debian-mirror-gitlab/doc/user/packages/composer_repository/index.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

333 lines
11 KiB
Markdown
Raw Normal View History

2020-06-23 00:09:42 +05:30
---
stage: Package
2023-01-13 00:05:48 +05:30
group: Package Registry
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-03-11 19:13:27 +05:30
# Composer packages in the Package Registry **(FREE)**
2020-06-23 00:09:42 +05:30
2021-12-11 22:18:48 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15886) in GitLab 13.2.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) from GitLab Premium to GitLab Free in 13.3.
> - Support for Composer 2.0 [added](https://gitlab.com/gitlab-org/gitlab/-/issues/259840) in GitLab 13.10.
2022-01-26 12:08:38 +05:30
> - Deploy token support [added](https://gitlab.com/gitlab-org/gitlab/-/issues/240897) in GitLab 14.6.
2020-06-23 00:09:42 +05:30
2021-11-18 22:05:49 +05:30
WARNING:
The Composer package registry for GitLab is under development and isn't ready for production use due to
limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6817) details the remaining
work and timelines to make it production ready.
2021-01-03 14:25:43 +05:30
Publish [Composer](https://getcomposer.org/) packages in your project's Package Registry.
Then, install the packages whenever you need to use them as a dependency.
2020-06-23 00:09:42 +05:30
2021-04-29 21:17:54 +05:30
For documentation of the specific API endpoints that the Composer
client uses, see the [Composer API documentation](../../../api/packages/composer.md).
2020-06-23 00:09:42 +05:30
2022-05-07 20:08:51 +05:30
Composer v2.0 is recommended. Composer v1.0 is supported, but it has lower performance when working
in groups with very large numbers of packages.
2023-01-13 00:05:48 +05:30
Learn how to [build a Composer package](../workflows/build_packages.md#composer).
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
## Publish a Composer package by using the API
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Publish a Composer package to the Package Registry,
so that anyone who can access the project can use the package as a dependency.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Prerequisites:
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
- A package in a GitLab repository. Composer packages should be versioned based on
the [Composer specification](https://getcomposer.org/doc/04-schema.md#version).
2021-03-08 18:12:59 +05:30
If the version is not valid, for example, it has three dots (`1.0.0.0`), an
error (`Validation failed: Version is invalid`) occurs when you publish.
2021-01-03 14:25:43 +05:30
- A valid `composer.json` file.
- The Packages feature is enabled in a GitLab repository.
- The project ID, which is on the project's home page.
2022-01-26 12:08:38 +05:30
- One of the following token types:
- A [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `api`.
- A [deploy token](../../project/deploy_tokens/index.md)
with the scope set to `write_package_registry`.
2020-06-23 00:09:42 +05:30
2022-01-26 12:08:38 +05:30
To publish the package with a personal access token:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Send a `POST` request to the [Packages API](../../../api/packages.md).
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
For example, you can use `curl`:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
curl --data tag=<tag> "https://__token__:<personal-access-token>@gitlab.example.com/api/v4/projects/<project_id>/packages/composer"
```
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
- `<personal-access-token>` is your personal access token.
- `<project_id>` is your project ID.
- `<tag>` is the Git tag name of the version you want to publish.
2023-01-13 00:05:48 +05:30
To publish a branch, use `branch=<branch>` instead of `tag=<tag>`.
2020-11-24 15:15:51 +05:30
2022-01-26 12:08:38 +05:30
To publish the package with a deploy token:
- Send a `POST` request to the [Packages API](../../../api/packages.md).
For example, you can use `curl`:
```shell
curl --data tag=<tag> --header "Deploy-Token: <deploy-token>" "https://gitlab.example.com/api/v4/projects/<project_id>/packages/composer"
```
- `<deploy-token>` is your deploy token
- `<project_id>` is your project ID.
- `<tag>` is the Git tag name of the version you want to publish.
2023-01-13 00:05:48 +05:30
To publish a branch, use `branch=<branch>` instead of `tag=<tag>`.
