1

I've setup a Satis repository on one of our remote servers allowing access to our private packages hosted on Bitbucket. I've created an SSH key pair on that server and added the public key to our Bitbucket user. Building Satis works just fine this way.

Now, when I want to do a composer install on any remote server hosting an app, I don't have the right permissions unless I create a key pair on that server and also add its public key to Bitbucket. I don't want to do this for every project (times 3 for environments) ending up with almost 100 public keys in our Bitbucket account.

How can this be avoided? Is there a way to have all packages mirrored on the Satis repository, so when composer installing the packages can just be fetched from the Satis repo without the need of having to use the public keys?

shineability
  • 365
  • 1
  • 3
  • 13

1 Answers1

1

Yes, you have to create archives on the Satis server. If enabled, for every tag found Satis will create a ZIP file and put it into the directory you configure.

This will also speed up installation because that ZIP, once downloaded, will be stored locally. Note that ZIPs will only be used if the package has not been installed in the vendor folder. Currently I assume you are having all packages cloned with Git, and Composer will not change this - fetching updates and then checking out a tag is faster than deleting the repo and downloading the ZIP. And if you are still using Git, you have to have keys.

Deleting the vendor folder and updating after that should download ZIPs once you changed the Satis configuration.

Sven
  • 69,403
  • 10
  • 107
  • 109
  • So technically, when deploying your app and archives are available on the Satis repository, no keys will be needed on the server since it's a fresh install and the vendor folder will be created for the first time? Tnx for the detailed explanation! – shineability Apr 07 '16 at 20:39