過去建立的 composer package 都是以開源為基礎放在 github 的開放專案,但這次是需要在公司內部建立一個共用的套件包。包括在執行測試跟安裝上都踩到一些新的坑。

為單元測試執行添加 COMPOSER_AUTH_TOKEN

由於私有套件包,只能透過有該套件 GitHub 權限的個人權杖存取,所以需要添加個人權杖到 GitHub Action 流程當中。解決 GitHub Action 無法存取私有套件包的問題。透過底下自動化測試流程加入。

# .github/workflows/run-tests.yaml

# ==== 新增 ====
- name: Configure Composer Auth
  run: composer config -g github-oauth.github.com ${{ secrets.COMPOSER_AUTH_TOKEN }}
# ==== 新增 ====

- name: Run composer install
  run: composer install -d`pwd`/src --no-interaction --no-progress

容器內無法存取私有套件包

目前建構過程:Github action 建立容器 → 在容器裡頭執行 composer 安裝相依套件

嘗試在 Dockfile 添加 composer config -g github-oauth.github.com ${COMPOSER_AUTH_TOKEN} 失敗,需要先初始化 composer 的相關目錄。

#13 [8/9] RUN composer config -g github-oauth.github.com ${COMPOSER_AUTH_TOKEN}
#13 0.245
#13 0.248 In ConfigCommand.php line 207:
#13 0.248
#13 0.248   touch(): Unable to create file /.composer/config.json because No such file
#13 0.248   or directory
#13 0.248
#13 0.248
#13 0.248 config [-g|--global] [-e|--editor] [-a|--auth] [--unset] [-l|--list] [-f|--file FILE] [--absolute] [-j|--json] [-m|--merge] [--append] [--source] [--] [<setting-key> [<setting-value>...]]
#13 0.248
#13 ERROR: process "/bin/sh -c composer config -g github-oauth.github.com ${COMPOSER_AUTH_TOKEN}" did not complete successfully: exit code: 1

Composer 提供另外一個方式,改以環境變數的方式帶入,COMPOSER_AUTH 的 JSON 內容

- name: Build, tag, and push image to Amazon ECR
      env:
        COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ secrets.COMPOSER_AUTH_TOKEN }}"}}'

      run: docker build  .

但似乎無法存取到的套件包,顯示需要 git ?!

#13 1.214     Failed to download ***/my-pkg from dist: The "https://api.github.com/repos/***/my-pkg/zipball/2ff1c96d4875733d734d2d1bde0c7817e65e2643" file could not be downloaded (HTTP/2 404 ):
#13 1.214 {"message":"Not Found","documentation_url":"https://docs.github.com/rest/repos/contents#download-a-repository-archive-zip","status":"404"}
#13 1.214     Now trying to download from source
#13 2.056
#13 2.059 In GitDownloader.php line 82:
#13 2.059
#13 2.059   git was not found in your PATH, skipping source download

在 Dockfile 添加安裝 git,卻遇到 SSH 的問題。由於容器內沒有 ssh 指令。

但要添加 ssh 指令容易,但要把正確的 ssh 憑證導入容器內,又是一番工夫。

#14 1.230     Failed to download ***/my-pkg from dist: The "https://api.github.com/repos/***/my-pkg/zipball/2ff1c96d4875733d734d2d1bde0c7817e65e2643" file could not be downloaded (HTTP/2 404 ):
#14 1.230 {"message":"Not Found","documentation_url":"https://docs.github.com/rest/repos/contents#download-a-repository-archive-zip","status":"404"}
#14 1.230     Now trying to download from source
#14 1.231   - Syncing ***/sdk (0.2.0) into cache
#14 2.027
#14 2.030 In Git.php line 595:
#14 2.030
#14 2.030   Failed to execute git clone --mirror -- git@github.com:***/my-pkg.git
#14 2.030    /tmp/composer-cache/vcs/git-github.com-***-my-pkg.git/
#14 2.030
#14 2.030   Cloning into bare repository '/tmp/composer-cache/vcs/git-github.com-my-pkg.git'...
#14 2.030   error: cannot run ssh: No such file or directory
#14 2.030   fatal: unable to fork

先安裝套件,然後再複製進入容器

後續決定參考執行單元測試的做法,在 GitHub Action 完成套件安裝。

# 先安裝套件
- name: Configure Composer Auth
  run: composer config -g github-oauth.github.com ${{ secrets.COMPOSER_AUTH_TOKEN }}

- name: Run composer install
  run: composer install -d`pwd`/src --optimize-autoloader --no-interaction --no-progress --no-dev

# 再進行容器建構
- name: Build, tag, and push image to Amazon ECR
      run: docker build  .

建構容器,變慢了…

容器建置的時間變長了,我比較了修改前後的兩個版本:

############### 修改前 #############

#9 [4/8] COPY ./src/ /var/www/html/
#9 DONE 0.2s

#11 [6/8] RUN chown -R 1000:1000 /var/www/html
#11 DONE 1.5s

############### 修改後 #############

#9 [4/7] COPY ./src/ /var/www/html/
#9 DONE 8.9s

#11 [6/7] RUN chown -R 1000:1000 /var/www/html
#11 DONE 26.4s

由於 composer 套件安裝多了許多檔案,所以當這些檔案被 chown 遞迴變更權限的時候,需要針對更多的檔案變更權限。

後續更改為,複製檔案的同時修改權限。

#9 [4/6] COPY --chown=1000:1000 ./src/ /var/www/html/
#9 DONE 8.9s