Roots Discourse

Private or Commercial WordPress Plugins as Composer Dependencies

Originally published at: https://roots.io/guides/private-or-commercial-wordpress-plugins-as-composer-dependencies/

Bedrock (and by extension Trellis) uses Composer to manage its dependencies, which includes WordPress themes and plugins. This is great for version control as many WordPress plugins are easily available via WordPress Packagist, but what happens when you need to add a private, commercial, or paid plugin to your site? This guide will explain a…

6 Likes

Note: We recommend hosting private and commercial plugins in private Git repositories. GitHub offers private repositories at affordable prices and BitBucket includes them in its limited free plan. The following guide assumes you’re using a GitHub private repository.

You may have heard: Github now offers free private repos.

What is the most convenient way to update a private Git repository plugin?

I mean when you decide to manage the versioning for a particular private plugin yourself, what is the process for adding a new version to git repo? I’v done some research on Google but can’t really figure it out.

Right now I just pull the latest version from git repo, manually delete all files except .git folder and composer.json file, download the zip for a new (particular version), paste the files to the plugin folder, git add *, git commit, git tag and git push --tags. Can I do it better?

This is covered in the guide on this subject. Check out the “tag the release” section.

3 Likes

$ npx @itinerisltd/composify --vendor=<github-username> --name=gravityforms --zip=<the-signed-s3-url>

see: https://github.com/ItinerisLtd/composify#readme

4 Likes

I have a minor issue it seems: when trying to change the version in composer.json, it still pulls the first tag (v5.8.0) whereas I would expect it to pull v5.8.1.

In my composer.json:

"myrepo/advanced-custom-fields-pro": "5.8.*"

I see two tags in remote repo, v5.8.0 and v5.8.1

When I run composer install (or update) it pulls version 5.8.0. (even with composer clear-cache it still saysInstalling myrepo/advanced-custom-fields-pro (v5.8.0): Cloning 34df65110d from cache

Why would that be? I was thinking it pulls the version by tags. Tried helping myself with this SO question. Tried playing around with different settings but to no avail unfortunately. Any help appreciated.

What’s in the repositories section of your composer.json? Does myrepo have the 5.8.1 release?

In repositories section I have

"repositories": [
    {
      "type": "composer",
      "url": "https://wpackagist.org"
    },
    {
      "type": "vcs",
      "url": "git@bitbucket.org:myrepo/advanced-custom-fields-pro.git"
    }
  ],

and I never fiddled with releases, just tags. Not sure BitBucket even has releases such as GitHub. So It has two tags, v5.8.0 and v5.8.1. So this is expected not to work with tags only?

PS: solved it! I did not have composer.json and .lock files in GIT repo, seems this was the issue. Thank you! Glad this works with just tags :slight_smile:

I’m trying to use this method to install WPForms and I can’t tell if I’m having issues with composer, WPForms, or a combination of the two. When I run composer update from the bedrock root it successfully downloads the files but when I enable the plugin I get a bunch of warnings and errors about missing classes:

Fatal error: Uncaught Error: Class 'WPForms\Admin\Pages\Community' not found in /srv/www/domain.com/current/web/app/plugins/wpforms/includes/admin/class-menu.php on line 142
Error: Class 'WPForms\Admin\Pages\Community' not found in /srv/www/domain.com/current/web/app/plugins/wpforms/includes/admin/class-menu.php on line  *142*

Before I didn’t have the vendor directory checked in and was getting Autoload errors. Any help would be appreciated.

Now you can install Envato Marketplace (ThemeForest‎‎, CodeCanyon) products (themes, plugins) as Composer packages.
https://packagist.org/packages/szepeviktor/composer-envato

All the best!

@szepeviktor funny timing - I’ve just been working on something similar. Mine is a hosted solution that also solves for versioning. I’m looking for beta testers. Shoot me a message if you’d like to put it through its paces.

I think PMs are not available for me

kép

my email address is viktor@szepe.net

Am I mistaken, or are the following correct about the scope of the article?

  1. One repo for one plugin
  2. plugin is unzipped and commited in that format

Yep, that’s the intended structure :+1:

1 Like

I just set up my bedrock with some private plugins according to the guide the op shared, and it’s working well.
BUT my concern is now how I deal with those private plugins, which have an own repo logically, while I’m still developing them.

Creating some edits in a plugin and pushing this to itss repo, now leaves me with having to ‘composer update’ my bedrock repo to the newest plugin version I just pushed, right? But if I do that, my local private plugin repo is kinda f*cked. I’m sure that can’t be the right way… But what is?

TL;DR: What is the recommended way of dealing with private plugin repo’s inside of a bedrock repo, while still developing those plugins?

Those repos should be on GitHub/BitBucket and referenced as custom repositories in your Bedrock project’s composer.json. Docs here. If you have your SSH keys set up properly to push to those private repos, Composer should have no problem installing from them.

If you go to production/staging like that and try running composer install, you’ll have to also provide that server with a way to authenticate against GitHub/BitBucket as well. Like this.

1 Like