Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Global Composer installation without commiting binary to version control?#477

Answeredbyowenvoke
emmadesilva asked this question inQ&A
Discussion options

Hey! I'm looking at distribution a compiled binary via Packagist, to be installed as a global Composer package. It seems like thedocumented way of doing this, but it also seems like this requires the compiled binary to be committed to the version control (judging by how theinstaller is set up).

Is there an alternative way of doing this? I initially thought that this would use the latest release binary from GitHub Releases. Is that something that could be possible?

You must be logged in to vote

Hi@caendesilva, just moved this to Discussions as I think it's more relevant here.

Unfortunately this isn't possible (unlike with package managers such as npm) as the GitHub repository (or tarball) is the thing that is downloaded by Composer. The only real way around this is to either:

  • Have a single repository, that contains both source and the compiled Phar.
    This approach is used by projects such as Expose (source / dist) and the Laravel Zero installer (source / dist)
  • Have 2 repositories (a source and a dist) which means that these files are stored separately.
    This approach is used by projects such as PHPStan (source /dist) and Rector (source /dist).

Replies: 2 comments 1 reply

Comment options

Hi@caendesilva, just moved this to Discussions as I think it's more relevant here.

Unfortunately this isn't possible (unlike with package managers such as npm) as the GitHub repository (or tarball) is the thing that is downloaded by Composer. The only real way around this is to either:

  • Have a single repository, that contains both source and the compiled Phar.
    This approach is used by projects such as Expose (source / dist) and the Laravel Zero installer (source / dist)
  • Have 2 repositories (a source and a dist) which means that these files are stored separately.
    This approach is used by projects such as PHPStan (source /dist) and Rector (source /dist).
You must be logged in to vote
1 reply
@emmadesilva
Comment options

Thanks for the reply,@owenvoke! That makes sense, and I understand the limitation. It feels wrong to me to commit binaries to version control, but it was fairly easy to upgrade my action to do so (https://github.com/hydephp/cli/pull/37/files).

Hopefully this discussion can help others wondering about the same issue!

Answer selected byemmadesilva
Comment options

Somewhat related, just want to post here for others. If you're getting "SHA1 signature could not be verified: broken signature" on the committed binary, add the following to your.gitattributes

builds/* binary
You must be logged in to vote
0 replies
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Category
Q&A
Labels
None yet
2 participants
@emmadesilva@owenvoke
Converted from issue

This discussion was converted from issue #476 on December 11, 2023 13:45.

[8]ページ先頭
©2009-2025 Movatter.jp