2022-01-26 12:08:38 +05:30
2022-10-11 01:57:18 +05:30
You can view the published package by going to **Packages and registries > Package Registry** and
2021-01-03 14:25:43 +05:30
selecting the **Composer** tab.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
## Publish a Composer package by using CI/CD
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
You can publish a Composer package to the Package Registry as part of your CI/CD process.
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
1. Specify a `CI_JOB_TOKEN` in your `.gitlab-ci.yml` file:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```yaml
stages:
- deploy
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
deploy:
stage: deploy
script:
2021-11-18 22:05:49 +05:30
- apk add curl
2021-09-04 01:27:46 +05:30
- 'curl --header "Job-Token: $CI_JOB_TOKEN" --data tag=<tag> "${CI_API_V4_URL}/projects/$CI_PROJECT_ID/packages/composer"'
2022-10-11 01:57:18 +05:30
environment: production
2021-01-03 14:25:43 +05:30
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Run the pipeline.
2020-06-23 00:09:42 +05:30
2022-10-11 01:57:18 +05:30
To view the published package, go to **Packages and registries > Package Registry** and select the **Composer** tab.
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
### Use a CI/CD template
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
A more detailed Composer CI/CD file is also available as a `.gitlab-ci.yml` template:
2020-11-24 15:15:51 +05:30
2021-09-04 01:27:46 +05:30
1. On the left sidebar, select **Project information**.
2021-11-18 22:05:49 +05:30
1. Above the file list, select **Set up CI/CD**. If this button is not available, select **CI/CD Configuration** and then **Edit**.
2021-01-03 14:25:43 +05:30
1. From the **Apply a template** list, select **Composer**.
2020-11-24 15:15:51 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-01-03 14:25:43 +05:30
Do not save unless you want to overwrite the existing CI/CD file.
2020-06-23 00:09:42 +05:30
2021-03-08 18:12:59 +05:30
## Publishing packages with the same name or version
When you publish:
- The same package with different data, it overwrites the existing package.
2021-12-11 22:18:48 +05:30
- The same package with the same data, a `400 Bad request` error occurs.
2021-03-08 18:12:59 +05:30
2021-01-03 14:25:43 +05:30
## Install a Composer package
2020-06-23 00:09:42 +05:30
2022-06-21 17:19:12 +05:30
> Authorization to [download a package archive](../../../api/packages/composer.md#download-a-package-archive) was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/331601) in GitLab 14.10.
2021-01-03 14:25:43 +05:30
Install a package from the Package Registry so you can use it as a dependency.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Prerequisites:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- A package in the Package Registry.
- The group ID, which is on the group's home page.
2022-01-26 12:08:38 +05:30
- One of the following token types:
- A [personal access token](../../../user/profile/personal_access_tokens.md)
with the scope set to, at minimum, `api`.
- A [deploy token](../../project/deploy_tokens/index.md)
with the scope set to `read_package_registry`, `write_package_registry`, or both.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
To install a package:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Add the Package Registry URL to your project's `composer.json` file, along with the package name and version you want to install:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Connect to the Package Registry for your group:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
composer config repositories.<group_id> composer https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Set the required package version:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
composer require <package_name>:<version>
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Result in the `composer.json` file:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```json
{
...
"repositories": {
"<group_id>": {
"type": "composer",
"url": "https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/"
},
...
},
"require": {
...
"<package_name>": "<version>"
},
...
}
```
You can unset this with the command:
```shell
composer config --unset repositories.<group_id>
```
- `<group_id>` is the group ID.
- `<package_name>` is the package name defined in your package's `composer.json` file.
- `<version>` is the package version.
1. Create an `auth.json` file with your GitLab credentials:
2022-01-26 12:08:38 +05:30
Using a personal access token:
2021-01-03 14:25:43 +05:30
```shell
composer config gitlab-token.<DOMAIN-NAME> <personal_access_token>
```
Result in the `auth.json` file:
```json
{
...
"gitlab-token": {
"<DOMAIN-NAME>": "<personal_access_token>",
...
}
}
```
2022-01-26 12:08:38 +05:30
Using a deploy token:
```shell
composer config gitlab-token.<DOMAIN-NAME> <deploy_token_username> <deploy_token>
```
Result in the `auth.json` file:
```json
{
...
