#69 add apt proxy repo support #70
Conversation
Jbaudon
force-pushed
the
69-apt-proxy-repo
branch
from
813d113
to
50940eb
Compare
There was a problem hiding this comment.
This looks great, thanks so much 🎉.
I will look to test this soon, but I can't make a guarantee right now.
Regarding integration tests, I think the Bats container image is build on Alpine Linux. There is an apt package in their repos. So it might be possible to add tests after running apk add apt in the container build.
| import os | ||
|
|
||
| PYPI_REMOTE_URL = os.getenv("PYPI_REMOTE_URL", "https://pypi.org/") | ||
| CRAN_REMOTE_URL = os.getenv("CRAN_REMOTE_URL", "https://cran.r-project.org/") | ||
| APT_REMOTE_URL = os.getenv("APT_REMOTE_URL", "http://deb.debian.org/debian") | ||
| APT_DISTRO = os.getenv("APT_DISTRO", "bookworm") |
There was a problem hiding this comment.
This is a good idea, we should add these env vars to the list in the README
nexus_allowlist/actions.py
Outdated
| nexus_api, | ||
| name=f"apt-{package}", | ||
| description=f"Allow access to {packages} APT package", | ||
| expression=f'format == "apt" and path=~"^/pool/.*/{package}.*"', |
There was a problem hiding this comment.
The regex here feels quite permissive.
What does the directory structure looks like between /pool/ and {package?
There was a problem hiding this comment.
Here is an exemple :
https://fr.archive.ubuntu.com/ubuntu/pool/universe/r/r-base/r-base_4.4.2-1_all.deb
Unless you want to restrict access to certain package archives (main, universe, multiverse, restricted for Ubuntu), I don't see how you can make the regex stricter.
There was a problem hiding this comment.
I can't remember how flexible the expression language is, but it could be something like ^/pool/(main|universe|multiverse|restricted)/.*/{package}.*" or even ^/pool/({'|'.join(allowed_archives)})/.*/{package}.*".
There was a problem hiding this comment.
According the Nexus documentation, the content selector supports Java Regex. It's worth a try.
There was a problem hiding this comment.
It does work ! I implemented a new env var for this purpose.
| nexus_api, | ||
| name="apt-packages", | ||
| description="Allow access to 'Packages.gz' file in APT repository", | ||
| expression=f'format == "apt" and path=~"^/dists/{APT_DISTRO}/.*/Packages.gz"', |
There was a problem hiding this comment.
Does this work for all apt repositories? Debian, Ubuntu, Linux Mint for example.
There was a problem hiding this comment.
It seems to match for ubuntu https://fr.archive.ubuntu.com/ubuntu/dists/bionic/main/binary-amd64/Packages.gz. I infer it's a standard from apt/debian.
Description
Fixes #69
This PR simplifies the installation of Debian packages required by R packages by configuring a Nexus APT proxy repository and updating the related allowlist.
Additionally, it introduces the option to pass certain parameters as environment variables, enabling users to modify the remote source of proxy repositories and specify the APT distribution version. This also allows for the use of private repositories (PyPI, CRAN, or APT) or distributions other than Debian (Ubuntu for instance).
Caveat
I did not implement integration tests because doing so would require modifying the base image to a Debian-based one in integration_tests/Dockerfile. I’m not comfortable making such changes. If you have any suggestions regarding this, I would appreciate your input.