How to clone a private repo over composer.json via Gitlab CI/CD

How to clone a private repo over composer.json via Gitlab CI/CD
July 2, 2021
Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

As a DevOps specialist for SABO, I received a request from our developers to use a private repo in composer.json file. Ideally, it should utilise a gitlab CI/CD to handle the build and deploy entirely. The question is how to do that.

Let me show you the way which worked for us.

In composer.json it looks like this:

{% c-block language="markdown" %}

 "repositories": [
           "type": "vcs",
           "url": “”

{% c-block-end %}

If you want to use this, you will need three things:

1) Dockerfile with access to your awesome repo.
2) Correct GitLab variables.
3) Do not forget gitlab yaml.

1) Dockerfile needs access to your repo and best practice is setup id_rsa inside, like this:

{% c-block language="markdown" %}

RUN mkdir /root/.ssh && \
       echo "$COMPOSER_CONFIG" > /root/.ssh/config && \
       echo "$COMPOSER_KEY" > /root/.ssh/id_rsa && \
       chmod 0600 /root/.ssh/id_rsa

{% c-block-end %}

This small script inside Dockerfile creates the id_rsa file at the correct path, exactly where the system needs it. But we need to use it via gitlab CI/CD and GitLab ENV.

2) In the Gitlab project ENV we need to create two new variables: COMPOSER_CONFIG and COMPOSER_KEY, where:

COMPOSER_KEY is the key that you (or some other gitlab user; best for me is to use composer_user) have in SSH KEY as a public key. Yes, COMPOSER_KEY is RSA KEY and COMPOSER_CONFIG has to be like this:

{% c-block language="markdown" %}
“Host *
      StrictHostKeyChecking no

{% c-block-end %}

– exclude the quotation marks, BUT do add the one blank line in the end. This configuration will allow the clone to not ask for a fingerprint.

In GitLab the setup looks like this:

Notice the one blank line in the end!

3) gitlab-ci.yml must get the COMPOSER_KEY and COMPOSER_CONFIG at the correct stage. Don’t forget to add it there.

Pavel is a trained DevOps guru and keen SysAdmin in charge of the application lifecycle, continuous integration, continuous deployment, and continuous delivery for both customer and internal SABO projects. He trains software developers in our team and coordinates all DevOps activities. He always has some puns up his sleeve, unpredictably switches to Polish, and likes to cook and bake.

Article collaborators

SABO Newsletter icon


Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

About SABO Mobile IT

We focus on developing specialized software for our customers in the automotive, supplier, medical and high-tech industries in Germany and other European countries. We connect systems, data and users and generate added value for our customers with products that are intuitive to use.
Learn more about sabo