis.json; replaces "satisconfig"
        "output-file": "medusa-satis.json"
    }
<!-- END -->
}

[smurfy]

this is more like how the satis file should look like if medusa is integrated to satis. on a side not, what i currently don't like on medusa is that its updating the original satis file.

We have a bunch of private repros in our satis.json and it will be cluttered by medusas stuff. (and i don't want that repros mirrored because i already have them localy on our scm server and some of the linked repros are links to for example jquery or other stuff we use which uses not git as a download source, so i cant add them to the medusa.json)

So if mirror functionallity would be incorperated to satis the mirroring should be transparent, and the satis file should only be modified by the user (manually or via a command).

for the current way medusa works i would suggest merging a static satis.json with the medusa mirrored reprositories and then outputting a different satis.json which then be used for satis itself.

[robocoder]

@smurfy Yes, medusa updates satis.json, but it reads whatever is already in the repositories list and then adds to it. So you only have to list your private repos in satis.json. Thus, medusa.json only contains the external repos that you want to mirror.

As for the clutter, what I'm proposing will actually make it less so. Let's say your project requires 40 external packages (not including their dependencies). Currently, these 40 packages have to be specified in medusa.json in the "require" list.

That's why I propose to be able to list only the project itself, telling medusa to read the project's composer.json for those 40 dependencies.

            {
                "name": "private/project1",
                "type": "composer"
                "url": "git@gitlab.local:private/project1.git",
            }

This should also simplify maintenance, i.e., a change in the project's composer.json will automatically be picked up by medusa.

[smurfy]

Hm this the way we are using satis:

Every project has one repository line in its composer.json pointing to satis. In the satis.json we have all the dependencies which are not on packagist. Thats around 30 Private Librarys/Bundles/Modules and about the same amount of external libs, like Jquery (not type scm, but zip or just the donwload to the js, because of we don't use the scm repro we have multiple entries pointing to different versions of it)

If we add another lib we update the satis config and pushing it to git. we have a cron script on the satis server which does an git pull and then updating satis.

so if we use medusa updating our satis.json it could cause merge problems with our, manually maintained satis config.

thats the reason behind the suggestion, that medusa should (optionally) don't touch the original satis file, but create a new one with the original repositories from the original satis.json and the additional ones to the mirror.

[robocoder]

ok