easybib/dev

Composer seems to have become the defacto dependency management tool in the last year. At EasyBib we make heavy use of composer both when we run test suites on Travis-CI and also during deployment.

Because we use Github to host our code, the most obvious ways to speed up each of these runs is to use Github downloads instead of cloning the code during ./composer.phar install.

By default composer will attempt this — unless --prefer-source is provided.

Authentication

One of the caveats to this is that by default composer will use unauthenticated API calls against the Github API. Github’s API allows only 60 unauthenticated calls an hour but up to 5,000 authenticated calls in the same timespan.

In an office with six developers it’s easy to burn through these 60 calls. On Travis-CI — due to a lot higher volumes of test runs and customers — it’s even easier.

The solution is to configure composer to use an OAuth2 key!

Setup

There are of course programmatic ways to generate the key using Github’s API.

But the easiest way is to wait until I exceeded all calls and have composer set it up for me. Once I aquired the key, I made a copy of the ~/.composer/config.json file and backed it up for later.

The manual steps to set it up are as follows:

 $ mkdir ~/.composer
 $ echo '{ "config": { "github-oauth": { "github.com": "YOUR-KEY" } } }' > ~/.composer/config.json 

On Travis-CI (or anywhere else where automation is required), the same commands can be executed within the before_script in your .travis.yml.

Careful

Please note: This method works best on private repositories and the Travis-CI pro setup. The token you specify may or may not give anyone access to your private repositories as well.

One way to sail around the access limit is to setup a dedicated user on GitHub which has only pull-access to your public repositories. Another is to use the facilities to encrypt the data.

Fin

Enjoy!