Composer's HTTP/2 400 failures from codeload.github.com in CI
We hit a frustrating issue recently while building PHP images in AWS CodeBuild: composer install
started failing, often, with an HTTP/2 400 from codeload.github.com while downloading a package
archive. The package that failed changed from run to run, and the same Dockerfile and
composer.lock that broke in one pipeline built cleanly in another. The short version is that this
is GitHub wobbling rather than anything wrong in your project, that the same failure has come and
gone for years, and that the usual environment-variable fixes only take the edge off. If your
deployments run composer install, here is what is actually going on and how to stop it taking your
builds down.




