Could not fetch https://api.github.com/repos/deployphp/deployer/zipball/bb77894b041616a1243f4d8240c0359e0cc360aa

[henzeb]

Deployer Version

v7, v8.

Target OS

Kubuntu 26.04

Which PHP version are you using?

PHP 8.5

Content of deploy.php or deploy.yaml

it is a composer bug.

Could not fetch https://api.github.com/repos/deployphp/deployer/zipball/bb77894b041616a1243f4d8240c0359e0cc360aa, please review your configured GitHub OAuth token or enter a new one to access private repos
You need to provide a GitHub access token.
Tokens will be stored in plain text in "/home/henze/.config/composer/auth.json OR /home/henze/.config/composer/auth.json" for future use by Composer.
Due to the security risk of tokens being exfiltrated, use tokens with short expiration times and only the minimum permissions necessary.

Carefully consider the following options in order:

1. When you don't use 'vcs' type 'repositories' in composer.json and do not need to clone source or download dist files
   from private GitHub repositories over HTTPS, use a fine-grained token with read-only access to public information.
   Use the following URL to create such a token:
   https://github.com/settings/personal-access-tokens/new?name=Composer+on+hestia+2026-05-01+1049

2. When all relevant private GitHub repositories belong to a single user or organisation, use a fine-grained token with
   repository "content" read-only permissions. You can start with the following URL, but you may need to change the resource owner
   to the right user or organisation. Additionally, you can scope permissions down to apply only to selected repositories.
   https://github.com/settings/personal-access-tokens/new?contents=read&name=Composer+on+hestia+2026-05-01+1049

3. A "classic" token grants broad permissions on your behalf to all repositories accessible by you.
   This may include write permissions, even though not needed by Composer. Use it only when you need to access
   private repositories across multiple organisations at the same time and using directory-specific authentication sources
   is not an option. You can generate a classic token here:
   https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+hestia+2026-05-01+1049

For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth

Steps to reproduce

just install composer global require "deployer/deployer:^8.0"

or composer global require "deployer/deployer:^7.0"

[henzeb]

turns out I had an old expired token setup, and composer is not smart enough to not use tokens for public repo's that do not require one.