Better documentation for using "no-api" flag with GitHub? #5433

Closed
khromov opened this Issue Jun 14, 2016 · 7 comments

Projects

None yet

4 participants

@khromov
Contributor
khromov commented Jun 14, 2016 edited

I came across the no-api flag in a related thread and was very happy to see it speed up our composer updates by 3x. From what I can see in the generated composer.json it still uses the GitHub API to generate a dist url.

My question regards how exactly Composer handles this internally and if we can be 100% sure that the dist file will use git GitHub API URL in the future, since we only have GitHub OAuth token set up on our deployment machines and no SSH keys.

Example package

{
   "type": "vcs",
   "url":" git@github.com:khromov/acf-local-json-manager.git",
   "no-api": true
}

Resulting lockfile:

{
    "name": "khromov/acf-local-json-manager",
    "version": "dev-master",
    "source": {
        "type": "git",
        "url": "git@github.com:khromov/acf-local-json-manager.git",
        "reference": "8451abd1277df87d733463f376afba84fada3552"
    },
    "dist": {
        "type": "zip",
        "url": "https://api.github.com/repos/khromov/acf-local-json-manager/zipball/8451abd1277df87d733463f376afba84fada3552",
        "reference": "8451abd1277df87d733463f376afba84fada3552",
        "shasum": ""
    },
    "require": {
        "composer/installers": "~1.0"
    },
    "type": "wordpress-plugin",
    "support": {
        "source": "https://github.com/khromov/acf-local-json-manager/tree/master",
        "issues": "https://github.com/khromov/acf-local-json-manager/issues"
    },
    "time": "2016-04-20 14:49:24"
},
@alcohol
Member
alcohol commented Jun 14, 2016

I find the topic and issue a bit conflicting. What exactly is your question?

@alcohol alcohol added the Question label Jun 14, 2016
@khromov
Contributor
khromov commented Jun 14, 2016

@alcohol By specifying "no-api": true, I assume this turns off any connection to the GitHub API in Composer.

That's why I'm surprised to find this in the lockfile:

 "dist": {
...
        "url": "https://api.github.com/repos/khromov/acf-local-json-manager/zipball/8451abd1277df87d733463f376afba84fada3552",
...

Why exactly does it refer to api.github.com if I specified "no-api": true ?

Hope that makes it clearer.

@stof
Contributor
stof commented Jun 14, 2016

no-api means that it will clone the repo to extract metadata from the git metadata instead of using the github API (using the github API can be faster than cloning the repo, especially when the repo is huge).
This does not change the fact that dist archives provided by github are shipped through an endpoint on api.github.com.

@khromov
Contributor
khromov commented Jun 14, 2016

@stof Thanks for your answer. What is the mechanism in which GitHub specifies the dist archives? (ie, how is it calculated?)

@stof
Contributor
stof commented Jun 14, 2016

I don't understand what you mean

@khromov
Contributor
khromov commented Jun 14, 2016

@stof How does Composer know that the dist is located at api.github.com?

@Seldaek
Member
Seldaek commented Jun 21, 2016

If we see the repo is a github URL, and it uses the GitHubDriver to collect metadata, then it knows how to build dist archive URLs that point to the API. It sounds fairly safe to me to rely on this behavior. For safety though you should make sure that deployment aborts if composer install fails, because even if the URLs remain valid, the github API might be down.

@Seldaek Seldaek closed this Jun 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment