Composer不会在私人存储库中加载私有存储库? [英] Composer won't load private repository within private repository?
问题描述
存储库:[
{
type:vcs,
url:../tenant-package.git
}
],
require :{
archiveonline / tenant-package:dev-master#a9ee4ec
},
这个效果很好,它在本地拉取 tenant-package ,如果我更新url到一个bitbucket url,它仍然可以正常工作。现在, tenant-package 具有另一个名为 repository-package 的私有依赖项,我将它放入 tenant-package 就像这样:
repositories:[
{
type:vcs,
url:https://rohan0793@bitbucket.org/archiveonline/repository-package.git
}
],
require:{
archiveonline / repository-package:dev-master#e4ce518
},
现在,当我在 tenant-package 中执行作曲家更新时,我可以查看供应商目录以找到 archiveonline / repository-package 。同样,当我在主应用程序中执行 composer update 时,我可以在vendor目录中找到 archiveonline / tenant-package 但我找不到 archiveonline / repository-package 。我究竟做错了什么?我错过了什么吗?这是不是要做到这一点? 解决方案作者在决定哪些软件包可用之前,必须知道所有可能的软件仓库。默认情况下,只有packagist.org在列表中,并且知道所有公开发布的软件包。
如果要添加单个存储库,则必须将它们全部添加到根包。您无法间接使用您在根包中需要的包中提及的存储库。
作曲家将扫描所有存储库以获取关于任何包含的包的信息,但是如果它允许间接的软件包链接,如果软件包指向其他软件包的一长串列表(如果包含在您使用的公共软件包中是一种非常恶劣的拒绝服务),则该搜索可能永远不会结束,或者它会递归地继续使用新链接来查找新的软件仓库到其他存储库等等。
设计决定只用于使用根包
你可以想象,这很乏味,所以有一些帮助:Satis 。您将其配置为了解所有存储库,并将收集它在一个位置找到的所有元数据。运行它会创建一些静态文件,您必须通过HTTP或HTTPS提供服务,然后在所有 composer.json 文件中使用
每当您添加新软件包或新版本的新软件包时,在Satis更新元数据文件后,Composer将会了解它们并允许从最新(无冲突)版本的任何位置添加任何软件包。
So I am trying to leverage the power of composer packages to make my application more modular. So my main application is now depending on a private repository which I am pulling in like so:
"repositories": [
{
"type": "vcs",
"url": "../tenant-package.git"
}
],
"require": {
"archiveonline/tenant-package": "dev-master#a9ee4ec"
},
This works well and it pulls in the tenant-package locally and if I update the url to a bitbucket url, it still works fine. Now the tenant-package has another private dependency called repository-package which I pull in the tenant-package like so:
"repositories": [
{
"type": "vcs",
"url": "https://rohan0793@bitbucket.org/archiveonline/repository-package.git"
}
],
"require": {
"archiveonline/repository-package": "dev-master#e4ce518"
},
Now when I do a composer update in tenant-package, I can look into the vendor directory to find archiveonline/repository-package. Similarly when I do a composer update in my main application, I can find archiveonline/tenant-package in the vendor directory but I cannot find archiveonline/repository-package. What am I doing wrong? Am I missing something? Is this not the way to do it?
Composer has to know about all possible repositories before deciding which packages are available. By default, only packagist.org is on the list and knows about all publicly published packages.
If you want to add individual repositories, you have to add them all into the root package. You cannot use repositories that are mentioned in packages you require in the root package indirectly.
Composer will scan the all repositories for information about any included packages, but if it would allow indirect package links, this search might never end if a package either points to a long list of other packages (a very evil denial of service if included in a public package you use), or it will recursively continue to find new repositories with new links to other repositories and so on.
The design decision was being made to only use the repository knowledge of the root package composer.json, so that is where all your Git repos would have to be mentioned.
As you can imagine, this is tedious, so there is some help: Satis. You'd configure it to know about all your repositories, and it will collect all meta data it finds in one place. Running it creates some static files that you'd have to serve via HTTP or HTTPS, and you point to this location in all your composer.json files with "type":"composer", "url": "http://example.com/your/satis/path".
Whenever you add a new package or new version of a new package, after Satis updated the meta data files, Composer will know about them and allow adding any package from anywhere in the most recent (non-conflicting) version.
这篇关于Composer不会在私人存储库中加载私有存储库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
