/gitlab-composer-integration

A composer repository for your Gitlab instance.

Primary LanguageGoMIT LicenseMIT

Discontinued

With the release of Gitlab 13.2 this is now part of the Gitlab core making this project obsolet. Read more here: https://about.gitlab.com/releases/2020/07/22/gitlab-13-2-released/#manage-php-dependencies-with-the-gitlab-composer-repository

gitlab-composer-integration

Travis CI Go Report Card Coverage Status

A composer repository for your Gitlab instance.

Features

  • Easy and fast setup, just add your Gitlab URL and a token!
  • Automatically detects all repositories which have a composer.json
  • Disk persisted caching for faster startup times

Setup

There are multiple ways to setup this service:

Docker

$ docker run --rm \
    -e GCI_GITLAB_URL=https://git.yourdomain.com \
    -e GCI_GITLAB_TOKEN="your token..." \
    -v /path/to/gci-cachedir:/cache \
    -p 4000:4000 \
    atomicptr/gitlab-composer-integration

Compile it yourself

# Clone the repository
$ git clone git@github.com:atomicptr/gitlab-composer-integration.git
$ cd gitlab-composer-integration
# Build the service
$ go build
# Execute!
$ ./gitlab-composer-integration --gitlab-url=https://git.yourdomain.com \
    --gitlab-token="your token..."

Configuration

You can provide all options as command line argument or as environment variable.

Gitlab Url (--gitlab-url / GCI_GITLAB_URL) required

The url of your Gitlab instance (for instance https://gitlab.mydomain.com)

Gitlab Token (--gitlab-token / GCI_GITLAB_TOKEN) required

A Gitlab user token with access to the repositories you want to serve via this service.

  1. Go to https://gitlab.mydomain.com/profile/personal_access_tokens (User Icon > Settings > Access Token)
  2. Enter a name, and the api and read_repository scope.
  3. Create and copy your token!

Cache Expire Duration (--cache-expire-duration / GCI_CACHE_EXPIRE_DURATION) duration default: 60m

Time until the cache will be invalidated.

Cache File Path (--cache-file-path / $GCI_CACHE_FILE_PATH) string

Location where the cache file will be stored

Vendor Whitelist (--vendor-whitelist / $GCI_VENDOR_WHITELIST) []string

A comma seperated list of allowed vendors, for example:

$ ./gitlab-composer-integration ... --vendor-whitelist=psr,typo3,myvendor

Port (--port / $GCI_PORT) int default: 4000

Well... the port this service will be running as.

HTTP Timeout (--http-timeout / $GCI_HTTP_TIMEOUT) duration default: 30s

Timeout for requests to Gitlab.

No Cache (--no-cache / $GCI_NO_CACHE) boolean default: false

Start without cache.

HTTP Credentials (--http-credentials / $GCI_HTTP_CREDENTIALS) string

Secure your composer repository from prying eyes by protecting it with a basic HTTP auth. For an example scroll down a bit.

FAQ

How can I add a custom repository to composer?

Just add this to your composer.json

{
  "repositories": [
    {
      "type": "composer",
      "url": "https://composer.yourdomain.com"
    }
  ]
}

How can I hide certain projects from the repository?

You can control the available projects via the Gitlab user token provided to the service. For instance you could create a seperate user for this service (recommended anyway) and allow/deny access to repositories.

How can I add authentication to my repository?

Just use the HTTP Credentials option:

$ ./gitlab-composer-integration ... --http-credentials="username:password"

And within your composer.json you add the credentials like this:

{
  "repositories": [
    {
      "type": "composer",
      "url": "https://username:password@composer.yourdomain.com"
    }
  ]
}

You can read more about HTTP basic authentication with composer here.

TODOs / Limitations

  • Fetching data from Gitlab is quite naive in it's current state, this will probably not work very well if your Gitlab instance has thousands of composer repositories. Not a huge priority for me right now as I only have a few hundred composer projects in my Gitlab instance.
  • Support for Gitlab webhooks to invalidate the cache.

License

MIT