dry run 時依然會 request public repo

[lucemia]

🌍 --> GET https://pypi.org/pypi/genv-core/json 🌍 <-- 404 https://pypi.org/pypi/genv-core/json

[lucemia]

some issues, poetry will support multi source in some condition

[tool.poetry]
name = "PythonProjects"
version = "2.0.0"
homepage = "https://github.com/roghu/py3_projects"
license = "MIT"
readme = "README.md"
authors = ["Dependabot <support@dependabot.com>"]
description = "Various small python projects."

[tool.poetry.dependencies]
python = "^3.7"
requests = { version = "2.18.0", source = "custom" }

[tool.poetry.group.test]
optional = true

[tool.poetry.group.test.dependencies]
requests = { version = "2.18.0", source = "custom-1", extras=["tmp"] }

[[tool.poetry.source]]
name = "custom"
url = "https://some.internal.registry.com/pypi/"

[[tool.poetry.source]]
name = "custom-1"
url = "https://some.internal.registry.com/pypi-1/"

(pythonprojects-py3.11) ➜  dependabot-source-constraint git:(main) ✗ poetry install -vvv
Adding repository custom (https://some.internal.registry.com/pypi) and setting it as primary
Adding repository custom-1 (https://some.internal.registry.com/pypi-1) and setting it as primary
Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom primary source is configured. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.
Using virtualenv: /Users/davidchen/repo/dependabot-source-constraint/.venv
Updating dependencies
Resolving dependencies...
   1: fact: pythonprojects is 2.0.0
   1: derived: pythonprojects
   1: fact: pythonprojects depends on requests (2.18.0)
   1: fact: pythonprojects depends on requests (2.18.0)
   1: selecting pythonprojects (2.0.0)
   1: derived: requests[tmp] (==2.18.0)
   1: derived: requests (==2.18.0)
Multiple source configurations found for some.internal.registry.com - custom, custom-1
[keyring.backend] Loading KWallet
[keyring.backend] Loading SecretService
[keyring.backend] Loading Windows
[keyring.backend] Loading chainer
[keyring.backend] Loading libsecret
[keyring.backend] Loading macOS
[keyring.backend] Loading Google Auth
Creating new session for some.internal.registry.com
Multiple source configurations found for some.internal.registry.com - custom, custom-1
[urllib3.connectionpool] Starting new HTTPS connection (1): some.internal.registry.com:443
Retrying HTTP request in 0.5 seconds.
[urllib3.connectionpool] Starting new HTTPS connection (2): some.internal.registry.com:443
Retrying HTTP request in 1.0 seconds.
[urllib3.connectionpool] Starting new HTTPS connection (3): some.internal.registry.com:443
Retrying HTTP request in 1.5 seconds.
[urllib3.connectionpool] Starting new HTTPS connection (4): some.internal.registry.com:443
Retrying HTTP request in 2.0 seconds.
[urllib3.connectionpool] Starting new HTTPS connection (5): some.internal.registry.com:443
Retrying HTTP request in 2.5 seconds.
[urllib3.connectionpool] Starting new HTTPS connection (6): some.internal.registry.com:443
   1: Version solving took 9.601 seconds.
   1: Tried 1 solutions.

如果沒有指定 main, 這裡會 fallback to PYPI_BASE_URL

def main_index_url
          url =
            config_variable_index_urls[:main] ||
            pipfile_index_urls[:main] ||
            requirement_file_index_urls[:main] ||
            pip_conf_index_urls[:main] ||
            pyproject_index_urls[:main] ||
            PYPI_BASE_URL

          return unless url