While I understand the reasoning behind Magento requiring login details to access
repo.magento.com I believe it has had some unintended consequences. Due to the need to keep and manage secrets I have not seen many great examples of open source Magento 2 extensions that are public (ie on GitHub), that come with tests and have a working continous integration for pull requests (ie Travis) without exposing secret keys. Even sharing a docker image with pre-installed Magento becomes more challenging due to the need to work around the keys not accidentally getting distributed. I am assuming lots have done similar to what we have done and have built inhouse solutions which are too custom/private to share and learn from. Again looking at some of our own open source repositories where we have posted our tests, without access to our inhouse custom docker images they are only of limited use to learn from.
More real world examples needed
We have lots of great teachers in the Magento community emphasising the need for writing tests. It is a topic that comes up again and again in conference talks. But any talk is limited to what can be easily conveyed via a slide and sometimes seeing real world examples that one can dive into can provide a good alternative learning source. Similarly being able to just take someone's Travis configuration to set up your own is a lot easier than having to figure everything out by oneself.
Announcing a new authentication free Mirror
Since the early days of Magento 2 there have been many blog posts on setting up your own Magento mirror, starting with Alan Storm's article back in 2016. However so far I have not come across many publicly available mirrors as is common for other open source projects. As of today I am happy to announce that repo-magento-mirror.fooman.co.nz is available to provide acccess to the packages that make up
repo.magento.com without the need for any authentication keys.
Some benefits I hope offering this Mirror will deliver:
- To provide a stable source for packages to be used in testing / development and especially learning environments
- Ability to quickly see what packages are available
- Ability to download individual zip files of any package (see note below)
- Kickstart efforts to come up with a starter Travis set up
The mirror is using AWS infrastructure including the cloudfront CDN. It gets updated from
repo.magento.com every 4 hours.
We are aware of a satis/composer issue around metapackages which we hope gets fixed in a future version which currently prevents downloading the zip of any metapackages. For now you can use
curl -A "Composer/1.6.3 (Darwin; 16.7.0; PHP 7.1.16)" --user <publickey> https://repo.magento.com/archives/magento/product-community-edition/magento-product-community-edition-18.104.22.168.zip
to achieve this (hat tip to the person who posted this on Slack).
How to use the mirror
composer.json of your extension replace
As a side note repositories are only read from the root composer.json file, the moment it is installed via composer and is under the vendor folder the repositories entry is ignored.
Or if you are looking to start with a complete project run
composer create-project --repository=https://repo-magento-mirror.fooman.co.nz/ --no-install --no-progress --no-plugins magento/project-community-edition <install-directory-name> "2.4.0"
composer config --unset repo.0
composer config repositories.foomanmirror composer https://repo-magento-mirror.fooman.co.nz/
Should I use it in production?
While I am honoured in the trust you put into us, it's better to go to the source directly and have one less variable in the mix.
We will work on our own open source repositories to bring some of the inhouse solutions to Github, now that we no longer need to deal with authentication keys and everything that entails. Keen to hear what you are using this for via the comments and seeing more great examples in the wild to learn from.
I am still hopeful that Magento will one day be able to split out the open source vs non-free packages into separate repositories. Magento Commerce would automatically be delivered with the extra repository enabled while Open Source users would opt-in the first time a non-free package needs to be installed, for example
bin/magento marketplace:enable (or similarly via the UI).