Private repos on Laravel Forge: Spark and Mailcoach

I’m developing a new service and I’ve decided to go all-in on Laravel. Not only am I developing the application in Laravel, and using ready-made components like Laravel Spark (SaaS user management and payment) and Spatie Mailcoach (mailing server), I also deploy to DigitalOcean with Laravel Forge. At 12$/month (for the ‘Hobby’ plan), even if it saves me only 15 minutes of time every month, that’s already worth it.

While Laravel Forge has an excellent auto-deploy function, you can’t use that the first time you want to deploy. You have to disable this magic composer install on your first run. You first need to give authentication proof to get access to private repos like Spark and Mailcoach. So you have to run the first composer install via ssh in interactive mode

$ ssh forge@<yourserver>
$ cd /home/forge/<yourdomain>
$ composer install

Laravel Spark: needs a Github token

When composer tries to install Laravel Spark, you will get a warning:

Failed to download laravel/spark-aurelius from dist: The "https://api.github.com/repos/laravel/spark-aurelius/zipball/(...)" file could not be downloaded (HTTP/1.1 404 Not Found)
Now trying to download from source
- Syncing laravel/spark-aurelius (v11.0.4) into cache
 Cloning failed using an ssh key for authentication, enter your GitHub credentials to access private repos
 Head to https://github.com/settings/tokens/new?scopes=repo&description=(...)
 to retrieve a token. It will be stored in "/home/forge/.config/composer/auth.json" for future use by Composer.

So you open a browser for github.com/settings/tokens/new?scopes=repo and create a token there (this unique token proves that in Github, you have access to the Spark repository), copy it and then paste it into your console. Composer will store this token so the next deployment will not need to ask for it.

Token (hidden): (***)<br>Token stored successfully.

Mailcoach: private Satis server

The Mailcoach authentication works a bit different. Spatie operates a private Packagist/Satis server at satis.spatie.be. You’ve had to add this to your composer.json, as explained on github.com/spatie/laravel-mailcoach-docs. To get access to this server in this first deployment, you need to give your username, which is your email, and a password, which is your Mailcoach license key (64 characters). Composer will then ask to save these in a auth.json file. You should do this, because then all following deployments won’t need to ask this anymore.

Authentication required (satis.spatie.be):
Username: <your email>
Password: <your license key>
Do you want to store credentials for satis.spatie.be in /home/forge/.config/composer/auth.json ? [Yn] Y

Then you can go back to Forge and enable the automatic “Quick Deploy” functionality.

You’ve noticed how both procedures save their authentication in the same file auth.json. The file will like this:

{
    "github-oauth": {
        "github.com": "<Github token code>"
    },
    "http-basic": {
        "satis.spatie.be": {
            "username": "<your email>",
            "password": "<your license code>"
        }
    }
}