debian-mirror-gitlab/doc/user/packages/composer_repository/index.md

371 lines
12 KiB
Markdown
Raw Normal View History

2020-06-23 00:09:42 +05:30
---
stage: Package
group: Package
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-06-23 00:09:42 +05:30
---
2021-03-11 19:13:27 +05:30
# Composer packages in the Package Registry **(FREE)**
2020-06-23 00:09:42 +05:30
2021-12-11 22:18:48 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15886) in GitLab 13.2.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) from GitLab Premium to GitLab Free in 13.3.
> - Support for Composer 2.0 [added](https://gitlab.com/gitlab-org/gitlab/-/issues/259840) in GitLab 13.10.
2022-01-26 12:08:38 +05:30
> - Deploy token support [added](https://gitlab.com/gitlab-org/gitlab/-/issues/240897) in GitLab 14.6.
2020-06-23 00:09:42 +05:30
2021-11-18 22:05:49 +05:30
WARNING:
The Composer package registry for GitLab is under development and isn't ready for production use due to
limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6817) details the remaining
work and timelines to make it production ready.
2021-01-03 14:25:43 +05:30
Publish [Composer](https://getcomposer.org/) packages in your project's Package Registry.
Then, install the packages whenever you need to use them as a dependency.
2020-06-23 00:09:42 +05:30
2021-04-29 21:17:54 +05:30
For documentation of the specific API endpoints that the Composer
client uses, see the [Composer API documentation](../../../api/packages/composer.md).
2020-06-23 00:09:42 +05:30
2022-05-07 20:08:51 +05:30
Composer v2.0 is recommended. Composer v1.0 is supported, but it has lower performance when working
in groups with very large numbers of packages.
2021-01-03 14:25:43 +05:30
## Create a Composer package
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
If you do not have a Composer package, create one and check it in to
a repository. This example shows a GitLab repository, but the repository
can be any public or private repository.
2020-06-23 00:09:42 +05:30
2021-03-08 18:12:59 +05:30
WARNING:
If you are using a GitLab repository, the project must have been created from
a group's namespace, rather than a user's namespace. Composer packages
[can't be published to projects created from a user's namespace](https://gitlab.com/gitlab-org/gitlab/-/issues/235467).
2021-01-03 14:25:43 +05:30
1. Create a directory called `my-composer-package` and change to that directory:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
mkdir my-composer-package && cd my-composer-package
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Run [`composer init`](https://getcomposer.org/doc/03-cli.md#init) and answer the prompts.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
For namespace, enter your unique [namespace](../../../user/group/index.md#namespaces), like your GitLab username or group name.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
A file called `composer.json` is created:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```json
{
"name": "<namespace>/composer-test",
"description": "Library XY",
"type": "library",
"license": "GPL-3.0-only",
"authors": [
{
"name": "John Doe",
"email": "john@example.com"
}
],
"require": {}
}
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Run Git commands to tag the changes and push them to your repository:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
git init
git add composer.json
git commit -m 'Composer package test'
git tag v1.0.0
git remote add origin git@gitlab.example.com:<namespace>/<project-name>.git
2021-10-27 15:23:28 +05:30
git push --set-upstream origin main
2021-01-03 14:25:43 +05:30
git push origin v1.0.0
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
The package is now in your GitLab Package Registry.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
## Publish a Composer package by using the API
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Publish a Composer package to the Package Registry,
so that anyone who can access the project can use the package as a dependency.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Prerequisites:
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
- A package in a GitLab repository. Composer packages should be versioned based on
the [Composer specification](https://getcomposer.org/doc/04-schema.md#version).
2021-03-08 18:12:59 +05:30
If the version is not valid, for example, it has three dots (`1.0.0.0`), an
error (`Validation failed: Version is invalid`) occurs when you publish.
2021-01-03 14:25:43 +05:30
- A valid `composer.json` file.
- The Packages feature is enabled in a GitLab repository.
- The project ID, which is on the project's home page.
2022-01-26 12:08:38 +05:30
- One of the following token types:
- A [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `api`.
- A [deploy token](../../project/deploy_tokens/index.md)
with the scope set to `write_package_registry`.
2020-06-23 00:09:42 +05:30
2022-01-26 12:08:38 +05:30
To publish the package with a personal access token:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Send a `POST` request to the [Packages API](../../../api/packages.md).
