Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for keyring auth with py_wheel publish #1947

Closed
ssmall opened this issue Jun 10, 2024 · 2 comments
Closed

Support for keyring auth with py_wheel publish #1947

ssmall opened this issue Jun 10, 2024 · 2 comments
Labels
Can Close? Will close in 30 days if there is no new activity

Comments

@ssmall
Copy link

ssmall commented Jun 10, 2024

🚀 feature request

Relevant Rules

py_wheel

Description

Publishing with py_wheel seems to only support username/password auth. It would be great to support keyring auth methods as well to better support private registries.

For example, https://cloud.google.com/artifact-registry/docs/python/authentication#keyring-setup describes how to set up keyring for Artifact Registry. This already appears to have been address for pulling from private registries in #1578.

Describe the solution you'd like

I'm not very familiar with how wheel publishing works, but I would hope that it would be able to use the same mechanism that is now used for pip.parse

Describe alternatives you've considered

Username and password auth is possible as a workaround, but it goes against most security best practices and is more difficult to integrate in CI.

@aignas
Copy link
Collaborator

aignas commented Jun 11, 2024

The pushing is done via a simple bazel run invocation whereas pip.parse is downloading everything using repository_ctx.download which cannot share code.

However, you can supply a twine binary with keyring support via an arg to py_wheel: https://rules-python.readthedocs.io/en/latest/api/python/packaging.html#py_wheel.twine_binary

You would have to use py_console_script_binary with extra deps entries to construct that.

@aignas aignas added the Can Close? Will close in 30 days if there is no new activity label Jun 11, 2024
Copy link

This issue was automatically closed because it went 30 days without a reply since it was labeled "Can Close?"

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Can Close? Will close in 30 days if there is no new activity
Projects
None yet
Development

No branches or pull requests

2 participants