{"id":13799212,"url":"https://github.com/fossar/composition-c4","last_synced_at":"2025-05-07T20:44:43.782Z","repository":{"id":90945681,"uuid":"372346452","full_name":"fossar/composition-c4","owner":"fossar","description":"Fetch Composer dependencies using Nix","archived":false,"fork":false,"pushed_at":"2023-05-22T12:14:59.000Z","size":42,"stargazers_count":11,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-07T20:44:33.676Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fossar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-05-31T01:00:50.000Z","updated_at":"2024-08-22T04:02:57.000Z","dependencies_parsed_at":"2024-01-07T21:52:35.599Z","dependency_job_id":"23f70073-ba97-4e0a-9542-2aff5dbd6f8b","html_url":"https://github.com/fossar/composition-c4","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fossar%2Fcomposition-c4","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fossar%2Fcomposition-c4/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fossar%2Fcomposition-c4/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fossar%2Fcomposition-c4/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fossar","download_url":"https://codeload.github.com/fossar/composition-c4/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252954143,"owners_count":21830895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T00:00:59.866Z","updated_at":"2025-05-07T20:44:43.765Z","avatar_url":"https://github.com/fossar.png","language":"Nix","funding_links":[],"categories":["Programming Languages"],"sub_categories":["PHP"],"readme":"# Composition C-4\n\nThis is a lightweight library that allows downloading [Composer](https://getcomposer.org/) dependencies using [Nix](https://nixos.org/). It falls under lockfile-based tools in [nmattia’s typology][nixcon-language-support-overview].\n\n\u003e **Warning:** backwards compatibility is not guaranteed, pin this repo if you want to avoid breakage.\n\n## How to use?\n\n1. Pass the output of `c4.fetchComposerDeps` as `composerDeps` to derivation.\n2. Add `c4.composerSetupHook` as derivation’s dependency.\n\n```nix\n{\n  stdenv,\n  fetchFromGitHub,\n  php,\n  c4,\n}:\n\nstdenv.mkDerivation rec {\n  pname = \"grav\";\n  version = \"1.7.15\";\n\n  src = fetchFromGitHub {\n    owner = \"getgrav\";\n    repo = \"grav\";\n    rev = version;\n    sha256 = \"4PUs+6RFQwNmCeEkyZnW6HAgiRtP22RtkhiYetsrk7Q=\";\n  };\n\n  composerDeps = c4.fetchComposerDeps {\n    inherit src;\n  };\n\n  nativeBuildInputs = [\n    php.packages.composer\n    c4.composerSetupHook\n  ];\n\n  installPhase = ''\n    runHook preInstall\n\n    composer --no-ansi install\n    cp -r . $out\n\n    runHook postInstall\n  '';\n}\n```\n\n### With Nix flakes\n\n\u003e **Warning:** Nix flakes are experimental technology, use it only if you are willing to accept that you might need to change your code in the future.\n\nAdd this repository to the `inputs` in your `flake.nix`’s:\n\n```nix\n  inputs = {\n    …\n    c4.url = \"github:fossar/composition-c4\";\n  };\n```\n\nthen, add the overlay to your Nixpkgs instance. `outputs`, you will be able to access our utilities under `c4` namespace.\n\n```nix\n  outputs = { self, nixpkgs, c4, ... }:\n    let\n      pkgs = import nixpkgs {\n        system = \"x86_64-linux\";\n        overlays = [ c4.overlay ];\n      };\n    in\n    {\n      packages.x86_64-linux.grav = pkgs.callPackage ./grav.nix { };\n    };\n```\n\n## What is the complete API?\n\n### `c4.fetchComposerDeps`\n\nThis is a function that, for given source, returns a derivation with a Composer repository containing the packages listed by the Composer lock file in the source directory. It takes the following arguments:\n\n- Either `lockFile` containing an explicit path to `composer.lock` file, or `src`, which is the source directory/derivation containing the file.\n\n### `c4.composerSetupHook`\n\nThis is a [setup hook](https://nixos.org/manual/nixpkgs/stable/#ssec-setup-hooks). By adding it to `nativeBuildInputs` of a Nixpkgs derivation, the following hooks will be automatically enabled.\n\n#### `composerSetupPreConfigureHook`\n\nThis hook will run before [`configurePhase`](https://nixos.org/manual/nixpkgs/unstable/#ssec-configure-phase). Its goal is configuring the Composer project to use the repository created by `c4.fetchComposerDeps` for fetching packages, instead of Packagist.\n\nIt is controlled by the following environment variables (pass them to the derivation so that they are available in the builder):\n\n- `composerDeps` – the derivation produced by `c4.fetchComposerDeps`.\n- `composerRoot` – when the `composer.json`/`composer.lock` files are not in `sourceRoot`, then the optional `composerRoot` is used to specify the PHP project’s root directory relative to `sourceRoot`.\n\n## What are the limitations?\n\n- It requires `composer.lock` to exist.\n- It currently only supports downloading packages from Git.\n- When the lockfile comes from a source derivation rather then a local repository, Nix’s [import from derivation](https://nixos.wiki/wiki/Import_From_Derivation) mechanism will be used, inheriting all problems of IFD. Notably, it cannot be used in Nixpkgs.\n- We download the sources at evaluation time so it will block evaluation, this is especially painful since Nix currently does not support parallel evaluation.\n- Nix’s fetchers will fetch the full Git ref, which will take a long time for heavy repos like https://github.com/phpstan/phpstan.\n- It might be somewhat slower than generated Nix files (e.g. [composer2nix]) since the Nix values need to be constructed from scratch every time.\n\nFor more information look at Nicolas’s _[An overview of language support in Nix][nixcon-language-support-overview]_ presentation from NixCon 2019.\n\n## How does it work?\n\n`composer.lock` does not usually contain hashes of packages because they usually come from GitHub-generated tarballs, which are unstable. There is [proposal](https://github.com/composer/composer/issues/2540) for hashing the archive contents but there has not been a progress so far. This is a problem for Nix since without a hash, it cannot create a fixed-output derivation.\n\nFortunately, most packages come from git repositories and Nix can actually fetch git trees for commits without output hash using `builtins.fetchGit` (at least when [not in restricted-eval mode](https://github.com/NixOS/nix/issues/3469)). This allows us to download individual packages.\n\nWe then create a [Composer repository](https://getcomposer.org/doc/05-repositories.md) and using the setup hook, we point Composer to it so it can install packages from there.\n\n## Prior art and inspiration\n\nThere is Sander’s [composer2nix] but that follows the generator approach, which is not always convenient.\n\nstephank’s [composer-plugin-nixify](https://github.com/stephank/composer-plugin-nixify) also opts for the generator route but it hooks into Composer so the generated file is always in sync with `composer.lock` (even for developers not using Nix).\n\nWe decided to use lockfile-based approach inspired by Nicolas’s [napalm](https://github.com/nmattia/napalm), a similar tool for npm (JavaScript). The hook design was based on `rustPlatform.cargoSetupHook` and `rustPlatform.fetchCargoTarball` from Nixpkgs.\n\n## License\n\nThe contents of this project is distributed under the [MIT license](LICENSE.md).\n\n[nixcon-language-support-overview]: https://www.nmattia.com/posts/2019-11-12-language-support-overview-nixcon.html\n[composer2nix]: https://github.com/svanderburg/composer2nix\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffossar%2Fcomposition-c4","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffossar%2Fcomposition-c4","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffossar%2Fcomposition-c4/lists"}