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
For example, you can use `curl`:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
curl --data tag=<tag> "https://__token__:<personal-access-token>@gitlab.example.com/api/v4/projects/<project_id>/packages/composer"
```
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
- `<personal-access-token>` is your personal access token.
- `<project_id>` is your project ID.
- `<tag>` is the Git tag name of the version you want to publish.
To publish a branch, use `branch=<branch>` instead of `tag=<tag>`.
2020-11-24 15:15:51 +05:30
2022-01-26 12:08:38 +05:30
To publish the package with a deploy token:
- Send a `POST` request to the [Packages API](../../../api/packages.md).
For example, you can use `curl`:
```shell
curl --data tag=<tag> --header "Deploy-Token: <deploy-token>" "https://gitlab.example.com/api/v4/projects/<project_id>/packages/composer"
```
- `<deploy-token>` is your deploy token
- `<project_id>` is your project ID.
- `<tag>` is the Git tag name of the version you want to publish.
To publish a branch, use `branch=<branch>` instead of `tag=<tag>`.
2021-01-03 14:25:43 +05:30
You can view the published package by going to **Packages & Registries > Package Registry** and
selecting the **Composer** tab.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
## Publish a Composer package by using CI/CD
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
You can publish a Composer package to the Package Registry as part of your CI/CD process.
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
1. Specify a `CI_JOB_TOKEN` in your `.gitlab-ci.yml` file:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```yaml
stages:
- deploy
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
deploy:
stage: deploy
script:
2021-11-18 22:05:49 +05:30
- apk add curl
2021-09-04 01:27:46 +05:30
- 'curl --header "Job-Token: $CI_JOB_TOKEN" --data tag=<tag> "${CI_API_V4_URL}/projects/$CI_PROJECT_ID/packages/composer"'
2021-01-03 14:25:43 +05:30
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Run the pipeline.
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
To view the published package, go to **Packages & Registries > Package Registry** and select the **Composer** tab.
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
### Use a CI/CD template
2020-11-24 15:15:51 +05:30
2021-01-03 14:25:43 +05:30
A more detailed Composer CI/CD file is also available as a `.gitlab-ci.yml` template:
2020-11-24 15:15:51 +05:30
2021-09-04 01:27:46 +05:30
1. On the left sidebar, select **Project information**.
2021-11-18 22:05:49 +05:30
1. Above the file list, select **Set up CI/CD**. If this button is not available, select **CI/CD Configuration** and then **Edit**.
2021-01-03 14:25:43 +05:30
1. From the **Apply a template** list, select **Composer**.
2020-11-24 15:15:51 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-01-03 14:25:43 +05:30
Do not save unless you want to overwrite the existing CI/CD file.
2020-06-23 00:09:42 +05:30
2021-03-08 18:12:59 +05:30
## Publishing packages with the same name or version
When you publish:
- The same package with different data, it overwrites the existing package.
2021-12-11 22:18:48 +05:30
- The same package with the same data, a `400 Bad request` error occurs.
2021-03-08 18:12:59 +05:30
2021-01-03 14:25:43 +05:30
## Install a Composer package
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Install a package from the Package Registry so you can use it as a dependency.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Prerequisites:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- A package in the Package Registry.
- The group ID, which is on the group's home page.
2022-01-26 12:08:38 +05:30
- One of the following token types:
- A [personal access token](../../../user/profile/personal_access_tokens.md)
with the scope set to, at minimum, `api`.
- A [deploy token](../../project/deploy_tokens/index.md)
with the scope set to `read_package_registry`, `write_package_registry`, or both.
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
To install a package:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
1. Add the Package Registry URL to your project's `composer.json` file, along with the package name and version you want to install:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Connect to the Package Registry for your group:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
composer config repositories.<group_id> composer https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
- Set the required package version:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```shell
composer require <package_name>:<version>
```
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
Result in the `composer.json` file:
2020-06-23 00:09:42 +05:30
2021-01-03 14:25:43 +05:30
```json
{
...
"repositories": {
"<group_id>": {
"type": "composer",
"url": "https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/"
},
...
},
"require": {
...
"<package_name>": "<version>"
},
...
}
```
You can unset this with the command:
```shell
composer config --unset repositories.<group_id>
```
- `<group_id>` is the group ID.
