Skip to content

Instantly share code, notes, and snippets.

@pixelbrackets
Last active February 2, 2024 08:08
Show Gist options
  • Save pixelbrackets/78504af8aef55439113d521bb6d22d4f to your computer and use it in GitHub Desktop.
Save pixelbrackets/78504af8aef55439113d521bb6d22d4f to your computer and use it in GitHub Desktop.
Manage GitHub & GitLab Credentials in Composer

How to store Personal Access Tokens in Composer

Local Development

For a single project:

  • Run composer config github-oauth.github.com <token> or composer config gitlab-token.gitlab.com <token>
  • Hint: Add auth.json to .gitignore, as it contains credentials

For all projects:

  • Run composer config -g <auth provider> <token>

Stages

  • Create a local auth file (see above), or set an environment variable (see below)

CI

  • Set the environment variable COMPOSER_AUTH, with the JSON formated content of the auth.json file
COMPOSER_AUTH='{"github-oauth":{"github.com":"XXXXXXXXXXXXXXXXXX"}}'

See https://getcomposer.org/doc/03-cli.md#composer-auth

GitHub

  • Project > Settings > Environments > Environment secrets > Add secret

    • Name it COMPOSER_AUTH and paste the JSON string as value
  • Or set a single token secret (Settings > Secrets) like COMPOSER_TOKEN and use it in action.yml

jobs:
  job1:
    env:
      COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.COMPOSER_TOKEN }}"}}'

See https://docs.github.com/en/actions/reference/encrypted-secrets

GitLab

  • Project > Settings > CI/CD > Variables

    • Name it COMPOSER_AUTH and paste the JSON string as value
  • Or set a single token variable like COMPOSER_TOKEN and use it in .gitlab-ci.yml

job1:
  variables:
    COMPOSER_AUTH: '{"github-oauth":{"github.com":"$COMPOSER_TOKEN"}}'

See https://docs.gitlab.com/ee/ci/variables/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment