EDIT
I think I misunderstood satis, now this is my new understanding, please correct me if I am wrong:
In satis.json, I must specify the url s of the packages I want to mirror, e.g the doctrine git repo, yaml git repo... Then satis mirrors all these packages on my server. This would mean I need to add once all packages used within my composer.json of my project to the satis json (around 20 packages/requirements ). Now, I can add my private satis repository to the composer.json file of my project and when running "composer update", it will first look within the satis mirrored packages for the required package. Did I understand that correctly?
Situation:
I am trying to use Satis for private composer repository. I have a private project on github for a website of mine. On the project, I am using composer and therefore I have a composer.json on the root of the project. It looks the following:
{
"name": "Peter North",
"license": "proprietary",
"type": "project",
"autoload": {
"psr-4": {
"": "src/"
}
},
"require": {
"php": ">=5.3.9",
"symfony/http-foundation": "dev-master"
}
...
}
Now I wanted to use my private satis repository of url: packages.ait.company, running on an apache and accessible so far. The satis.json looks the following:
{
"name": "AIT Company",
"homepage": "packages.ait.com",
"repositories": [
{
"type": "vcs",
"url": "git@github.com:north/ait.git" // this is the url of my private github project
}
],
"require-all": true,
"require-dependencies": true,
"archive": {
"directory": "dist",
"format": "tar",
"skip-dev": true
}
}
I think that I did not understand well how to structure the satis.json file and what it needs to contain, because the way I am trying, it does not download the "php" and "symfony/http-foundation" packages that I specified in the composer.json file - though it does download the correct composer.json file of the project into /satis/include directory json file.
How does the satis.json need to look like, when I want to read the composer.json of my project from github and build the private satis repository of the "require entries" ?
In my Satis update script, it is a two step process to create local copies from both external packages as well as internal, private repositories.
The first step only downloads the meta data of external dependencies and puts them into an intermediate satis repository. The configuration explicitly does not "require-all", but has explicit statements of all packages that are being used (and some that may be used, or had been used in the past) with an open-ended version wildcard, i.e. "symfony/console":">=2.4" (no tilde or caret - I want to get major version updates here). Adding require-dependencies:true scans all the dependencies of all the required packages and adds them to the meta data collection as well.
The result is stored in a directory "external".
The second step is responsible for scanning all packages from internal "repositories", and creating archives from them. This obviously is a list of all private repos, but the trick is: You can also add to the satis.json a repository of type "composer" - and this is where I add the external repository with the meta data from external packages. Adding it here adds all the external packages' versions to the list of versions that need to have ZIP files created.
Running it for the first time takes a long time because of all the packages that need to be downloaded (and created locally from the private repos). Running it after that is simply an incremental update of only the new versions that haven't been created previously.
The key is to configure collecting external packages without ZIPs and with explicit version ranges ("*" as version would work, but only use it if you really need all versions) in one Satis file, then add the resulting repository to the second Satis configuration. You cannot combine the two operations (only creating ZIPs of selected external dependencies together with ZIPs of ALL internal repositories) into one Satis run.
One more tip: You probably only want to create local copies of your external dependencies to avoid hitting a Github outage when you are deploying to production (or are developing and need that update). In order to ensure every used dependency is in my Satis, I added both the Satis repository to every composer.json, as well as "packagist":false, to turn off any direct contact to Packagist. You cannot just add a random package then, it has to be in your local Satis repository first.