Skip to content
Snippets Groups Projects
Select Git revision
  • fa8d3ff693ea3822d3598fd116714829e6da4b8b
  • main default protected
  • next
  • renovate/main-redis-5.x
  • chore/update-static-data
  • feat/gnupg
  • fix/36615b-branch-reuse-no-cache
  • chore/punycode
  • refactor/pin-new-value
  • feat/36219--git-x509-signing
  • feat/structured-logger
  • hotfix/39.264.1
  • feat/skip-dangling
  • gh-readonly-queue/next/pr-36034-7a061c4ca1024a19e2c295d773d9642625d1c2be
  • hotfix/39.238.3
  • refactor/gitlab-auto-approve
  • feat/template-strings
  • gh-readonly-queue/next/pr-35654-137d934242c784e0c45d4b957362214f0eade1d7
  • fix/32307-global-extends-merging
  • fix/32307-global-extends-repositories
  • gh-readonly-queue/next/pr-35009-046ebf7cb84ab859f7fefceb5fa53a54ce9736f8
  • 41.62.4
  • 41.62.3
  • 41.62.2
  • 41.62.1
  • 41.62.0
  • 41.61.1
  • 41.61.0
  • 41.60.4
  • 41.60.3
  • 41.60.2
  • 41.60.1
  • 41.60.0
  • 41.59.2
  • 41.59.1
  • 41.59.0
  • 41.58.2
  • 41.58.1
  • 41.58.0
  • 41.57.1
  • 41.57.0
41 results

php.md

Blame
  • user avatar
    HonkingGoose authored and GitHub committed
    Co-authored-by: default avatarRhys Arkins <rhys@arkins.net>
    124c1e63
    History
    title: PHP Composer Support
    description: PHP Composer support in Renovate

    Automated Dependency Updates for PHP Composer Dependencies

    Renovate can upgrade dependencies in PHP's composer.json and composer.lock files.

    How It Works

    1. Renovate searches in each repository for any composer.json files
    2. Existing dependencies are extracted from the relevant sections of the JSON
    3. Renovate resolves the dependency on Packagist (or elsewhere if configured), and filter for SemVer versions
    4. A PR is created with composer.json and composer.lock updated in the same commit
    5. If the source repository has either a "changelog" file or uses GitHub releases, then Release Notes for each version will be embedded in the generated PR

    Enabling

    Either install the Renovate App on GitHub, or check out Renovate OSS for self-hosted.

    Private packages

    If you are using a privately hosted Composer package you can pass the credentials via the hostRules configuration.

    {
      "hostRules": [
        {
          "matchHost": "some.vendor.com",
          "hostType": "packagist",
          "username": "<your-username>",
          "password": "<your-password>"
        },
        {
          "matchHost": "bearer-auth.for.vendor.com",
          "hostType": "packagist",
          "token": "abcdef0123456789"
        }
      ]
    }

    This host rule is best added to the bot's config.js config so that it is not visible to users of the repository. If you are using the Mend Renovate App then you can encrypt it with Renovate's public key instead, so that only Renovate can decrypt it.

    Go to https://app.renovatebot.com/encrypt, paste in the secret string you wish to encrypt, select Encrypt, then copy the encrypted result. You may encrypt your password only, but you can encrypt your username as well.

    {
      "hostRules": [
        {
          "matchHost": "some.vendor.com",
          "hostType": "packagist",
          "encrypted": {
            "username": "<your-encrypted-username>",
            "password": "<your-encrypted-password>"
          }
        },
        {
          "matchHost": "bearer-auth.for.vendor.com",
          "hostType": "packagist",
          "encrypted": {
            "token": "<your-encrypted-token>"
          }
        }
      ]
    }