https://composer.tiki.org supplies source code (external dependencies) that is bundled in Tiki, whereas packages-tiki-org is for code that is not bundled (An additional step must be done on each Tiki instance). This is known as Tiki Packages.
They both replace getting the code from https://packagist.org/ (which is the usual default for PHP development). Tiki has a Long Term Support cycle and this insures the code remains easily available to bundle in Tiki even if the original source is no longer available from Packagist.org (which is bound to happen when you have over 150 dependencies and a 5 year support period)
- hosted on a server managed by the Tiki community
- offering packages for multiple Tiki branches/versions, including some old ones
- available both in http and https because some users require http (yes, https is better)
- powered by Satis
- built several times per day from https://gitlab.com/tikiwiki/tiki/-/blob/master/doc/devtools/satis.json
- Packages are mainly copied from:
- https://packagist.org/ (preferred)
- https://asset-packagist.org/ (second choice)
To start using a new dependency, please make two merge requests:
- One to https://gitlab.com/tikiwiki/tiki/-/blob/master/doc/devtools/satis.json
- And then to vendor_bundled/composer.json and vendor_bundled/composer.lock for the relevant branch
Why two merge requests? Doesn't this go against the concept of the Atomic Commit Convention? Yes, but satis.json needs to first be modified so package can appear on composer.tiki.org, and then, a few minutes later, it becomes available to be used.
Tips: