Fooman

No Authentication Needed - Magento 2 Mirror

on in Magento2 + Extension Quality + Marketplace



While I understand the reasoning behind Magento requiring login details to access repo.magento.com I believe it has had some unintended consequences. Due to the need to keep and manage secrets I have not seen many great examples of open source Magento 2 extensions that are public (ie on GitHub), that come with tests and have a working continous integration for pull requests (ie Travis) without exposing secret keys. Even sharing a docker image with pre-installed Magento becomes more challenging due to the need to work around the keys not accidentally getting distributed. I am assuming lots have done similar to what we have done and have built inhouse solutions which are too custom/private to share and learn from. Again looking at some of our own open source repositories where we have posted our tests, without access to our inhouse custom docker images they are only of limited use to learn from.

More real world examples needed

We have lots of great teachers in the Magento community emphasising the need for writing tests. It is a topic that comes up again and again in conference talks. But any talk is limited to what can be easily conveyed via a slide and sometimes seeing real world examples that one can dive into can provide a good alternative learning source. Similarly being able to just take someone's Travis configuration to set up your own is a lot easier than having to figure everything out by oneself.

Announcing a new authentication free Mirror

Since the early days of Magento 2 there have been many blog posts on setting up your own Magento mirror, starting with Alan Storm's article back in 2016. However so far I have not come across many publicly available mirrors as is common for other open source projects. As of today I am happy to announce that repo-magento-mirror.fooman.co.nz is available to provide acccess to the packages that make up magento/project-community-edition on repo.magento.com without the need for any authentication keys.

Some benefits I hope offering this Mirror will deliver:

  • To provide a stable source for packages to be used in testing / development and especially learning environments
  • Ability to quickly see what packages are available
  • Ability to download individual zip files of any package (see note below)
  • Kickstart efforts to come up with a starter Travis set up

The mirror is using AWS infrastructure including the cloudfront CDN. It gets updated from repo.magento.com every 4 hours.

Side note

We are aware of a satis/composer issue around metapackages which we hope gets fixed in a future version which currently prevents downloading the zip of any metapackages. For now you can use 

curl -A "Composer/1.6.3 (Darwin; 16.7.0; PHP 7.1.16)" --user <publickey> https://repo.magento.com/archives/magento/product-community-edition/magento-product-community-edition-2.2.6.0.zip

to achieve this (hat tip to the person who posted this on Slack).

How to use the mirror

In the composer.json of your extension replace

{
  "repositories": [{
    "type": "composer",
    "url": "https://repo.magento.com/"
  }]
}

with

{
  "repositories": [{
    "type": "composer",
    "url": "https://repo-magento-mirror.fooman.co.nz/"
  }]
}

As a side note repositories are only read from the root composer.json file, the moment it is installed via composer and is under the vendor folder the repositories entry is ignored.

Or if you are looking to start with a complete project run

composer create-project --repository=https://repo-magento-mirror.fooman.co.nz/ --no-install --no-progress --no-plugins magento/project-community-edition <install-directory-name> "2.4.0"
cd <install-directory-name>
composer config --unset repo.0
composer config repositories.foomanmirror composer https://repo-magento-mirror.fooman.co.nz/
composer install

Should I use it in production?

tl;dr No
While I am honoured in the trust you put into us, it's better to go to the source directly and have one less variable in the mix.

Next Steps

We will work on our own open source repositories to bring some of the inhouse solutions to Github, now that we no longer need to deal with authentication keys and everything that entails. Keen to hear what you are using this for via the comments and seeing more great examples in the wild to learn from.

Longer Term

I am still hopeful that Magento will one day be able to split out the open source vs non-free packages into separate repositories. Magento Commerce would automatically be delivered with the extra repository enabled while Open Source users would opt-in the first time a non-free package needs to be installed, for example bin/magento marketplace:enable (or similarly via the UI).

Examples (thanks for sharing)

Written by
Kristof Ringleff

Kristof Ringleff

Founder and Lead Developer at Fooman

Join the Fooman Community

We send our popular Fooman Developer Monthly email with Magento news, articles & developer tips, as well as occasional Fooman extension updates.