An even better way would be to rely upon composer infrastructure (since wp-cli already depends on it).
It would gives access to .config/composer/auth.json which is likely to contain all the tokens we needs.

Note that composer just provided a download-only flag (and public method) in composer/composer#11041 which would allow fetching packages (using authentication) and still install them the way we want.

NB: GITHUB_TOKEN is already supported in the code.

The PHPCS warning is unrelated to this patch and the suggested indentation change seems wrong. But committed a "fix" anyway.

NB: GITHUB_TOKEN is already supported in the code.

@drzraf Cool. Just to clarify, GITHUB_TOKEN is supported by default, but it's necessary to add special support for GITLAB_TOKEN ?

I considered GITLAB_TOKEN (necessary for private GitLab repo) in the initial implementation. But it was buggy. GITLAB_TOKEN was either:

• Not used (when it comes to the initial retrieval of composer.json)
• The fallback logic (relying on GITLAB_TOKEN) for private packages, wasn't correct (and as such, private packages couldn't be retrieved)

ping ?

@drzraf Is there a good way to test this?

GITLAB_TOKEN=xxx wp package install https://gitlab.com/my/project.git (my/project is a private repository)

• Before: failed
• After: succeed

@drzraf Sorry for the delay!

Here's what I tried:

GITLAB_TOKEN=glpat-XXXXXX wp package install https://gitlab.com/danielbachhuber/wp-cli-test-package.git
Warning: Couldn't fetch default branch for package 'https://gitlab.com/danielbachhuber/wp-cli-test-package.git' (HTTP code 404). Presuming default branch is 'master'.
Installing package danielbachhuber/wp-cli-test-package (dev-master)
Updating /Users/danielbachhuber/wp-cli/packages/composer.json to require the package...
Registering https://gitlab.com/danielbachhuber/wp-cli-test-package.git as a VCS repository...
Using Composer to install the package...
---
Loading composer repositories with package information
Warning: Failed to execute git clone --mirror -- 'git@gitlab.com:danielbachhuber/wp-cli-test-package.git' '/Users/danielbachhuber/Library/Caches/composer/vcs/git-gitlab.com-danielbachhuber-wp-cli-test-package.git/'

Cloning into bare repository '/Users/danielbachhuber/Library/Caches/composer/vcs/git-gitlab.com-danielbachhuber-wp-cli-test-package.git'...
git@gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

---
Error: Package installation failed.
Reverted composer.json.

Is there something obvious I'm missing? My private repo is https://gitlab.com/danielbachhuber/wp-cli-test-package

Registering https://gitlab.com/danielbachhuber/wp-cli-test-package.git as a VCS repository shows that composer automatically switched to ssh to connect. Most probably, your ssh/ssh-agent/ssh-config is not configured or doesn't survive within a wp-cli run. (For me, it works). This is triggered by composer->setPreferSource(). The GITLAB_TOKEN environment (and HTTP headers) is only a way to access repository on HTTPS but doesn't do anything about ssh which must be configured on the machine (as for GitHub)

I just added a couple of commits fix two aspects:

• Considering GitLab as a last fall-back for the case a package is given as an argument without precision.
• Handle the GitLab subgroup (more than one / in the project name)

@drzraf Cool, sounds good. Can you fix up the PHPCS issues and then we can land it?