Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow installing packages from private indexes #1040

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Allow installing packages from private indexes #1040

wants to merge 5 commits into from
+342 −2

Conversation

dasm-tmlt
Copy link

Poetry allows dependencies to be installed from private package indexes (https://python-poetry.org/docs/repositories/#private-repository-example). This PR passes the extra indexes and credentials from poetry to pip so that they can be properly installed in nox.

Includes new and updated unit tests, and an integration test for private sources.

@dasm-tmlt
Make sure Poetry.export includes credentials.
a1c3a06
@dasm-tmlt
Change private repository package to avoid conflict with package 'bar…
a404909 
…' on pypi.
@dasm-tmlt
Fix change to thispackagedoesnotexist.
d02d162
@dasm-tmlt
Allow nox-poetry to install from private package indexes.
d9e341c 
Make sure we pass additional sources specified by poetry to
pip. Also add an end-to-end test to verify that we can
install from a private index that requires authentication.
@dasm-tmlt
Fix failing test.
a7e99eb
@dasm-tmlt
Copy link
Author

@cjolowicz Is this something you can review? Can you suggest another reviewer? The contributing guide was a little unclear on that point :)

@MicaelJarniac
Copy link

I believe this is related to #887.

This was referenced Jun 29, 2023
Open
Closed
@FFace32
Copy link

FFace32 commented Dec 11, 2023

Bumping this @cjolowicz

@cjolowicz
Copy link
Owner

Does this dump credentials in clear into the generated constraints file under .nox?

@FFace32
Copy link

FFace32 commented Dec 12, 2023

Does this dump credentials in clear into the generated constraints file under .nox?

Yup, this adds --extra-index-urls inside .nox/<session>/tmp/requirements.txt.

In case you believe that's not always wanted, I could make it so this PR's code is disabled by default and only ran under a certain argument passed to export

@dasm-tmlt
Copy link
Author

Does this dump credentials in clear into the generated constraints file under .nox?

Yup, this adds --extra-index-urls inside .nox/<session>/tmp/requirements.txt.

In case you believe that's not always wanted, I could make it so this PR's code is disabled by default and only ran under a certain argument passed to export

I'm also happy to make revisions. If we want to go down the route of making the behavior optional, we'd want to plumb the option all the way to the session decorator so users can trigger the new behavior. I can definitely see the argument for doing so.

@cjolowicz
Copy link
Owner

Sorry but dumping secrets in the generated requirements file is not a behavior I want to support, even as an option. Please export the secrets as an environment variable for pip instead.

@dasm-tmlt
Copy link
Author

Sorry but dumping secrets in the generated requirements file is not a behavior I want to support, even as an option. Please export the secrets as an environment variable for pip instead.

Ah, that does sound like a better approach, if a little less straightforward to implement. I'll make the changes.

@cjolowicz
Copy link
Owner

I don't think nox-poetry should handle credentials at all. You can export the secrets as environment variables in CI.

@dasm-tmlt
Copy link
Author

You can, but I find that suggestion unsatisfying. Setting environment variables is not the recommended approach for using private sources with poetry, so users who follow the poetry instructions are likely going to have a tough time. Additionally, there's no way to set environment variables that will be used by both poetry and nox - the two require different environment variable names with different formats (poetry wants you to set POETRY_HTTP_BASIC_<SOURCE>_USERNAME=<username> and POETRY_HTTP_BASIC_<SOURCE>_PASSWORD=<password>, while to get nox to work you have to set PIP_EXTRA_INDEX_URL=https://<username>:<password>@<source_url>).

To me, the great thing about nox-poetry is that it pretty much just works. Requiring the user to set specific environment variables seems to break that.

While I do understand your concerns about dumping credentials to a file, I don't really see the issue with automatically populating those environment variables inside the nox session?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dasm-tmlt @MicaelJarniac @FFace32 @cjolowicz