From ae22cd984e8acd0705e90676adb9bf1705cd64fc Mon Sep 17 00:00:00 2001
From: Guy Sartorelli <guy.sartorelli@signify.co.nz>
Date: Tue, 14 Dec 2021 10:04:30 +1300
Subject: [PATCH] ENH Allow developers to declare which packages are
 inaccessible.

This provides a common configuration point for modules which provide additional functionality to the maintenance report that may attempt to access private and otherwise inaccessible repositories.
---
 README.md                           | 19 +++++++++++++++++++
 src/Tasks/UpdatePackageInfoTask.php | 23 +++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/README.md b/README.md
index 3cdde58..4d83c37 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,25 @@ newer releases don't show up as expected. We recommend to have looser constraint
 (e.g. `silverstripe/framework:^4.3`). When the "Latest" version shows `dev-master`,
 it likely means that you have `"minimum-stability": "dev"` in your `composer.json`.
 
+## Private repositories
+
+While this module itself doesn't fetch information about repositories, other modules (such as the [update-checker](https://github.com/bringyourownideas/silverstripe-composer-update-checker)) do. If you have private repositories for which you are unable to provide authentication details to the respective module, you should mark those repositories as inaccessible.
+
+This can be done either per repository:
+```yml
+BringYourOwnIdeas\Maintenance\Tasks:
+  inaccessible_packages:
+    - some-org/some-package-name
+```
+
+or for situations where you are hosting repositories yourself, per host:
+```yml
+BringYourOwnIdeas\Maintenance\Tasks:
+  inaccessible_repository_hosts:
+    - gitea.mycompany.com
+```
+This catches packages whether they're referenced by https or ssh URLs - for example, for `https://gitea.mycompany.com/some-org/some-package-name.git` and for `git@gitea.mycompany.com:some-org/some-package-name.git`, the value should be `gitea.mycompany.com`.
+
 ## Documentation
 
 Please see the [user guide](docs/en/userguide/index.md) section.
diff --git a/src/Tasks/UpdatePackageInfoTask.php b/src/Tasks/UpdatePackageInfoTask.php
index 2ddaa99..68262b3 100644
--- a/src/Tasks/UpdatePackageInfoTask.php
+++ b/src/Tasks/UpdatePackageInfoTask.php
@@ -54,6 +54,29 @@ class UpdatePackageInfoTask extends BuildTask
         'silverstripe-vendormodule',
     ];
 
+    /**
+     * A list of package names which composer will not be able to access
+     * e.g. private packages for which you aren't allowed to provide credentials.
+     *
+     * @config
+     * @var array
+     */
+    private static $inaccessible_packages = [];
+
+    /**
+     * A list of repository hosts which composer will not be able to access
+     * e.g. private repository hosts for which you aren't allowed to provide credentials.
+     *
+     * This works for https AND ssh URLs - for example, for
+     * `https://gitea.mycompany.com/some-org/some-repository.git` and for
+     * `git@gitea.mycompany.com:some-org/some-repository.git`, the value should be
+     * `gitea.mycompany.com`
+     *
+     * @config
+     * @var array
+     */
+    private static $inaccessible_repository_hosts = [];
+
     /**
      * @var ComposerLoader
      */