fetching python dependencies from a private repository (index) in Artifact Registry

[zaidshennar]

Describe the bug I'm trying to use a custom repository to load a fork of one of the dependencies following these instructions. I setup Google Artifact Registry as a python repository and I'm linking to it in pants.toml with indexes.add = ["https://us-central1-python.pkg.dev/{project}/{repo}/simple"]. The dependency was then added to the requirements.txt file.

When running pants generate-lockfiles, the repo is correctly added in the pip install step, but it seems like it cannot be found (or auth denied). Pants cannot find and download the packages from this private python repo.

Running pip install from my linux environment with the specified python repo works successfully.

Is there a way to get pants to read the keyrings.google-artifactregistry-auth and add it to its environment before downloading the dependencies? Or is there a way to attach permissions before loading dependencies from private repos?

Pants version 2.16.1

OS Linux

Additional info Add any other information about the problem here, such as attachments or links to gists, if relevant.

[benjyw]

You can plumb env vars through via https://www.pantsbuild.org/2.19/reference/subsystems/subprocess-environment

I assume there are relevant env vars, since pip must be able to consume the auth info somehow, and I assume that means env vars?

[riisi]

Came across this today. There's some discussion on Slack about trying to get keyring authentication working, but seems no success.

I was able to get it working with the oauth access token approach mentioned here.