pip-compile: Need a way to apply private package registry credentials when compiling setup.py #28960
Replies: 2 comments 3 replies
-
I created #28961 to allow the first option |
Beta Was this translation helpful? Give feedback.
-
I'm also hitting this issue - and I'm not using setup.py files at all, I'm using requirements.in files. We want to be able to update our dependencies locally, in addition to using renovate. Our local update script wraps pip-compile and injects a Problem is I can't go and add As far as I can tell though, renovate should support setting the index URL via the config without putting it in the lockfiles; the config to do so should be something like: {
"packageRules": [
{
"matchDatasources": [
"pypi"
],
"registryUrls": [
"https://devpi.example.com/root/dev/+simple/"
]
}
],
"hostRules": [
{
"matchHost": "devpi.example.com",
"username": "renovate",
"encrypted": {
"password": "<omitted>"
}
}
]
} This doesn't actually work unfortunately. I've been hunting through the code and it seems like the pip-compile manager doesn't reference the |
Beta Was this translation helpful? Give feedback.
-
Tell us more.
The pip-compile manager currently looks up credentials for any hosts it finds in
--index-url
or--extra-index-url
flags in its 'requirements.in' in the configuredhostRules
and passes them topip-compile
when it re-compiles the lock file. That works fine for 'requirements.in' type files, but pip-compile also supports generating lock files from 'setup.py' files. Those don't support embedding any sort of index URL flags, and so we need a different way to specify which credentials to use.Since pip-compile supports compiling multiple input files to one lock file, one approach would be to create a 'requirements.in' file with just the required
--extra-index-url
flags and no packages. This currently doesn't work since the pip_requirements manager'sextractPackageFile
returnsnull
if it finds no dependencies in the file, but it would a fairly simple change to make.Another approach would be to take the approach that some other managers like poetry or bundler take and pass credentials for all hosts with a matching
hostType
. Those could be combined with hosts extracted from any 'requirements.in' files.Beta Was this translation helpful? Give feedback.
All reactions