I’m on a Mac and for most of our projects, my deployment process gets stuck on the ‘Install Composer dependencies’ task. My teammates who run on Windows can deploy without any problems. Any idea what it could be?
Also as I said above it’s not for all case but majority of cases
That is odd. But was thinking ssh key or private composer package key issue. Either way verbose output sharing of one of the failed cases would be good.
yes i can login to the server no problem.
yes on each project i have auth.json stored in site folder (.gitignored) and if some plugins required composer authentication i add it to both auth.json and vaults
When I SSH to the server to one of the releases folder and run composer update command i get the following message:
Your GitHub credentials are required to fetch private repository metadata (https://github.com/***/***.git)
When working with _public_ GitHub repositories only, head here to retrieve a token:
https://github.com/settings/tokens/new?scopes=&description=Composer+on+***+2025-04-30+1913
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to:
https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+newadi.levcharity.dev+2025-04-30+1913
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/srv/www/***/releases/20250430165651/auth.json OR /home/web/.config/composer/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Now this auth.json stored in the server does not contains my git pat token to access private repos. Although my local version auth.json does.
My fine-grained token has: Contents and Metadata (read-only permission)
This is what I do every now and then when my token expires. It gets stored for my user given me access to Github properly again for all work that requires the token including access to private repos.
I found the problem. We are using about 40+ private repos on each project which are directly pulled from Git. The problem is that when you do it through Git, each private repo downloads every tag and every branch. This significantly extends the process of composer update.
After realizing the above, I found this video where the guy explains that for his project with 80k+ tags and multiple branches, updating composer lasted for 3.5h.