Add "dist" node into packages pointing to gitlab zip download

[dada87]

Hi,

Great job with this script.

It's no bug merely a suggestion for improvement. I don't even now if it's possible with the Gitlab API but it could be nice to add a dist node in the packages.json that point to the zip download URL in Gitlab to improve downloading through composer.

David

[lemoinem]

Thanks!

It sure is a good idea for at least public packages. PR are always welcome if you could provide one.

We also have to keep in mind that most GitLab will be access restricted, I'm not sure if it will be possible to download the dist without having to enter a username/password. We don't have this problem for cloning because we're going through SSH and using SSH keys. There might also be easy way to give username/password to composer ( https://getcomposer.org/doc/articles/http-basic-authentication.md )

[dada87]

You're right, I've looked quickly into the Gitlab API and I haven't found any "download" related url so I don't think we would have access.

Another solution would be to "cache" the projet in zip files in your cache folder and add an url that would deliver the zip. But that would require a heavier process in your script.

I'd love to help more than with ideas but I just don't have the time really. And I just found this just so you know : https://github.com/gitlabhq/gitlabhq/pull/9301 So there might be a Composer Service on Gitlab in the near futur.

[lemoinem]

Great for letting us know. Thanks!

Time is a limited resources for everybody...

Having the zip in our cache folder and serving it doesn't seem to be secure, unless we add authentication facilities in composer itself, which, AFAIK, currently doesn't exist (nor should they). If the GitLab has access restrictions in place, composer shouldn't offer a way to bypass them...

[dada87]

I agree. Sources will suffice for now.

Thanks for the chat anyway.