I would like to load private projects into a larger project. The multiple private repositories belong to different GitHub users and organizations. Therefore, I need to use at least 2 tokens. I found a solution for this, but it requires storing the tokens in the composer.json file.
A direct use of tokens in the composer.json file
{
"require": {
"organization-name/repository-1": "^1.2",
"organization-name/repository-2": "^1.2",
"username/repository-3": "^1.2"
},
"repositories": [
{
"type": "git",
"url": "https://github_pat_token-first@github.com/organization-name/repository-1.git"
},
{
"type": "git",
"url": "https://github_pat_token-first@github.com/organization-name/repository-2.git"
},
{
"type": "git",
"url": "https://github_pat_token-second@github.com/username/repository-3.git"
}
]
}
However, I don't want to expose the tokens when uploading the project to the web server. How can I replace the tokens with variables and declare these variables when running the global composer command? (for example, when run composer install or composer update)
Declaring external variables (Just an illustration of what I would like to achieve)
{
"firstToken": "token-first",
"secondToken": "token-second",
}
{
"require": {
"organization-name/repository-1": "^1.2",
"organization-name/repository-2": "^1.2",
"username/repository-3": "^1.2"
},
"repositories": [
{
"type": "git",
"url": "https://github_pat_${firstToken}@github.com/organization-name/repository-1.git"
},
{
"type": "git",
"url": "https://github_pat_${firstToken}@github.com/organization-name/repository-2.git"
},
{
"type": "git",
"url": "https://github_pat_${secondToken}@github.com/username/repository-3.git"
}
]
}
That's not supported by composer.
You can write something else that spits out a new composer.json based on a template, extrapolating the contents from variables... but then it would no longer be a "composer" issue, composer would simply see the resulting JSON file.