Composer + Trellis + Bedrock Private Composer Repositories

bedrock
1

I have an old website (trellis+bedrock+sage) with a plugin hosted on a private Git repositories on Github.

I followed this guide Private or Commercial WordPress Plugins as Composer Dependencies | Roots the website went live years ago without any problem,

Recently I tried to update the private plugin, I added a new tag with the new plugin version and I updated the version in the composer.json and I run “composer update”.

on my local dev site I have no problem, I can update the plugin to the new version without any issue.

but when I try to deploy to the staging enviroment, it gets to “Install Composer dependencies” and it fails at the private repository.
this is the error output:

System info:
  Ansible 2.9.8; Darwin
  Trellis Head
---------------------------------------------------
non-zero return code


  [UnexpectedValueException]
  Your github oauth token for github.com contains invalid characters:
"ghp_xxxxxxxxxxxxxxx"
fatal: [xx.xx.x.xxx]: FAILED! => {"changed": true, "cmd": ["composer", "install", "--no-ansi", "--no-dev", "--no-interaction", "--no-progress", "--optimize-autoloader", "--no-scripts"], "delta": "0:00:00.110670", "end": "2022-04-07 13:31:54.402428", "rc": 1, "start": "2022-04-07 13:31:54.291758", "stderr_lines": ["", "                                                                                                                  ", "  [UnexpectedValueException]                                                                                      ", "  Your github oauth token for github.com contains invalid characters: \"ghp_xxxxxxxxxxxxxxx\"  ", "                                                                                                                  "], "stdout": "", "stdout_lines": []}

I generated my github token, I can see the right token on my local by running " nano ~/.composer/auth.json and as I said on my local dev site I can update the plugin correctly, but I can’t deploy anymore (I tried only on the staging for now) because of this “Your github oauth token for github.com contains invalid characters:”.

The github oauth token that I can see in the error, it is not the same that I can see by running nano ~/.composer/auth.json , they are 2 different tokens, maybe this could be the problem?
but how can I say to the deploy that this is an old token and it needs to use the new one?
could it be a cache problem?

I run composer config -g github-oauth.github.com XXXXXXXXXXXXXXXXXXXXXXX with the new token (just to be 100% sure that the token is the latest one)
I can ssh into the staging droplet, if this helps.

is there an extra step that I have to take in consideration in order to have a private WordPress plugins as Composer Dependencies hosted on github on staging/production enviroment? (I saw that this guide is 4 years old so maybe something changed and now there is an extra step needed)

Could someone please point me to the right direction?

thanks

3

I tried with this Composer failing due to incorrect GitHub fingerprint - #2 by Twansparant solution, but it didn’t work. (when I run composer install from one of the failed deploy release folders, I can see this error Your github oauth token for github.com contains invalid characters:)

so I tried with this other solution Gitlab private repo as composer package - #13 by alwaysblank

# trellis/deploy-hooks/build-before.yml
---
- name: Create composer auth.json
  template:
    src: "{{ playbook_dir }}/deploy-hooks/auth.json.j2"
    dest: "{{ deploy_helper.new_release_path }}/auth.json"
    mode: "0600"

# trellis/group_vars/all/vault.yml
vault_wordpress_env_defaults:
   vault_github_user: 'xxxxx'
   vault_github_pass: 'xxxxx'

# trellis/deploy-hooks/auth.json.j2
{
  "http-basic": {
    "github.com": {
      "username": "{{ vault_github_user }}",
      "password": "{{ vault_github_pass }}"
    }
  }
}

or even (vault_github_pass value is the personal access token ghp_[YOUR-PERSONAL-TOKEN])

# trellis/deploy-hooks/auth.json.j2
{
  "github-oauth": {
    "github.com": "{{ vault_github_pass }}"
  }
}

I even re-provisioning (not sure if this was a step needed), then when I tried to deploy, I can see a new error AnsibleUndefinedVariable: 'vault_github_token' is undefined or AnsibleUndefinedVariable: 'vault_github_user' is undefined (depending of which of the 2 auth.json.j2 I use)

Could someone please point me to the right direction, I am running out of options and I can’t deploy anymore?

is there a way to achieve this or it is better to move from Github to bitbucket in order to have a private wordPress plugins as composer dependencies?

