We Keep Coding

How to develop with symlinked composer package, but build from a vcs repository?

While refactoring legacy code, I try to work on a composer package while at the same time work on a project which uses this package.
Composer allows me to add local path repositories for retrieving the package in-development, and symlinking this package into my project.
<composer.json excerpt>
"repositories": [
{
"type": "path",
"url": "../my-package/",
"options": {
"symlink": true
}
}
],
...
"require": {
"my/package": "#dev"
}
I then do
composer update my/package --prefer-source
Which symlinks just fine. However, when building my project on a CI server, I want the project to retrieve the package from a remote git repository, this is why I added the vcs section to my composer.json.
{
"type": "vcs",
"url": "git#bitbucket.org:my/package.git"
}
However, during building via composer install it still tries to retrieve the package locally, which is not available on the CI server of course. I guess because my composer.lock explicitly says that the package is retrieved from a path.
How can I make it work smoothly, both locally and on the CI server? I seem to lack a decent workflow.
What I tried so far:
adding my/package again as a dev-package, but apparently the composer.json will remove if from the no-dev packages automatically then. Also, I do not know how to tell composer to use the path repository for the dev requirement, and the vcs repository for the no-dev requirement.

After tons of hours searching for a suitable workflow, I found out one. Hope it can help you.
Since repository-dev (like require-dev for repository) doesn't exist and will not exist soon (see this), we need to make two composer.json files. Let's say we call the second one composer-dev.json. I think you should commit both and having both up-to-date. To tell composer to use composer-dev.json, you need to put COMPOSER=composer-dev.json in front of every composer command. To illustrate, see this :
composer.json
{
"repositories":[
{
"type": "vcs",
"url": "{repo}"
}
],
"require": {
"vendor/package": "{version}",
}
}
composer-dev.json
{
"repositories":[
{
"type": "path",
"url": "path/to/your/package",
"options": {
"symlink": true
}
}
],
"require": {
"vendor/package" : "{version}",
}
}
As you can see, the composer.json contains the 'vcs' repository and the composer-dev.json contains the 'path' repository.
To initialise your application and start developing :
COMPOSER=composer-dev.json composer update
Composer created the vendor directory and symlink your package folder to vendor/package. It also created a composer-dev.lock file which you should commit for deployment.
To install new package :
COMPOSER=composer-dev.json composer require vendor/package
Remember that composer.json have to be up-to-date, so you have to put all new lines in it.
To build your application :
COMPOSER=composer-dev.json composer install
Which should throw you :
[RuntimeException]
Source path "path/to/your/package" is not found for package vendor/package
Now you can run :
composer update --no-dev vendor/package
or if you need specific version :
composer update --no-dev vendor/package:{version}
Notice that there is no COMPOSER=composer-dev.json in front of the last command since we are using composer.json in order to use our vcs repository. This last command will also install all missing packages.
I hope it was usefull !

Composer download repository in Gitlab as archive

TL;DR
I need a way to make composer download my package as an archive so it excludes files and directories I don't want to be included that are on my .gitattributes as export-ignore
Background info
I have files in my composer package repository that I don't want to be included in projects that use this package (DataFixtures, Tests, CI configuration). I have setup a .gitattributes file which excludes those folders and files with export-ignore.
This works fine when downloading the package as a zip manually but it, of course, doesn't when you checkout the code with git.
This is where my problem starts, I have added the repository manually to the composer.json since it is a private gitlab instance. Whenever I run composer update it uses GIT to download the code. I probably need a way to either make composer remove the files that are on the .gitattributes or force it to download my repository as an archive.
composer.json example
"repositories": [
{
"url": "git#<my-gitlab-server>:composer-libraries/testproject.git",
"type": "git"
}
],
......
"require": {
"myownvendor/testproject": "^1.0",
}
Is there a way to solve this?

