What's the best subscription service for hosting private Composer repos?
May 11, 2018 9:57 AM   Subscribe

What are my best options for hosted, private Composer repositories? My main requirement is that it should integrate easily with GitHub, but that seems to be pretty standard.

Context: I'm the more technically savvy member of a very small (two-person) dev team, and I'd like to start using Composer to manage our internal PHP code.

Since our team is so small – and we don't have any IT support staff – I'd prefer a hosted solution. (The last thing I need is another server to patch and maintain.)

I'm fairly experienced with Composer as a user, but I've never set up or maintained a repo from scratch before.

Aside from the aforementioned GitHub integration, I'm looking for security and longevity (i.e., a service that has been around for a while, and looks like it'll be around for a while longer).

What would you recommend?
posted by escape from the potato planet to Computers & Internet (5 answers total)
Best answer: Github, or any other git-based source control system - it just needs to be accessible from whatever machines you're building your php apps from. Github (or private github repos), bitbucket, gitlab, etc would all work. A composer repo is just a php project with a composer.json file that defines all it's dependencies and namespaces. If you want to enable autodiscovery, you can host your own private packagist instance but that's most likely overkill; I run big large-scale php applications and we don't even bother with ours anymore. All you need to do in a project that has other composer-enabled dependencies is define in the repository section of composer.json file where each private dependency lives.
posted by cgg at 11:18 AM on May 11, 2018

If you want to not use Github for your repos but still use Git (I was confused about the "integrate with Github req), I really love Beanstalk. I also use Github, and though Beanstalk doesn't have all the same features, it does offer a friendlier interface for anyone on your team who might not be as savvy -- and their tech support has been very good when I've needed them.
posted by missmobtown at 11:48 AM on May 11, 2018

Response by poster: cgs: Ah! I didn't realize that you could just pull directly from GitHub. That's almost certainly the way to go.

Do I need to add a separate repository to my composer.json for each individual package? Or can I somehow register my entire GitHub organization in my composer.json, and then type things like
composer require myorg/mypackage
? That's my ideal.
posted by escape from the potato planet at 12:37 PM on May 11, 2018

Best answer: I don't think you can add an entire org to a composer.json, no - that starts to creep into the autodiscovery features of packagist. If you really wanted to go down that route, there's a lightweight packagist-like tool call Satis that might help, but that would require a server/s3 bucket or whatever that can serve static files. That said, it miiiight be possible to host a Satis instance in github but i'm not sure it's worth going down that rabbit hole if you're looking for an easy solution. I (unfortunately) have hundreds of thousands of lines of code with dozens of dependencies and each one is just defined as needed. For reference, all my repos are defined according to the examples here.
posted by cgg at 1:32 PM on May 11, 2018

Response by poster: Awesome – that definitely helps. We used Satis at my last job, but I was just a consumer, not an administrator.

I believe I'll start with the simple approach that you use, and consider Satis later on.

posted by escape from the potato planet at 2:25 PM on May 11, 2018

« Older ... and facebook and instagram and tumblr and...   |   Mysterious one-of-a-kind electric kettle?! Newer »
This thread is closed to new comments.