@alwaysblank , @Twansparant I am tagging you because I saw your comments on the similar/related topic (I can’t reply in that topic because the comments are closed)

thanks

4

How did you get your auth.json onto your remote server when you original set up this workflow?

5

Does running composer diagnose on the remote server output anything relevant?

6

@alwaysblank It was a couple of years ago, I just followed this guide and everything went smooth.
I think that the GitHub OAuth token wasn’t there yet, it was not a requirement yet.
during these years, I never updated that private plugin, but only wordpress and the other plugins via wpackagist-plugin, the problems started with I tried to update the private plugin.

do you know if this Delicious Brains’ composer repo example should work with GitHub private repo?
is there an extra step that I should consider?

@Twansparant if I run composer diagnose from /srv/www/websitexxxx/current, I can see the same error [UnexpectedValueException] Your github oauth token for github.com contains invalid characters: "ghp_xxxxxxxxx"
the same thing happens if I run composer install or composer update

is there a way to say to composer on the remove server that it needs to reset/delete the old github oauth token because it is not more valid so I can try to give him a new github oauth token? (not sure if this is the problem)

I am stuck with this error, what else I could try?

any other suggestion would be welcome.

7

In theory the solution I used for Delicious Brains should work, but I’m not certain the format that GitHub expects for the auth.json.

To me it looks like the issue you’re seeing is because your remote server already has a token stored (potentially generated automatically years ago, or maybe you generated it an forgot it) but that token is outside of the files managed by Trellis. That token isn’t good any more, so when the remote server tries to clone with it, it fails.

I’m not certain why your attempts to generate an auth.json on deploy are failing because your explanation of the steps and their results is difficult to follow.

You might be able to resolve the larger problem by SSHing into your staging env and manually removing the old token and adding your new one: Authentication for privately hosted packages and repositories - Composer

8

Hey! @mattia

I’ve also run into this issue deploying to older versions of Trellis. The solution is to:

  • SSH into the remote server and navigate to your global composer directory (should be /home/web/.config/composer)

  • Update the following in auth.json

 "github-oauth": {
    "github.com": "ghp_[YOUR-PERSONAL-TOKEN]"
  }

with

  "http-basic": {
    "github.com": {
      "username": "[YOUR-GITHUB-USERNAME]",
      "password": "ghp_[YOUR-PERSONAL-TOKEN]"
    }
  }

I haven’t tried removing the auth.json file to fix this but you can see if that works.

2 Likes
9

What composer version is your remote server on?
Seems like you might need to update composer version 2.0.12 to support that new format:

10

Thanks @cheezman :raised_hands: :raised_hands: :raised_hands: :100:

this trick worked, you made my day :+1:

I was able to update the auth.json file on the staging server following your suggestion.

then I think that I realised why I had this error AnsibleUndefinedVariable: 'vault_github_token' is undefined, I think that the problem was in the auth.json file. (thanks to @mZoo and Interactive console authentication for 3rd party repository on deploy - #16 by mZoo)

Before it was like

# trellis/deploy-hooks/auth.json.j2
{
  "http-basic": {
    "github.com": {
      "username": "{{ vault_github_user }}",
      "password": "{{ vault_github_pass }}"
    }
  }
}

I updated this in

{
  "http-basic": {
    "github.com": {
      "username": "{{ vault_wordpress_env_defaults.vault_github_user }}",
      "password": "{{ vault_wordpress_env_defaults.vault_github_pass }}"
    }
  }
}

thanks all :raised_hands:

2 Likes