The Gitlab Composer Repository
Branch: master
Clone or download
Pull request Compare This branch is 6 commits ahead, 3 commits behind keywan-ghadami-oxid:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Gitlab Composer Repository

Small script that loops through all branches and tags of all projects in a Gitlab installation and if it contains a composer.json, adds it to an index.

This is very similar to the behaviour of /


  • Php
  • Apache Web Server
  • Gitlab (can be hosted on a different domain)


  1. Run composer.phar install
  2. Copy confs/samples/gitlab.ini into confs/gitlab.ini, following instructions in comments
  3. Ensure cache directory is writable


  • You are reading the documentation

  • messurement is never perfect but important to improve Codacy Badge CodeFactor

  • efficiency by using longliving caches (for happy users and our environment)

  • security (how to proove? audits and ideas welcome)


Simply include a composer.json in your project, all branches and tags respecting the formats for versions will be detected.

Then, to use your repository, add this in the composer.json of your project:

    "repositories": [
            "type": "composer",
            "url": "https://your_gitlab_composer_repo_url"
    "config": {
        "gitlab-domains" : [

now you require every package that is hosted on the gitlab server.


On the first usage of composer it will ask for you credentials. With that composer will require a outh token that will be stored in your auth.json for all following requests. In case you have activated two-factor login in your gitlab account, you have to create a gitlab token and store it in you auth.json manually.

You can use the following command template by replacing

  • [] with the domain for your repository (this software running on a domain)
  • [yourtoken] with the token generated within gitlab
composer config -g gitlab-oauth.[] [yourtoken]

Ater first run file packages.json in cache directory must exist. Also for ech group/repository an own directory.


If your CI needs access to the repository you add inject an environment varible for composer

COMPOSER_AUTH='{"gitlab-oauth": {"[]": "[citoken]"}}'

Adding new Package Version

The Gitlab Composer Repository takes care for adding webhooks to be informed about new tags, so adding a new version will automatically and immediately be reflected. Deleting a tag and by that a package versions requires a cache clear.

Local Development

In case you like to develop on this software and run the service locally you may want to add "secure-http": false and in the gitlab-domain section. E.g:

    "repositories": [
            "type": "composer",
            "url": "https://your_gitlab_composer_repo_url"
    "config": {
        "secure-http": false,
        "gitlab-domains" : [

Caveats (missing features and known bugs)

  • there is no frontend other then gitlab itself to manage users (if have to manage customers you may need to connect your CRM to gitlab) If you face this issue, detailed feature request are welcome.


  • 0.05 update docu
  • 0.04 fix: download archives using now gitlab API instead of frontend url because that is not supported in new gitlab version
  • 0.03 fix: making packigename case insensitive
  • 0.02 refactoring, remove static repository feature, proxy dist downloads,
  • 0.01 initial release