Using private Azure DevOps git repositories with composer during Build and Release - Blog

Azure DevOps has been great to me. I'm hugely thankful for the toolkit it's provided, but it falls down a little when it comes to PHP.

Today our systems guy Eric Duncan and I figured out how to provide the authentication required by the composer install steps to pull private git repositories out of our Azure Repos.

Start first by declaring your composer.json repository and dependencies as normal:

{
  "repositories": [
    {
      "type": "git",
      "url": "https://example_team.visualstudio.com/example_project/_git/example_repo"
    }
  ],
  "require": {
    "example_team/example_repo": "^1.0"
  }
}
{
  "repositories": [
    {
      "type": "git",
      "url": "https://example_team.visualstudio.com/example_project/_git/example_repo"
    }
  ],
  "require": {
    "example_team/example_repo": "^1.0"
  }
}

Your next step is create a unique identity in VSTS that can log in and grant it read access to the repositories required.

Then update your build process to run these steps:

Write auth.json at the root of the artifact next to composer.json '{"http-basic": {"example_team.visualstudio.com": {"username": "lance.gliser@example_team.com","password": "foo"}}}' > auth.json
composer install
Delete the auth.json file so it doesn't reach deployment steps.

You could store the username, and password in secure variables for safety, but that's the gist.

A couple gotchas along the way discovered by Eric:

Powershell's out-file encodes output in UTF-16 however composer expects it in UTF-8. So we have to use set-content to write the file.
You have to expose the variable groups to each build process to get them into the script.