composer-phppackagistsatis

How to make Satis package dependencies install from packagist

I've successfully set up Satis on my own server and am able to pull in packages from it.

However, dependencies that are required in those private packages are constantly being cloned at their bleeding edge version instead of the specified version constraint. I think that Satis is creating a local mirror of the latest dev-version. However I do not want to have a local mirror, I just need them to install directly from Packagist.

So how do I need to setup the project / package / Satis to have the dependencies in those private packages installed from Packagist?

Thanks.

This is my Satis build file:

{
  "name": "Package Server",
  "homepage": "http://packages.URL",
  "repositories": [
    {
      "type": "vcs",
      "url": "git@bitbucket.org:USERNAME/REPO.git",
      "options": {
          "ssh2": {
              "username": "USERNAME",
              "pubkey_file": "PUBFILE",
              "privkey_file": "PRIVATEFILE"
          }
      }
    }
  ],
  "require-all": true
}

And this is the composer.json file of the project requiring the private package (package has no tagged releases):

{
    "name": "Test Project",
    "description": "",
    "require": {
        "php": ">=5.4.0",
        "USERNAME/REPO": "*"
    },
    "repositories": [
        {
            "type": "composer",
            "url": "http://packages.URL"
        }
    ],
    "minimum-stability": "dev"
}

And this is the private package's composer.json:

{
    "name": "USERNAME/RPO",
    "description": "",
    "require": {
        "php": ">=5.4.0",
        "illuminate/support": "5.0.*",
        "vinkla/hashids": "~1.0"
    },

    "minimum-stability": "dev"
}
Solution

  • In your Satis config you defined "require-all": true. This is default and selects all versions of all packages in the repository you defined.

    You could try to remove "require-all": true in favor of a require section. This means that Satis will only contain these specific packages and their versions, like so:

    "require": {
    "company/packageA": "*",
    "company/packageB": "1.2.3",
    "company/packageC": "2.0.0"
}

    It's package cherry picking on Satis

    So if I understand correctly I need to add the private packages that are available in the specified private repository in the require key and their own dependencies will then install from Packagist?

    Add require-dependencies - this tells Satis to mirror not only the packages specified in the "require" section, but also all their dependencies.

    See https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#resolving-dependencies

    Is it possible to have multiple packages resided in one defined repository or does every single package need their own repository url entry in Satis?

    I think it's not possible to have multiple packages in one "type": "vcs" repository.

    With "type": "composer" and a cloned packagist you can store multiple repos. Think of http://drupal-composer.org with http://packagist.drupal-composer.org/.

    {
    "repositories": [
        { "type": "vcs", "url": "https://github.com/somewhere/packageA" },
        { "type": "composer", "url": "https://packagist.org" }
    ], 
    "require": {
        "package/packageA": "somewhere-dev",
        "phpunit/phpunit": "*"
    },
    "require-dependencies": true
}