Global Composer installation without commiting binary to version control? #477
-
Hey! I'm looking at distribution a compiled binary via Packagist, to be installed as a global Composer package. It seems like the documented way of doing this, but it also seems like this requires the compiled binary to be committed to the version control (judging by how the installer is set up). Is there an alternative way of doing this? I initially thought that this would use the latest release binary from GitHub Releases. Is that something that could be possible? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Hi @caendesilva, just moved this to Discussions as I think it's more relevant here. Unfortunately this isn't possible (unlike with package managers such as npm) as the GitHub repository (or tarball) is the thing that is downloaded by Composer. The only real way around this is to either:
|
Beta Was this translation helpful? Give feedback.
-
Somewhat related, just want to post here for others. If you're getting "SHA1 signature could not be verified: broken signature" on the committed binary, add the following to your
|
Beta Was this translation helpful? Give feedback.
Hi @caendesilva, just moved this to Discussions as I think it's more relevant here.
Unfortunately this isn't possible (unlike with package managers such as npm) as the GitHub repository (or tarball) is the thing that is downloaded by Composer. The only real way around this is to either:
This approach is used by projects such as Expose (source / dist) and the Laravel Zero installer (source / dist)
This approach is used by projects such as PHPStan (source / dist) and Rector (source / dist).