Try setting the preferred-install method for this repository to dist in your composer.json:
{
"config": {
"preferred-install": {
"myownvendor/testproject": "dist"
}
}
}
Alternatively, install dependencies by running
$ composer install --prefer-dist
For reference, see:
https://getcomposer.org/doc/06-config.md#preferred-install
https://getcomposer.org/doc/03-cli.md#install

Installation via composer: multiple git remotes and pathspec error during feature branch checkout

I am installing our PHP application with composer and linked git repositories. After installation, the cloned repositories have two git remotes configured, 'composer' and 'origin'.
composer.json
"require": {
[...]
"mycompany/myrepository": "dev-master",
},
[...]
"repositories": [
{
"type": "vcs",
"url": "git#bitbucket.org:mycompany/myrepository.git"
},
Right after composer completed the installation:
$> git remote show
composer
origin
When I want to switch to any available feature branch on the repository, it fails with a git error.
$> git fetch && git checkout branchname
error: pathspec 'branchname' did not match any file(s) known to git.
When I delete the git remote 'composer', it works fine but that isn't very scalable/efficient.
$> git remote rm composer
What might be wrong in my composer.json or the way I want to achieve this?
Edit:
The composer.json has been created based on https://getcomposer.org/doc/01-basic-usage.md at the time - if I start fresh and only require a single module, no dependencies etc, and then do a compser create-project, the outcome is identical: both remotes "composer" and "origin" are available.
Update:
I tried doing the same with a single git public repo monolog/monolog based on composer documentation and it resulted in the same two remotes present.
Testcase from scratch:
{
"require": {
"monolog/monolog": "dev-master"
},
"require-dev": {
},
"repositories": [
{
"type": "vcs",
"url": "https://github.com/Seldaek/monolog"
}
]
}
$ composer create-project
$ cd vendor/monolog/monolog
$ git remote show
composer
origin

Run git branch -a to see which branches you have.
It should look something like
* master
remotes/origin/master
remotes/origin/branchname
remotes/composer/master
If there is no local branch branchname you can
git fetch origin
git checkout --track origin/branchname
to track the branchname from origin.

Private composer packages - no valid composer.json was found

I'm trying to load a library I have hosted on BitBucket using composer as explained both in the official documentation and here, but keep receiving the following error:
[Composer\Repository\InvalidRepositoryException]
No valid composer.json was found in any branch or tag of [repository URL], could not load a package from it.
Here is my project composer.json:
{
"name": "Project name",
"require": {
"my-vendor/my-package": "dev-master"
},
"repositories": [
{
"type": "vcs",
"url": [repository URL]
}
]
}
And here is the composer.json in my remote repository (that apparently can't be found):
{
"name": "my-vendor/my-package",
"version": "0.3",
"autoload": {
"psr-0": {
"NS_": "src"
}
}
}
I should mention that both composer.json files are in the root directory as they should be.
Some other things to note:
I've also tried the "non-composer package" approach, whereby I specify the package information in my project composer.json, and omit the composer.json from my remote repository, as outlined in the documentation. This successfully clones the master branch but then results in the following error:
[RuntimeException]
Failed to execute git checkout "master" && git reset --hard "master"
fatal: Not a git repository (or any of the parent directories): .git
However, the package is downloaded to /vendor as expected, so I'm not sure why it's trying to checkout master again.
This is not the way I wish to solve this problem (as I'd rather make use of a composer.json in the remote repository), but it might help identify an issue elsewhere.
Thanks for any help.
EDIT
I've managed to get it working by referencing a package.json over HTTP:
"repositories": [
{
"type": "composer",
"url": "http://localhost/packages.json"
}
]
The packages.json looks like:
{
"packages": {
"vendor/my-package": {
"dev-master": {
"name": "vendor/my-package",
"version": "dev-master",
"source": {
"url": [repository URL],
"type": "git",
"reference": "master"
}
}
}
}
}
Is this the only way to get this working? It seems a bit overkill to host my own packages.json file if I'm only going to be using one or two in-house packages.
Regardless, this is giving me the same Git error as I mentioned previously.
EDIT 2
Forcing an error (invalid SSH passphrase) gives this:
[RuntimeException]
Failed to execute git clone "[repository URL]" "C:\workspace\DFv3\vendor\vendor/my-package" && cd /D "C:\workspace\DFv3\vendor\vendor/my-package" && git remote add composer "[repository URL]" && git fetch composer
So I can clearly see what it's doing here. However, it seems after this command runs it cds into the .git directory and tries running:
git checkout "master" && git reset --hard "master"
Presumably to get rid of the composer instance it pulled. However, it's running this in the wrong directory and I can't figure out why..

I know this is a bit old, but for some that might encounter this issue, this is how it works for me.
Clear the composer cache.
composer clearcache
Rerun the satis build script.

