Using Composer in public repositories
- This topic has 5 replies, 2 voices, and was last updated 2 years ago by
Peter.
-
AuthorPosts
-
March 22, 2023 at 1:06 AM #41160
Graceson
ParticipantHello,
I am making a plugin that uses a number of premium extensions. In my composer.json file I have:
{ "repositories":[ { "type": "composer", "url": "https://wpackagist.org" }, { "type": "composer", "url": "https://packages.metabox.io/MY_LICENCE/" } ], "require": { "wpackagist-plugin/meta-box": "^5.6.7", "meta-box/mb-admin-columns": "dev-master", "meta-box/mb-custom-table": "dev-master", "meta-box/mb-frontend-submission": "dev-master", "meta-box/mb-settings-page": "dev-master", "meta-box/meta-box-columns": "dev-master", "meta-box/meta-box-tooltip": "dev-master" }, "extra": { "installer-paths": { "vendor/meta-box/{$name}": ["vendor:wpackagist-plugin", "vendor:meta-box"] } }, "autoload": { "psr-4": { "MVIFileAttachment\\": "src/" } }, "config": { "allow-plugins": { "composer/installers": true } } }This works great! However, I want to commit this to a public repository without revealing my license key. Is there a way for me to do that? I've looked into using auth.json but I don't really understand how that works.
March 22, 2023 at 7:06 PM #41168Peter
ModeratorHello,
There is no way to remove the license key from the composer.json file and publish it. You should set the repository as Private under our Terms and Conditions https://metabox.io/terms-conditions/
You can also set the license key in the file wp-config after installing the premium plugins to get updates. Please read more here https://docs.metabox.io/updates/#can-i-define-the-license-key-via-a-constant-in-wp-configphpMarch 22, 2023 at 9:43 PM #41172ParticipantMaking the repository private is a very strange suggestion considering you have made this: https://github.com/wpmetabox/awesome-meta-box
In any case it sounds like you do not properly support this at the moment. Can you look into updating how the extensions work with Composer so that it is easy for people to keep their license keys private while making it easy to share/collaborate?
March 23, 2023 at 8:50 PM #41183ModeratorHello,
I've asked the development team and there is no way to publish the file composer.json without the license key.
Let me know if you have any questions.
March 23, 2023 at 10:56 PM #41188ParticipantHi,
I don't think you are quite right since I have found one possibility.
Turns out you can use
composer config --global --editorto edit the local configuration. That way, you don't have to have the license key included in composer.json.Note: you will need to save and close the file when done like this: https://stackoverflow.com/questions/17535428/how-to-edit-save-a-file-through-ubuntu-terminal.
Now, one can add the appropriate lines to .gitignore to keep things private from the public:
.DS_Store composer.lock vendor/meta-box/ vendor/composer/installers/This works decently, but I still think that MetaBox should update their repositories to support one of the authentication methods described on this page: https://getcomposer.org/doc/articles/authentication-for-private-packages.md. Please log this as a feature request.
March 25, 2023 at 11:04 AM #41207ModeratorHello,
Thanks for sharing the solution.
I will inform our development team to check this feature and consider adding it to the backlog development.
-
AuthorPosts
- You must be logged in to reply to this topic.