0

I have a gitlab installation for my organization. To standardize, the frameworks and development process we'd like to make the use of our own packagist installation on our server. The thing that is confusing me, is when I have to submit a package which is on a repo of gitlab, it requires authentication. I know while including a package in composer.json I can put repo, username and password so that it can read package from there. or while I am creating a project:

composer create-project vendor/name path --repository-url=http://user:password@my.gitlab.com/myrepo/package.git

If that is true, do we really need packagist? if yes then what would be the best way to setup this. I'd appreciate if you guys also tell me how the package submission on packagist(our own hosted) will work.

SAM
  • 641
  • 2
  • 16
  • 30
  • You do want to have a local metadata storage of all Composer information about your private packages. Otherwise you'd have to include all repositories that may include a package in all `composer.json` files of your root applications, even for transitive package relations. Another thing you might consider: Offering ZIP files for tagged versions instead of requiring everyone and your deployment system to clone everything. You can use Packagist in a local installation if you really need it's features, but I am still happy using Satis hosting 120 internal packages and more than 300 externals. – Sven Jul 25 '16 at 23:24
  • @Sven So are you using `satis` instead of Packagist for maintaining private packages? What are the merits of this approach? It's not like that I only want to use packagist. I feel its just the same thing just softwares are different. – SAM Jul 30 '16 at 12:53
  • Satis essentially is "running a script, produce some static output and then host this on the most basic web server you can imagine". Compared to packagist using some kind of database and requiring at least PHP on the server. There are some drawbacks like "Satis can only update everything in one go", which takes about 5 to 8 minutes for us. Packagist would be able to get one package triggered and will only update this one. You should also take a look at https://toranproxy.com as the third alternative. – Sven Aug 02 '16 at 12:22

0 Answers0