Handling Private Repositories

Here are the most common issues and solutions we've come across for handling private composer packages.

Private Git Repositories

If you have private Git repositories that you can access when running composer install locally, but cannot within Chipper, it's likely because Chipper only has access to the specific repository being built and tested.

Often this means you'll have a composer.json with something like the following:

{
    "repositories": [
        {
            "type": "git",
            "url": "https://github.com/foo/bar"
        }
    ],
    "require": {
        "foo/bar": "~1.0"
    }
}

In this case, Composer (and Git) will attempt to clone or download that repository. However, Chipper will only have access to the main project, and not this private repository foo/bar.

Solutions

All Providers:

This is the recommended solution for allowing composer to clone private repositories.

You can use Personal Access Tokens to help composer authenticate and clone private packages.

You can find how/where to create a personal access token here:

After creating a personal access token for a user who has access to your private repositories, you can add the following to your Build Pipeline before attempting to run composer install ...:

# Use one of the following:
# Do NOT use the -g flag
composer config github-oauth.github.com a-personal-access-token-here
composer config gitlab-oauth.gitlab.com a-personal-access-token-here
composer config bitbucket-oauth.bitbucket.org consumer-key-here consumer-secret-here

ChipperCI uses a global COMPOSER_AUTH environment variable, which will include a github-oauth.github.com configuration if your project was created from a GitHub repository. This conflicts with using composer config -g (global). Therefore, do not use the -g or --global flag for the composer config command.

GitLab or BitBucket:

You can use Deploy Keys keys to allow Chipper access to private repositories for GitLab or Bitbucket.

Each Chipper project includes an SSH key used to access repositories or other SSH-based clients. You can download the SSH key from each project's Project Settings page under the heading External Access.

You can then add this SSH key as a Deploy Key within the private repository settings within GitLab or Bitbucket.

This will give Composer (and Git) SSH-based access to that private repository.

GitHub:

The easiest solutions for including private repositories as Composer dependencies from GitHub is one of the following:

  1. Use a GitHub Personal Access Token as documented above.
  2. Install the Chipper CI GitHub Application into all repositories your project requires prior to creating a project within ChipperCI

Other options from GitHub are a bit more complex:

GitHub does not allow you to re-use a Deploy Key twice. Since Chipper creates a Deploy Key to gain access to the project repository that is being built/tested, that SSH key cannot be used for a Deploy Key in other private repositories.

This leaves you with two options:

  1. Add Chipper's SSH key to the GitHub user's account (the GitHub user authenticated when creating the Chipper project)
    • Follow this link to add an SSH key to your GitHub account. Be sure you're logged into the user account used to setup your Chipper project
  2. Create a "Machine User". A "machine user" is simply a GitHub user who has access to just the projects you need.
    • This new GitHub user should be used to setup a project within Chipper
    • Add Chipper's SSH key to the new user's SSH key settings so Chipper can access the same repositories that user has access to.