"gitlab-token": {
"<DOMAIN-NAME>": {
"username": "<deploy_token_username>",
"token": "<deploy_token>",
...
}
}
```
2021-01-03 14:25:43 +05:30
You can unset this with the command:
```shell
composer config --unset --auth gitlab-token.<DOMAIN-NAME>
```
- `<DOMAIN-NAME>` is the GitLab instance URL `gitlab.com` or `gitlab.example.com`.
2022-01-26 12:08:38 +05:30
- `<personal_access_token>` with the scope set to `api`, or `<deploy_token>` with the scope set
to `read_package_registry` and/or `write_package_registry`.
2021-01-03 14:25:43 +05:30
1. If you are on a GitLab self-managed instance, add `gitlab-domains` to `composer.json`.
```shell
composer config gitlab-domains gitlab01.example.com gitlab02.example.com
```
Result in the `composer.json` file:
```json
{
...
"repositories": [
{ "type": "composer", "url": "https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/" }
],
"config": {
...
"gitlab-domains": ["gitlab01.example.com", "gitlab02.example.com"]
},
"require": {
...
"<package_name>": "<version>"
},
...
}
```
You can unset this with the command:
```shell
composer config --unset gitlab-domains
```
2021-02-22 17:27:13 +05:30
NOTE:
2021-01-03 14:25:43 +05:30
On GitLab.com, Composer uses the GitLab token from `auth.json` as a private token by default.
Without the `gitlab-domains` definition in `composer.json`, Composer uses the GitLab token
as basic-auth, with the token as a username and a blank password. This results in a 401 error.
2021-04-29 21:17:54 +05:30
1. With the `composer.json` and `auth.json` files configured, you can install the package by running:
```shell
composer update
```
Or to install the single package:
```shell
composer req <package-name>:<package-version>
```
If successful, you should see output indicating that the package installed successfully.
You can also install from source (by pulling the Git repository directly) using the
`--prefer-source` option:
```shell
composer update --prefer-source
```
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-01-03 14:25:43 +05:30
Never commit the `auth.json` file to your repository. To install packages from a CI/CD job,
2022-01-26 12:08:38 +05:30
consider using the [`composer config`](https://getcomposer.org/doc/articles/handling-private-packages.md#satis) tool with your access token
2021-09-30 23:02:18 +05:30
stored in a [GitLab CI/CD variable](../../../ci/variables/index.md) or in
2021-01-03 14:25:43 +05:30
[HashiCorp Vault](../../../ci/secrets/index.md).
2021-04-29 21:17:54 +05:30
2022-01-26 12:08:38 +05:30
### Working with Deploy Tokens
Although Composer packages are accessed at the group level, a group or project deploy token can be
used to access them:
- A group deploy token has access to all packages published to projects in that group or its
subgroups.
- A project deploy token only has access to packages published to that particular project.
2022-04-04 11:22:00 +05:30
## Troubleshooting
2022-06-21 17:19:12 +05:30
### Caching
2023-04-23 21:23:45 +05:30
To improve performance, Composer caches files related to a package. Composer doesn't remove data by
2022-04-04 11:22:00 +05:30
itself. The cache grows as new packages are installed. If you encounter issues, clear the cache with
this command:
```shell
composer clearcache
```
2022-06-21 17:19:12 +05:30
### Authorization requirement when using `composer install`
In GitLab 14.9 and earlier, you did not require authorization to use `composer install` if you already had a generated `composer.lock`.
If you committed your `composer.lock`, you could do a `composer install` in CI without setting up credentials.
In GitLab 14.10 and later, authorization is required for the [downloading a package archive](../../../api/packages/composer.md#download-a-package-archive) endpoint.
If you encounter a credentials prompt when you are using `composer install`, follow the instructions in the [install a composer package](#install-a-composer-package) section to create an `auth.json` file.
2021-04-29 21:17:54 +05:30
## Supported CLI commands
The GitLab Composer repository supports the following Composer CLI commands:
- `composer install`: Install Composer dependencies.
- `composer update`: Install the latest version of Composer dependencies.