Has anyone used Laravel with private Composer?

Level 122

Look at some of the tutorials on package development. They usually cover the steps needed to pull from a private repository.

1 like

Level 8

@Snapey thanks I will take a look, but does it cover how to setup something like a replica of composer? For example, if I use:

composer create-project laravel/laravel my-app

It will install it from my private repo. But also make sure all the packages that Laravel needs are in that repo?

Level 122

@Ligonsker only if you mirror the entire github. Otherwise I suggest you just download the packages you need.

1 like

Level 8

@Snapey The issue is this: For every package that Laravel needs or I need to add, it needs to go through the security team, then they scan it, then they approve it and upload it to a special folder.

It takes long time since they do more things so imagine I just create a new Laravel app:

- Downloading symfony/var-dumper (v5.4.11)
  - Downloading symfony/string (v5.4.11)
  - Downloading symfony/console (v5.4.11)
  - Downloading voku/portable-ascii (1.6.1)
  - Downloading phpoption/phpoption (1.9.0)
  - Downloading graham-campbell/result-type (v1.1.0)
  - Downloading symfony/css-selector (v5.4.11)
  - Downloading symfony/routing (v5.4.11)
  - Downloading symfony/process (v5.4.11)
  - Downloading symfony/mime (v5.4.11)
  - Downloading symfony/http-foundation (v5.4.11)
  - Downloading symfony/event-dispatcher-contracts (v2.5.2)
  - Downloading symfony/event-dispatcher (v5.4.9)
  - Downloading symfony/error-handler (v5.4.11)
  - Downloading symfony/http-kernel (v5.4.11)
  - Downloading symfony/finder (v5.4.11)
  - Downloading ramsey/uuid (4.2.3)
  - Downloading symfony/translation (v5.4.11)
  - Downloading nesbot/carbon (2.60.0)
  - Downloading league/commonmark (2.3.5)
  - Downloading laravel/framework (v8.83.23)
  - Downloading facade/ignition (2.17.6)
  - Downloading fakerphp/faker (v1.20.0)
  - Downloading asm89/stack-cors (v2.1.1)
  - Downloading fruitcake/laravel-cors (v2.2.0)
  - Downloading laravel/sail (v1.15.1)
  - Downloading psy/psysh (v0.11.8)

Now each of these packages take a whole lot of time to actually get, it leaves me with more problems: They get the zip version of the package - how do I load it as Composer would even if I had it? Not sure I did that before.

But you see it gets quite impossible when you need more packages and you want to be able to develop conveniently.

I wonder if there are better solutions for that rather than downloading each zip separately then waiting for approval then somehow autoloading it as composer would?

Level 122

@Ligonsker nope. I hope you don't need any javascript packages!

1 like

Level 8

@Snapey Was it "nope" to the question "I wonder if there are better solutions for that?" 😭😥

And indeed there are already JavaScript packages lol!

Level 8

@snapey I was told that we have some "Nexus" server (maybe by Sonatype?). Assuming it's also sort of private package repository. How would I do the job of Composer? Let's say I get the zip package - what do I do in order to autoload like Composer does? Is it just unzipping the package and placing it in vendor?

RayC

Level 10

@Ligonsker Where are you getting the packages from? If they are on GitHub, why not send those that need to approve it to the repo and get approval before use? This way you can use:

composer require githubuser/reponame

Level 122

@Ligonsker no. It's far more complicated than that. The zip package you mention might have three other package dependencies, one of which has already been included by another package. Trying to manually do what composer does is completely impractical