Handle additional git providers in set_composer_auth_env_var()

[Copilot]

Extends Composer authentication support beyond GitHub to include GitLab, Bitbucket, and HTTP basic auth.

Changes

• GitLab OAuth: GITLAB_OAUTH_TOKEN → gitlab-oauth.gitlab.com
• GitLab Token: GITLAB_TOKEN → gitlab-token.gitlab.com
• Bitbucket OAuth: BITBUCKET_CONSUMER_KEY + BITBUCKET_CONSUMER_SECRET → bitbucket-oauth.bitbucket.org
• HTTP Basic: HTTP_BASIC_AUTH (JSON) → http-basic.*

All providers respect existing COMPOSER_AUTH values without overriding. Invalid inputs (malformed JSON, partial credentials) are silently ignored.

Example usage:

# GitLab token
GITLAB_TOKEN=glpat_xyz wp package install vendor/package

# HTTP basic auth for custom repo
HTTP_BASIC_AUTH='{"repo.example.com":{"username":"user","password":"pass"}}' wp package install vendor/package

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Handle more git providers in set_composer_auth_env_var()</issue_title>
<issue_description>As of #47, we support GitHub. There are a few other providers we could support too:

• bitbucket-oauth
• gitlab-oauth
• gitlab-token
• http-basic</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Handle more git providers in set_composer_auth_env_var() #48

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

This PR extends Composer authentication support beyond GitHub to include GitLab (OAuth and personal access tokens), Bitbucket OAuth, and HTTP Basic Auth, allowing WP-CLI to authenticate with multiple Git providers when installing packages.

Changes:

• Added support for GITLAB_OAUTH_TOKEN and GITLAB_TOKEN environment variables
• Added support for BITBUCKET_CONSUMER_KEY and BITBUCKET_CONSUMER_SECRET environment variables
• Added support for HTTP_BASIC_AUTH environment variable (JSON format)
• All new providers respect existing COMPOSER_AUTH values without overriding
• Added comprehensive unit tests and feature tests for all new providers

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
src/Package_Command.php	Extends set_composer_auth_env_var() method to handle GitLab, Bitbucket, and HTTP Basic Auth environment variables, following the same pattern as existing GitHub support
tests/PackageAuthTest.php	Adds comprehensive unit tests covering all new auth providers, edge cases (partial credentials, invalid JSON), and verification that existing auth is preserved
features/package-auth.feature	Adds Behat scenarios to test real-world usage of all new authentication providers

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The condition is_string( $github_token ) will accept empty strings, which could result in empty authentication tokens being added to COMPOSER_AUTH. Consider adding an additional check to ensure the token is not empty, such as is_string( $github_token ) && '' !== $github_token, which would be more consistent with the truthy check pattern used elsewhere in this file (e.g., line 939: $github_token ? [ 'Authorization' => 'token ' . $github_token ] : []).

[Copilot]

The condition is_string( $gitlab_token ) will accept empty strings, which could result in empty authentication tokens being added to COMPOSER_AUTH. Consider adding an additional check to ensure the token is not empty, such as is_string( $gitlab_token ) && '' !== $gitlab_token.