Composer Dependency Linker and private packages
Summary
Repositories which have composer.json defined render an automatic link to "https://packagist.org/packages/#{name}"
and don't take into account that the package might be private and not found on public registry packagist.org.
This is related to gitlab-ce#17476
Steps to reproduce
Create a repo with file composer.json
:
{
"name": "company/package-xyz",
"description": "Private XYZ package",
"homepage": "https://example.com/company/package-xyz",
"type": "library",
"license": "proprietary",
"support": {
"email": "packages@example.com",
"issues": "https://gitlab.com/company/package-xyz/issues",
"source": "https://gitlab.com/company/package-xyz/tree/master",
"docs": "https://gitlab.com/company/package-xyz/tree/master/doc"
},
"repositories": [
{
"type": "composer",
"url": "https://composer.example.com/"
}
],
"require": {
"php": ">=7.1"
}
}
Example Project
https://gitlab.com/plehatron/composer-dependecy-linker/blob/master/composer.json
What is the current bug behavior?
Links to https://packagist.org/packages/company/package-xyz
What is the expected correct behavior?
Should link to https://example.com/company/package-xyz
Output of checks
This bug happens on GitLab.com.
Possible fixes
One possible fix might be that the Composer Linker is aware of the homepage property https://getcomposer.org/doc/04-schema.md#homepage and render that link instead of the one pointing to packagist.org.
/label gitlab-ce~2278648
Edited by Davor Plehati