- `<package_name>` is the package name defined in your package's `composer.json` file.
- `<version>` is the package version.
1. Create an `auth.json` file with your GitLab credentials:
2022-01-26 12:08:38 +05:30
Using a personal access token:
2021-01-03 14:25:43 +05:30
```shell
composer config gitlab-token.<DOMAIN-NAME> <personal_access_token>
```
Result in the `auth.json` file:
```json
{
...
"gitlab-token": {
"<DOMAIN-NAME>": "<personal_access_token>",
...
}
}
```
2022-01-26 12:08:38 +05:30
Using a deploy token:
```shell
composer config gitlab-token.<DOMAIN-NAME> <deploy_token_username> <deploy_token>
```
Result in the `auth.json` file:
```json
{
...
"gitlab-token": {
"<DOMAIN-NAME>": {
"username": "<deploy_token_username>",
"token": "<deploy_token>",
...
}
}
```
2021-01-03 14:25:43 +05:30
You can unset this with the command:
```shell
composer config --unset --auth gitlab-token.<DOMAIN-NAME>
```
- `<DOMAIN-NAME>` is the GitLab instance URL `gitlab.com` or `gitlab.example.com`.
2022-01-26 12:08:38 +05:30
- `<personal_access_token>` with the scope set to `api`, or `<deploy_token>` with the scope set
to `read_package_registry` and/or `write_package_registry`.
2021-01-03 14:25:43 +05:30
1. If you are on a GitLab self-managed instance, add `gitlab-domains` to `composer.json`.
```shell
composer config gitlab-domains gitlab01.example.com gitlab02.example.com
```
Result in the `composer.json` file:
```json
{
...
"repositories": [
{ "type": "composer", "url": "https://gitlab.example.com/api/v4/group/<group_id>/-/packages/composer/" }
],
"config": {
...
"gitlab-domains": ["gitlab01.example.com", "gitlab02.example.com"]
},
"require": {
...
"<package_name>": "<version>"
},
...
}
```
You can unset this with the command:
```shell
composer config --unset gitlab-domains
```
2021-02-22 17:27:13 +05:30
NOTE:
2021-01-03 14:25:43 +05:30
On GitLab.com, Composer uses the GitLab token from `auth.json` as a private token by default.
Without the `gitlab-domains` definition in `composer.json`, Composer uses the GitLab token
as basic-auth, with the token as a username and a blank password. This results in a 401 error.
2021-04-29 21:17:54 +05:30
1. With the `composer.json` and `auth.json` files configured, you can install the package by running:
```shell
composer update
```
Or to install the single package:
```shell
composer req <package-name>:<package-version>
```
If successful, you should see output indicating that the package installed successfully.
You can also install from source (by pulling the Git repository directly) using the
`--prefer-source` option:
```shell
composer update --prefer-source
```
2020-06-23 00:09:42 +05:30
2021-02-22 17:27:13 +05:30
WARNING:
2021-01-03 14:25:43 +05:30
Never commit the `auth.json` file to your repository. To install packages from a CI/CD job,
2022-01-26 12:08:38 +05:30
consider using the [`composer config`](https://getcomposer.org/doc/articles/handling-private-packages.md#satis) tool with your access token
2021-09-30 23:02:18 +05:30
stored in a [GitLab CI/CD variable](../../../ci/variables/index.md) or in
2021-01-03 14:25:43 +05:30
[HashiCorp Vault](../../../ci/secrets/index.md).
2021-04-29 21:17:54 +05:30
2022-01-26 12:08:38 +05:30
### Working with Deploy Tokens
Although Composer packages are accessed at the group level, a group or project deploy token can be
used to access them:
- A group deploy token has access to all packages published to projects in that group or its
subgroups.
- A project deploy token only has access to packages published to that particular project.
2022-04-04 11:22:00 +05:30
## Troubleshooting
To improve performance, Composer caches files related to a package. Note that Composer doesn't remove data by
itself. The cache grows as new packages are installed. If you encounter issues, clear the cache with
this command:
```shell
composer clearcache
```
2021-04-29 21:17:54 +05:30
## Supported CLI commands
The GitLab Composer repository supports the following Composer CLI commands:
- `composer install`: Install Composer dependencies.
- `composer update`: Install the latest version of Composer dependencies.