Private sources

To check for updates and apply them Codario requires access not only to your "manifest" and "lock" files but and to all sources described there.

Private GIT repositories

For example, if you use the extra repository for your Composer project (see below):

"repositories": [
    {
        "url": "ssh://github.com/owner/repo.git",
        "type": "git"
    }
],

And if this repository is private, this means that Codario will not be able to handle your project.

To fix it, just add your personal SSH key from this page to necessary git repositories (read-access will be enough) and Codario be able to automatically connect to those resources using this SSH key.

Use this approach for all similar cases for other dependencies managers as well.

For example, npm supports the following definition to get @owner/package package from git+ssh://git@github.com:owner/repo.git repository:

"@owner/package": "git+ssh://git@github.com:owner/repo.git"

Just add your personal SSH key from this page to that git repository. That's all!

Important: you need to use namely ssh protocol for all private sources.

Private dependency manager repositories

Sometimes necessary use some private packages from dependency manager repositories (not from git repositories, like packagist.com for Composer). As a rule, every dependencies manager supports a special "option" to provide access to these resources.

Project configs supports this option by the following way:

  ...
  "extra": {
    "private_data": { ... }
  }

Every dependency manager has a personal way to provide access to private packages. Read all details on Supported dependency managers page.

We highly recommend don't keep secure data directly in extra.private_data because this approach disrupts the security of your project. Use snippets for it.