bazelbuild
Support for keyring auth with py_wheel publish
🚀 feature request
Relevant Rules
py_wheel
Description
Publishing with py_wheel seems to only support username/password auth. It would be great to support keyring auth methods as well to better support private registries.
For example, https://cloud.google.com/artifact-registry/docs/python/authentication#keyring-setup describes how to set up keyring for Artifact Registry. This already appears to have been address for pulling from private registries in https://github.com/bazelbuild/rules_python/issues/1578.
Describe the solution you'd like
I'm not very familiar with how wheel publishing works, but I would hope that it would be able to use the same mechanism that is now used for pip.parse
Describe alternatives you've considered
Username and password auth is possible as a workaround, but it goes against most security best practices and is more difficult to integrate in CI.
The pushing is done via a simple bazel run invocation whereas pip.parse is downloading everything using repository_ctx.download which cannot share code.
However, you can supply a twine binary with keyring support via an arg to py_wheel: https://rules-python.readthedocs.io/en/latest/api/python/packaging.html#py_wheel.twine_binary
You would have to use py_console_script_binary with extra deps entries to construct that.
This issue was automatically closed because it went 30 days without a reply since it was labeled "Can Close?"
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}