Composer Repository
Cloudsmith provides public & private repositories for Composer (php)
Composer is a dependency management tool for PHP.
For more information on Composer, please see:
- Composer: The official website for Composer
- Composer Documentation: The official docs for Composer
The examples in this document are generic. Cloudsmith provides contextual setup instructions within each repository, complete with copy n' paste snippets (with your namespace/repo pre-configured).
In the following examples:
| Identifier | Description |
|---|---|
| OWNER | Your Cloudsmith account name or organisation name (namespace) |
| REPOSITORY | Your Cloudsmith Repository name (also called "slug") |
| TOKEN | Your Cloudsmith Entitlement Token (see Entitlements for more details) |
| USERNAME | Your Cloudsmith username |
| PASSWORD | Your Cloudsmith password |
| API-KEY | Your Cloudsmith API Key |
| PACKAGE_NAME | The name of your package |
| PACKAGE_VERSION | The version number of your package |
Upload a Package
Upload via the Cloudsmith CLI
For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.
The command to upload a Composer package via the Cloudsmith CLI is:
cloudsmith push composer OWNER/REPOSITORY PACKAGE_NAME.phar
Example:
cloudsmith push composer org/repo your-package.phar
Upload via Cloudsmith Website
Please see Upload a Package for details of how to upload via the Website UI.
Download / Install a Package
Setup
To enable the retrieval of Cloudsmith hosted packages via Composer, the first step is to add your repository to the repositories section of your composer.json file. How you add your repository to your composer.json file differs if the repository is private or public.
Public Repositories
Add the following JSON snippet to your composer.json file:
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/public/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
Private Repositories
Private Cloudsmith repositories require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication.
The setup method will differ depending on what authentication type you choose to use.
Entitlement Tokens, User Credentials and API-Keys should be treated as secrets and you should ensure that you do not commit them in configurations files along with source code, or expose them in any logs
Add one of the following JSON snippets to your project composer.json file:
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/composer/",
"options": {
}
}
]
NOTE
When using HTTP Basic Authentication you'll probably want to keep your credentials separately in your
auth.jsonfile instead of within thecomposer.jsonfile. When you have your credentials ready, add one of the following JSON snippets to yourauth.jsonfile:
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "USERNAME",
"password": "PASSWORD"
}
}
}
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "USERNAME",
"password": "API-KEY"
}
}
}
{
"http-basic": {
"dl.cloudsmith.io": {
"username": "token",
"password": "TOKEN"
}
}
}
Specifying Dependencies
After the repository is added to your composer.json file, you then specify the dependency in the require section of your composer.json file or using the composer require command:
via composer.json file
Add the following JSON snippet to your project composer.json file:
{
"require": {
"PACKAGE_NAME": "PACKAGE_VERSION"
}
}
via composer require
Use the following command:
composer require PACKAGE_NAME:PACKAGE_VERSION
Installing a Package
To install the dependencies listed in your composer.json file use the command:
composer install
Composer will then resolve all dependencies listed in your composer.json file and download them into the vendor directory in your project.
Configuration Example
The following is an example of a complete (but minimal) composer.json file with a public cloudsmith repository and a single dependency:
{
"repositories": [
{
"type": "composer",
"url": "https://dl.cloudsmith.io/public/org/repo/composer/",
"options": {}
}
],
"require": {
"cloudsmith/cloudsmith-composer-example": "1.0.157954077030330"
}
}
Security Scanning
Supported
Please see our Security Scanning documentation for further information.
Upstream Proxying / Caching
Not Supported
Key Signing Support
GPG
Troubleshooting
Please see the Troubleshooting page for further help and information.
Updated over 1 year ago