Composer Repository
Cloudsmith provides public & private repositories for Composer (php)
Composer is a dependency management tool for PHP.
For more information on Composer, please see:
- Composer: The official website for Composer
- Composer Documentation: The official docs for Composer
In the following examples:
Identifier | Description |
---|---|
OWNER | Your Cloudsmith account name or organisation name (namespace) |
REPOSITORY | Your Cloudsmith Repository name (also called "slug") |
TOKEN | Your Cloudsmith Entitlement Token (see Entitlements for more details) |
USERNAME | Your Cloudsmith username |
PASSWORD | Your Cloudsmith password |
API-KEY | Your Cloudsmith API Key |
PACKAGE_NAME | The name of your package |
PACKAGE_VERSION | The version number of your package |
Upload a Package
Upload via the Cloudsmith CLI
For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.
The command to upload a Composer package via the Cloudsmith CLI is:
cloudsmith push composer OWNER/REPOSITORY PACKAGE_NAME.phar
Example:
cloudsmith push composer org/repo your-package.phar
Upload via Cloudsmith Website
Please see Upload a Package for details of how to upload via the Website UI.
Download / Install a Package
Setup
To enable the retrieval of Cloudsmith hosted packages via Composer, the first step is to add your repository to the repositories section of your composer.json
file. How you add your repository to your composer.json
file differs if the repository is private or public.
Public Repositories
Add the following JSON snippet to your composer.json
file:
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/public/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
Private Repositories
Private Cloudsmith repositories require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication.
The setup method will differ depending on what authentication type you choose to use.
Entitlement Tokens, User Credentials and API-Keys should be treated as secrets and you should ensure that you do not commit them in configurations files along with source code, or expose them in any logs
Add one of the following JSON snippets to your project composer.json
file:
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
NOTE
When using HTTP Basic Authentication you'll probably want to keep your credentials separately in your
auth.json
file instead of within thecomposer.json
file. When you have your credentials ready, add one of the following JSON snippets to yourauth.json
file:
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "USERNAME",
"password": "PASSWORD"
}
}
}
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "USERNAME",
"password": "API-KEY"
}
}
}
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "token",
"password": "TOKEN"
}
}
}
Specifying Dependencies
After the repository is added to your composer.json
file, you then specify the dependency in the require section of your composer.json
file or using the composer require
command:
via composer.json file
Add the following JSON snippet to your project composer.json
file:
{
"require": {
"PACKAGE_NAME": "PACKAGE_VERSION"
}
}
via composer require
Use the following command:
composer require PACKAGE_NAME:PACKAGE_VERSION
Installing a Package
To install the dependencies listed in your composer.json
file use the command:
composer install
Composer will then resolve all dependencies listed in your composer.json
file and download them into the vendor
directory in your project.
Configuration Example
The following is an example of a complete (but minimal) composer.json
file with a public cloudsmith repository and a single dependency:
{
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/public/org/repo/composer/",
"options": {}
}
],
"require": {
"cloudsmith/cloudsmith-composer-example": "1.0.157954077030330"
}
}
Security Scanning
Supported
Please see our Security Scanning documentation for further information.
Upstream Proxying / Caching
Not Supported
Key Signing Support
GPG
Troubleshooting
Please see the Troubleshooting page for further help and information.
Updated 3 months ago