Packeton - Private PHP package repository for vendors

Fork of Packagist. The Open Source alternative of Private Packagist for vendors, that based on Satis and Packagist.

Full documentation docs.packeton.org

Features

• Compatible with Composer API v2, bases on Symfony 6.
• Support update webhook for GitHub, Gitea, Bitbucket and GitLab or custom format.
• Customers user and ACL groups and limit access by vendor and versions.
• Composer Proxies and Mirroring.
• Generic Packeton webhooks
• Allow to freeze updates for the new releases after expire a customers license.
• Mirroring for packages zip files and downloads it's from your host.
• Credentials and Authentication http-basic config or ssh keys.
• Support monolithic repositories, like symfony/symfony
• Pull Request composer.lock change review.
• OAuth2 GitHub, Bitbucket, GitLab/Gitea and Other Integrations.
• Security Monitoring.
• Milty sub repositories.

What was changed in this fork?

• Disable anonymously access, registrations, spam/antispam, added ACL permissions.
• Support MySQL, PostgresSQL or SQLite.
• Removed HWIOBundle, Algolia, GoogleAnalytics and other not used dependencies and other metrics collectors.

Table of content

• Run as Docker container
• Demo
• Installation from code
• Using a reverse proxy
• Outgoing Webhook
  • Intro
  • Examples
    • Telegram notification
    • Slack notification
    • JIRA issue fix version
    • Gitlab setup auto webhook
• Ssh key access
• Configuration
• LDAP Authenticating
• Import from Packagist.com
• OAuth2 GitHub, GitLab Integrations
  • Pull Request review
  • GitHub Setup
• Update Webhooks
  • Github
  • GitLab
  • GitLab Organization
  • Bitbucket
  • Manual hook
  • Custom webhook format
• Mirroring Composer repos
• S3 Storage Provider
• Security Monitoring
• Compare Private Packagist with Packeton
• Usage
  • Create admin user

Demo

See our Administration Demo. Username/password (admin/123456)

Install and Run in Docker

You can use packeton/packeton image or GitHub container registry ghcr.io/vtsykun/packeton:latest image

docker run -d --name packeton \
    --mount type=volume,src=packeton-data,dst=/data \
    -p 8080:80 \
    packeton/packeton:latest

After container is running, you may wish to create an admin user via command packagist:user:manager

docker exec -it packeton bin/console packagist:user:manager admin --password=123456 --admin

Or build and run docker container with docker-compose:

• docker-compose.yml Single container example, here the container runs supervisor that to start other jobs: nginx, redis, php-fpm, cron, worker. However, it does not follow the docker best-practises where 1 service must be per container. But it is very easy to use and KISS principle

• docker-compose-split.yml - multiple containers, where 1 service per container

docker-compose build

docker-compose up -d # Run with single supervisor container 
docker-compose up -f docker-compose-split.yml -d # Or split 

Docker Environment variables

• APP_SECRET - Must be static, used for encrypt SSH keys in database. The value is generated automatically, see .env in the data volume.
• APP_COMPOSER_HOME - composer home, default /data/composer
• DATABASE_URL - Database DSN, default sqlite:////data/app.db. Example for postgres "postgresql://app:pass@127.0.0.1:5432/app?serverVersion=14&charset=utf8"
• PACKAGIST_DIST_PATH - Default /data/zipball, path to storage zipped versions
• REDIS_URL - Redis DB, default redis://localhost
• PACKAGIST_DIST_HOST - Hostname, (auto) default use the current host header in the request.
• TRUSTED_PROXIES - Ips for Reverse Proxy. See Symfony docs
• TRUSTED_HOSTS - Trusted host, set if you've enabled public access and your nginx configuration uses without server_name. Otherwise, possible the DDoS attack with generated a big cache size for each host.
• PUBLIC_ACCESS - Allow anonymous users access to read packages metadata, default: false
• MAILER_DSN - Mailer for reset password, default disabled
• MAILER_FROM - Mailer from

Installation

Requirements

• PHP 8.1+
• Redis for some functionality (favorites, download statistics, worker queue).
• git/svn/hg depending on which repositories you want to support.
• Supervisor to run a background job worker
• (optional) MySQL or PostgresSQL for the main data store, default SQLite

1. Clone the repository
2. Install dependencies: composer install
3. Create .env.local and copy needed environment variables into it, see docker Environment variables section
4. Run bin/console doctrine:schema:update --force --complete to set up the DB
5. Create admin user via console.

php bin/console packagist:user:manager username --email=admin@example.com --password=123456 --admin 

6. (optional) If you changed the configuration files, then you need to clear the cache rm -rf var/cache/* or php bin/console cache:clear

7. Enable cron tabs and background jobs. Enable crontab crontab -e -u www-data or use Docker friendly build-in cron demand runner.

* * * * * /var/www/packagist/bin/console okvpn:cron >> /dev/null

Example, run cron as background process without crontab. Can use with supervisor.

bin/console okvpn:cron --demand

Setup Supervisor to run worker.

sudo apt -y --no-install-recommends install supervisor

Create a new supervisor configuration.

sudo vim /etc/supervisor/conf.d/packagist.conf

Add the following lines to the file.

[program:packagist-workers]
environment =
        HOME=/var/www/
command=/var/www/packagist/bin/console packagist:run-workers --env=prod --no-debug
directory=/var/www/packagist/
process_name=%(program_name)s_%(process_num)02d
numprocs=1
autostart=true
autorestart=true
startsecs=0
redirect_stderr=true
priority=1
user=www-data

8. IMPORTANT Make sure that web-server, cron and supervisor run under the same user, that should have an ssh key that gives it read (clone) access to your git/svn/hg repositories. If you run application under www-data you can add your ssh keys to /var/www/.ssh/

You should now be able to access the site, create a user, etc.

9. Make a VirtualHost with DocumentRoot pointing to public/

Ssh key access and composer oauth token.

Packagist uses the Composer global config and global ssh-key to get read access to your repositories, so the supervisor worker packagist:run-workers and web-server must run under the user, that have ssh key or composer config that gives it read (clone) access to your git/svn/hg repositories. For example, if your application runs under www-data and have home directory /var/www, directory structure must be like this.

    └── /var/www/
        └── .ssh/ # ssh keys directory
            ├── config
            ├── id_rsa # main ssh key
            ├── private_key_2 # additional ssh key
            └── private_key_3

Example ssh config for multiple SSH Keys for different github account/repos, see here for details

# .ssh/config - example

Host github-oroinc
	HostName github.com
	User git
	IdentityFile /var/www/.ssh/private_key_2
	IdentitiesOnly yes

Host github-org2
	HostName github.com
	User git
	IdentityFile /var/www/.ssh/private_key_3
	IdentitiesOnly yes

If you have the error This private key is not valid inserting your ssh in admin panel is because the ssh key was generated with newer OpenSSH. New keys with OpenSSH private key format can be converted using ssh-keygen utility to the old PEM format. ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

You can add GitHub/GitLab access token to auth.json of composer home dir (default `APP_COMPOSER