nox-poetry
nox-poetry copied to clipboard
cjolowicz
Allow installing packages from private indexes
Poetry allows dependencies to be installed from private package indexes (https://python-poetry.org/docs/repositories/#private-repository-example). This PR passes the extra indexes and credentials from poetry to pip so that they can be properly installed in nox.
Includes new and updated unit tests, and an integration test for private sources.
@cjolowicz Is this something you can review? Can you suggest another reviewer? The contributing guide was a little unclear on that point :)
Does this dump credentials in clear into the generated constraints file under .nox?
Does this dump credentials in clear into the generated constraints file under .nox?
Yup, this adds --extra-index-urls inside .nox/<session>/tmp/requirements.txt.
In case you believe that's not always wanted, I could make it so this PR's code is disabled by default and only ran under a certain argument passed to export
Does this dump credentials in clear into the generated constraints file under .nox?
Yup, this adds
--extra-index-urls inside.nox/<session>/tmp/requirements.txt.In case you believe that's not always wanted, I could make it so this PR's code is disabled by default and only ran under a certain argument passed to
export
I'm also happy to make revisions. If we want to go down the route of making the behavior optional, we'd want to plumb the option all the way to the session decorator so users can trigger the new behavior. I can definitely see the argument for doing so.
Sorry but dumping secrets in the generated requirements file is not a behavior I want to support, even as an option. Please export the secrets as an environment variable for pip instead.
Sorry but dumping secrets in the generated requirements file is not a behavior I want to support, even as an option. Please export the secrets as an environment variable for pip instead.
Ah, that does sound like a better approach, if a little less straightforward to implement. I'll make the changes.
I don't think nox-poetry should handle credentials at all. You can export the secrets as environment variables in CI.
You can, but I find that suggestion unsatisfying. Setting environment variables is not the recommended approach for using private sources with poetry, so users who follow the poetry instructions are likely going to have a tough time. Additionally, there's no way to set environment variables that will be used by both poetry and nox - the two require different environment variable names with different formats (poetry wants you to set POETRY_HTTP_BASIC_<SOURCE>_USERNAME=<username> and POETRY_HTTP_BASIC_<SOURCE>_PASSWORD=<password>, while to get nox to work you have to set PIP_EXTRA_INDEX_URL=https://<username>:<password>@<source_url>).
To me, the great thing about nox-poetry is that it pretty much just works. Requiring the user to set specific environment variables seems to break that.
While I do understand your concerns about dumping credentials to a file, I don't really see the issue with automatically populating those environment variables inside the nox session?