News Archive
PhpRiot Newsletter
Your Email Address:

More information

Composer, Github and Travis-CI

Note: This article was originally published at Planet PHP on 19 December 2012.
Planet PHP

Composer seems to have become the defacto dependency management tool in the last year. At EasyBib we make heavy use of composer both when we run test suites on Travis-CI and also during deployment.

Because we use Github to host our code, the most obvious ways to speed up each of these runs is to use Github downloads instead of cloning the code during ./composer.phar install.

By default composer will attempt this - unless --prefer-source is provided.


One of the caveats to this is that by default composer will use unauthenticated API calls against the Github API. Github's API allows onlyA60 unauthenticated calls an hourAbut up to 5,000 authenticated calls in the same timespan.

In an office with six developers it's easy to burn through these 60 calls. On Travis-CI - due to a lot higher volumes of test runs and customers - it's even easier.

The solution is to configure composer to use an OAuth2 key!


There are of courseAprogrammatic ways to generate the key using Github's API.

But the easiest way is to wait until I exceeded all calls and have composer set it up for me. Once I aquired the key, I made a copy of the ~/.composer/config.json file and backed it up for later.

The manual steps to set it up are as follows:

$ mkdir ~/.composer
$ echo '{ "config": { "github-oauth": { "": "YOUR-KEY" } } }' ~/.composer/config.json

On Travis-CI (or anywhere else where automation is required), the same commands can be executed within the before_script in your .travis.yml.


Please note: This method works best on private repositories and the Travis-CI pro setup. The token you specify may or may not give anyone access to your private repositories as well.

One way to sail around the access limit is to setup a dedicated user on GitHub which has only pull-access to your public repositories. Another is to use the facilities to encrypt the data.