You must not include a version specification in your library's composer.json if it is actually managed by a supported source control system. Currently you are saying that your master branch IS version 0.3 (which is a stable version), but you are trying to include "dev-master" (which is an unstable version). Composer might get confused if that software really is "dev-master" or "version 0.3".
If you actually are developing new releases for the 0.3.x series in your master branch, you should define a branch alias instead. Add this to your current development branch for versions 0.3.x:
"extra": {
"branch-alias": {
"dev-master": "0.3.x-dev"
}
}
If you want to move on to version 0.4 or 1.0, you'd branch at the "last" state of the 0.3 series with a branch named "0.3.x" and then update the composer.json in the master branch to point dev-master to a new alias (like "dev-master": "0.4.x-dev"). You could also name your old 0.3 branch anyway you like and then add an alias for THAT branch.
Doing this will enable you to require the latest development version of 0.3.x like this:
"require": {
"my-vendor/my-package": "0.3.*#dev"
}
This will pull the latest 0.3 version - which currently would be the latest commit in the master branch because of the defined alias.
The way you are currently set up forces you to explicitly include version 0.3, which is a moving target without making that fact explicitly known.
Giving an explicit version tag should only be done if there is no version control system available that is able to give Composer the version number, i.e. there are no tags available, or the tags do not comply with Composer's requirement for version numbers. Since you seem to be in control of that vcs, it probably is a good idea to make the tags conform to Composers standard instead of making it troublesome to release a new version.
After you fixed this, I do expect your installation to NOT require that package.json file anymore, because that file now repairs the trouble you created with that version declaration. You'd then also not need that composer reference anymore, but can revert back to mentioning the original repository like you did.
If you feel you are using too many private repositories which are all requiring more private repositories, and are sick of mentioning them all in a long list, you could think about using Satis to create such a list of found packages instead of manually creating them.

I had the same error, after deleting folders from vcs everything works fine
sudo rm -R ~/.composer/cache/vcs/*
On Windows (as #Serbu suggested):
Clearing the vcs, repo and files directories under
C:\Users\Me\AppData\Local\Composer\

I've managed to get it working by referencing a package.json over HTTP:
"repositories": [
{
"type": "composer",
"url": "http://localhost/packages.json"
}
]
so the packages.json file looks like:
{
"packages": {
"vendor/my-package": {
"dev-master": {
"name": "vendor/my-package",
"version": "dev-master",
"source": {
"url": [repository URL],
"type": "git",
"reference": "master"
}
}
}
}
}
Also, its seems an autorun registry entry I had for command prompt was interfering with composer running.
See: Requiring a private git Bitbucket repository fails to find valid composer.json.

While this might be considered necromancy, I stumbled across this question yesterday while having an issue just like this (although in my case I was running an Ubuntu Docker container and not Windows as the OP was) and thought I would leave my thoughts and resolution here should anyone else stumble across this.
The Ubuntu repo version of Composer is currently sitting at 1.6.x (at the time of writing, Composer is up to 1.9.1 I believe) and I was getting different errors depending on if I ran composer install with different levels of logging. Without logging, it moaned that it couldn't find a valid composer.json. With logging, it moaned that it couldn't access the repo (despite scanning the tags).
The solution for me was to globally install the latest version of Composer as the Ubuntu repo version was using outdated BitBucket API calls (v1 is deprecated). Once I had updated to a newer version of Composer, the install ran perfectly.
So check your Composer version and install an updated version if possible (a local/project install should work too).

I've just updated composer.json to last version and the problem gone away.

Composer does not fetch dependencies from local repository

I am trying to add a local project A as dependency to project B. Using git daemon I am able to fetch project A as dependency, but the dependencies defined with require in the composer.json in project A are not recognized. What am I missing?
project A:
{
"name": "project/a",
"require": {
"monolog/monolog": "dev-master"
}
}
project B:
"repositories": [
{
"type": "vcs",
"url": "git://localhost/home/user/project-a"
}
],
"require": {
"project/a": "dev-master"
}
result (in project B):
vendor/
project/a
expected:
vendor/
project/a
monolog/monolog

The most likely explanation is that you forgot to commit the changes to your composer.json in /home/user/project-a.
To debug this you can use composer show project-a dev-master -v. The -v will output more verbose info while it loads the repository, and then you will see details about the version you are installing, if it does not contain the monolog require, then I would say my guess above was correct. If it does contain it, we got a serious bug in composer and you should report it on github.

I encountered a similar issue and my issue was that I was running composer update instead of composer install and one of the libraries that I required defined some of its dependencies as zipballs from GitHub.