renovate
renovate copied to clipboard
renovatebot
feat(manager/pip-compile): Add support for non-default package repos to the pip-compile manager
Changes
Update the pip-compile manager to read any --index-url and --extra-index-url flags from the input file and use those to look up credentials in hostRules. The resulting URLs with authentication are passed to pip-compile as environment variables to ensure they don't end up in the lockfile's header comment.
Context
#26854
As discussed in #21838, the pip-compile manager cannot update dependencies in private repos unless you pass in PIP_EXTRA_INDEX_URL environment variables, which is not possible when using the GitHub app version of Renovate.
Some more discussion in https://github.com/renovatebot/renovate/discussions/24725#discussioncomment-8226384
Documentation (please check one with an [x])
- [x] I have updated the documentation, or
- [ ] No documentation update is required
How I've tested my work (please select one)
I have verified these changes via:
- [ ] Code inspection only, or
- [ ] Newly added/modified unit tests, or
- [ ] No unit tests but ran on a real repository, or
- [x] Both unit tests + ran on a real repository
This needs more discussion first. Please create a new discussion list for this particular topic. Changing the manager interface is not ideal
@rarkins I've had a bit more discussion in https://github.com/renovatebot/renovate/discussions/24725#discussioncomment-8226384 (sorry, I forgot to mention that thread in the initial PR description). I agree that this isn't quite ideal, but I can't think of any way to make this work that doesn't involve somehow pulling this list of URLs into the manager. The only other idea I have would be to look for all registryUrls matching the "pypi" datasource type. I'll look into that tomorrow.
Please start a separate discussion, feel free to link to the previous comments when you do so
:tada: This PR is included in version 37.185.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
