Support private repositories

[ScopeyNZ]

Follow up from #37

Currently this module does not support private repositories. There are a few ways that repositories can be provided in a composer.json: https://getcomposer.org/doc/05-repositories.md . We will need to have a way to ensure authenticated access using these methods.

[Leapfrognz]

@ScopeyNZ Yes we are getting a lot of errors coming through on raygun for this. It'd be good to even have an option to skip certain repo's via yml config - if that's not against the philosophy of this module.

[ScopeyNZ]

Hi @Leapfrognz . Are you running the latest version of this module? It should just log failures with Composer now - not throw errors.

https://github.com/creative-commoners/silverstripe-composer-update-checker/blob/2.0/src/Extensions/CheckComposerUpdatesExtension.php#L57-L66

[Leapfrognz]

Im still on SS v3.7.3 - CWP v1.9.1, so v1.0.1 of this module
The SS Ragun module we are using still seems to catch SS_Log::log() anyway.

[Leapfrognz]

Any ideas on this? Our Raygun account is getting hammered.

[ScopeyNZ]

Right so you're getting the SS_Log entries coming into Raygun then? If the problem will be resolved by dropping the severity of the log entry (down from SS_Log::WARN) then I'm keen to review a PR that does that.

I'm not completely familiar with the default log level that's captured by the Raygun module.

[robbieaverill]

@Leapfrognz you could use your own version of CheckComposerUpdatesExtension with Injector, override updatePackageInfo() and adjust the SS_Log calls, or add some pattern matching to ignore specific errors like the one you're experiencing.

I think we could also look at adding a module blacklist of some sort too, which you could add private repositories into.

[Leapfrognz]

@robbieaverill I feel this would be better in the module itself, given we'd have a lot of CWP stacks that need it. And if we override the error reporting level we run the risk of ignoring errors we need to know about.

[robbieaverill]

@Leapfrognz yes of course! I'm suggesting this as a temporary workaround for your projects using Raygun and private repositories. We'll get this into the backlog to fix at some stage.

[ScopeyNZ]

Hey @Leapfrognz . I just noticed that there was a fix sitting in the 1 branch that was unreleased. I've released that fix now:

https://github.com/bringyourownideas/silverstripe-composer-update-checker/releases/tag/1.0.2

Can you try updating to that version and seeing if that has resolved your issue?

It should be unrelated but we were getting reports of logs being polluted due to missing this change.

[Leapfrognz]

Yes this seems to fix permissions issues on the composer home dir. Im working on a PR for ignored packages. Should be ready in a moment.

[michalkleiner]

The latest CWP required version 2.0.3 still doesn't correctly support git+ssh specified (public but possibly also private) repositories, though it might be a CWP issue where, for whatever reason, the repo can't be cloned locally in order to check it.