search

astral-sh / uv

An extremely fast Python package and project manager, written in Rust.
https://docs.astral.sh/uv
Apache License 2.0
25.37k stars 738 forks source link

Unable to authenticate with Azure artifact feed in github actions #8840

Open maarten-betman opened 22 hours ago

maarten-betman commented 22 hours ago

Dear Astral team,

First of all thanks for the awesome tools you guys make šŸ˜„

I'm having issue getting authenticated with a private Azure Artifacts feed in GitHub Actions.

In local development we use artifacts keyring as explained in the uv docs. See below snip of pyproject.toml which successfully installs the internal dependency.

[project]
requires-python = ">=3.9"
name = "geo-tools"
version = "0.1.2"
description = "Geotechnical Tools"
readme = "README.md"
dependencies = [
    "pandas<=2.1,>=1.4.3",
    "internal-package>=0.3.0",
]

[tool.uv]
extra-index-url = ["https://VssSessionToken@<org-name>.pkgs.visualstudio.com/<project>/_packaging/<feed>/pypi/simple/"]
keyring-provider = "subprocess"

However when running the tests in github actions I get a 401 Unauthorized error from my organizational feed. I've now set UV_EXTRA_INDEX_URL including a PAT token, but no success unfortunately. See below snip from the github actions file Used several flags after the uv sync command: --no-cache --index-strategy unsafe-first-match and unsafe-best-match

name: Test package on PR

on:
  pull_request:
    branches:
      - dev
      - main

jobs:
  test:
    runs-on: ubuntu-latest
    env:
      UV_CACHE_DIR: ${{ github.workspace }}/.uv-cache
      RUST_LOG: uv=trace
      UV_EXTRA_INDEX_URL: "https://token:${{ secrets.AZURE_DEVOPS_PAT }}@<org>.pkgs.visualstudio.com/<project>/_packaging/<feed>/pypi/simple/"
    strategy:
      fail-fast: false
      matrix:
        python-version: ["3.9", "3.10", "3.11" ]

    steps:
      - uses: actions/checkout@v4

      - name: Install uv
        uses: astral-sh/setup-uv@v3
        with:
          enable-cache: true

      - name: Setup python
        run: uv python install ${{ matrix.python-version }}

      - name: Install dependencies
        run: uv sync --keyring-provider disabled

RUST_LOG uv=trace: github-actions-log.log

understand it's hard to debug given you don't have access to the feed, but hope the log clarifies a bit where things are going wrong for me šŸ¤žšŸ»

zanieb commented 21 hours ago

Does the username need to be VssSessionToken instead of token?

Have you considered switching to our new index settings and using UV_INDEX_<NAME>_PASSWORD instead?

maarten-betman commented 21 hours ago

Haven't tried the new index settings yet, will try tomorrow. VssSessionToken should be present in the url when using the artifacts-keyring auth provider. This auth mechanism can't be used in github actions as far as I'm aware.