Composer Satis Repository seems to be referring to source URL rather than dist URL

Question

I have a Satis server with basic HTTP authentication set up.

The config file looks like this:

{
    "name": "MySatisServer",
    "homepage": "https:\/\/satis.example.co.uk",
    "repositories": [
        {
            "type": "git",
            "url": "[email protected]:Org\/Repo1.git"
        },
        {
            "type": "git",
            "url": "[email protected]:Org\/Repo2.git"
        },
        {
            "type": "git",
            "url": "[email protected]:Org\/Repo3.git"
        },
        {
            "type": "git",
            "url": "[email protected]:Org\/Repo4.git"
        }
    ],
    "require-all": true,
    "require-dependencies": true,
    "require-dev-dependencies": true,
    "archive": {
        "directory": "dist",
        "format": "zip",
        "prefix-url": "https://satis.example.co.uk"
    }
}

I have run the satis build, which created my dist directory with the packages.json file that looks correct.

I am able to go to https://satis.example.co.uk in my browser and download any version of the repositories that I want as a ZIP and it works fine.

The problem appears when I try to use the repo through composer.

My composer.json file looks something like this:

{
    "name": "some/project",
    "description": "",
    "license": "proprietary",
    "authors": [],
    "require": {
        "org/repo-4": "^1.0"
    },
    "repositories": [
        {
            "type": "composer",
            "url": "https://satis.example.co.uk"
        }
    ]
}

Since the Satis Server is behind basic HTTP authentication I also have an auth.json file that looks like this:

{
    "http-basic": {
        "satis.example.co.uk": {
            "username": "my-username",
            "password": "my-password"
        }
    }
}

Running a composer install gives me the following output:

- Installing org/repo-4 (1.0.0): Downloading (failed)    Failed to download org/repo-4 from dist: The "https://api.github.com/repos/Org/Repo4/zipball/128f63b6a91cf71d5cda8f84861254452ff3a1af" file could not be downloaded (HTTP/1.1 404 Not Found)
Now trying to download from source
- Installing org/repo-4 (1.0.0): Cloning failed using an ssh key for authentication, enter your GitHub credentials to access private repos
Head to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+box359.localdomain+2017-04-18+1416
to retrieve a token. It will be stored in "/home/ubuntu/CashbackEngine/auth.json" for future use by Composer.
Token (hidden):

As you can see from the above, it is completely ignoring the fact that the file it needs to download is located at https://satis.example.co.uk/dist/org/repo-4/repo-4-1.0.0-e1cd03.zip, and is jumping straight to try and fetch from the source at GitHub, which is not the desired result as it is a private GitHub repository.

It looks as if it doesn't even realise that there is a different dist version available.

Is there something wrong with my set up?

Any help is appreciated.

Answer 1

The problem was related to the composer.lock file.

Although the dist URL on Satis was correct, composer wasn't even paying attention to it as the composer lock file had cached the old dist url which was at GitHub.

The solution was to delete the composer.lock file and run composer install. I also ran a composer clearcache beforehand just to make sure.