Setup composer HTTP basic authentication for multiple repositories

[tangrufus]

Usage

# group_vars/<env>/vault.yml

vault_wordpress_sites:
  typist.tech:
    composer_authentications:
      - { hostname: my.com, username: my-username, password: my-password }
      - { hostname: your.com, username: your-username, password: your-password }
  example.com:
    composer_authentications:
      - { hostname: his.com, username: his-username, password: his-password }
      - { hostname: her.com, username: her-username, password: her-password }

Notes

Loops

Bumping ansible version_requirement to 2.5.0.0 to start using loop.

With the release of Ansible 2.5, the recommended way to perform loops is the use the new loop keyword instead of with_X style loops.

https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.5.html?highlight=loop#migrating-from-with-x-to-loop

Setup packagist.com authentication

Keeping the original Setup packagist.com authentication task for backward compatibility.

Maybe remove it in Trellis v2?

Help Wanted

Vagrant

When you remove an item from composer_authentications, re-provisioning vagrant VM won't delete the removed item.

Send pull request if you have a better way to do it.

Why the ugly include_tasks: tasks/composer-authentications.yml?

Seems ansible has no way to make a foreach inside a foreach loop.

Send pull request if you have a better way to do it.

[swalkinshaw]

Well this is much better! Shame we didn't do it this way originally.

Keeping the original Setup packagist.com authentication task for backward compatibility.
Maybe remove it in Trellis v2?

It might be possible to keep the existing packagist_token variable but append it to the new var if its defined with the default hostname/username we use now? It doesn't get rid of the variable setting, but it would eliminate the existing task at least?

[tangrufus]

It might be possible to keep the existing packagist_token variable but append it to the new var if its defined with the default hostname/username we use now?

Done.

The current implementation is ugly. Leave a comment if you think of more elegant alternatives.

Note: Need help testing this pull requests on vagrant!

[tangrufus]

rebased onto #1092 and removed ansible 2.4 from trhe test matrix

[swalkinshaw]

Working fine for me locally. Config settings got set properly. Only thing I noticed was this:

TASK [wordpress-install : Setup composer authentications - example.com] ********
skipping: [default] => (item=None)
changed: [default] => (item=None)
changed: [default] => (item=None)

item=None is a bit confusing but it did work.

[tangrufus]

Added loop_control.label and changed_when: false.

Example (vagrant):

TASK [wordpress-install : Setup composer authentications - google.com] *********
skipping: [default] => (item=repo.packagist.com)
ok: [default] => (item=his.com)
ok: [default] => (item=her.com)

TASK [wordpress-install : Setup composer authentications - typist.tech] ********
ok: [default] => (item=repo.packagist.com)
ok: [default] => (item=my.com)
ok: [default] => (item=your.com)

Example (deploy):

TASK [deploy : Setup composer authentications] *********************************
skipping: [123.123.123.123] => (item=repo.packagist.com)
ok: [123.123.123.123] => (item=my.com)
ok: [123.123.123.123] => (item=your.com)

[swalkinshaw]

✨ fancy, didn't know about that

[swalkinshaw]

Thank you!

[tomektomczuk]

how would you authenticate plugins from private repository as well as paid plugins like WPMU?

[tangrufus]

This feature has not been documented in https://roots.io/docs/trellis. One example can be found here https://discourse.roots.io/t/gitlab-private-repo-as-composer-package/20592/19

PRs to https://github.com/roots/docs/ is welcomed.

[tomektomczuk]

What about WPMU? Will this work ?

website_adres: composer_authentications: - { hostname: wpmudev.com, username: api_key , password: null }

[tangrufus]

Try it and report back please.

[tomektomczuk]

Try it and report back please.

it doesn't work
failed: [3.67.6.215] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

any suggestions?

[swalkinshaw]

I suggest running the composer commands manually locally (or on your server) to see if it works. It's not likely to be an actual issue with Trellis itself.

Here's what Trellis does:

trellis/roles/deploy/hooks/build-after.yml

Lines 13 to 16 in 9c5ac56

	composer:
	command: config
	arguments: --auth http-basic.{{ composer_authentication.hostname }} {{ composer_authentication.username }} {{ composer_authentication.password }}
	working_dir: "{{ deploy_helper.new_release_path }}"

So if you run composer config --auth http-basic.wpmudev.com myuser mypassword then you'll be able to debug and see if it works or not.

[tomektomczuk]

so composer config --auth http-basic.wpmudev.com on local came up with {"username":"APIvalue","password":null}. It also added auth.json file next to composer.json. On the server this command gave me
[RuntimeException] http-basic.wpmudev.com is not defined.

When I removed composer_authentications from the vault and deploy with auth.json
{ "http-basic": { "wpmudev.com": { "username": "APIvalue", "password": null } } }

Deploy went through

[tangrufus]

Can I confirm "password": null is a JSON null instead of a string "null" (with quotes)?

[tomektomczuk]

Can I confirm "password": null is a JSON null instead of a string "null" (with quotes)?

yes, I have it as composer_authentications: - { hostname: wpmudev.com, username: 123456789 , password: null }

however when I run composer config --auth http-basic.wpmudev.com

auth.json looks like {
    "http-basic": {
        "wpmudev.com": {
            "username": "myuser",
            "password": "mypassword"
        }
    }
}

[tangrufus]

Thanks for reporting. Created #1306 to track the issue.
PRs are welcomed.

[tomektomczuk]

I have upgrade trellis to 1.9 added

composer_authentications: - { hostname: wpmudev.com, username: 123456789 , password: null }

to production vault and still get the same error on deploy {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

I also found out on Trellis documentation [https://roots.io/docs/trellis/master/composer-http-basic-authentication/] next to last line states "The password cannot be null, or an empty string"

Please advice

[tangrufus]

The password cannot be null, or an empty string

See: #1306

PRs are welcomed.

[tomektomczuk]

I have both of these entries (trellis/group_vars/all/helpers.yml and trellis/roles/wordpress-install/tasks/composer-authentications.yml) as they are part of 1.9 update.

[tangrufus]

composer_authentications: - { hostname: wpmudev.com, username: 123456789 , password: null }

Trellis (as of v1.9.0) doesn't support null as the password.

PRs are welcomed.

[tomektomczuk]

OK, so is there any solution I could test?

Sorry I do not understand what you mean by "PRs"

[swalkinshaw]

As @tangrufus has said a few times, Trellis does not support null as the password so there is no solution yet.

"PR" means "Pull Request" which is another way of saying: Trellis is an open-source project and we welcome contributions. Supporting null passwords isn't a priority for us, so if you need support for it, we encourage you to contribute a solution.