search

pantsbuild / pants

The Pants Build System
https://www.pantsbuild.org
Apache License 2.0
3.21k stars 620 forks source link

python requirement from private package feed using injected PAT #20622

Closed jfelding closed 5 months ago

jfelding commented 5 months ago

In our setup, we have a package in our private package repository (on Azure), which we access with a Personal Access Token like so:

<AZURE_ACCESS_TOKEN>@site.pkgs.visualstudio.com/.../pypi/simple/

However, the PAT is... personal, so we all have a unique one, and we put AZURE_ACCESS_TOKEN=<token> in a .env file that is of course not committed to git.

Now, how do we use this scheme to get our package with pants? It seems we require either:

By dynamic, I mean that the token is loaded from .env at runtime and not set statically in another file that would be comitted to git.

We have tried many things but have not succeeded to do this in a way so that we can continue using the standard pants run ... CLI.

This issue is related to, but different from: https://github.com/pantsbuild/pants/issues/8971 in that we require loading the PAT from the .env file.

Our workaround In toml we set:

[python-repos]
indexes.add = ["https://feedname:%(env.AZURE_ACCESS_TOKEN)s@site.pkgs.visualstudio.com/.../pypi/simple/"]

but this requires each user to manually export the environment variable instead of just using the .env file.

kaos commented 5 months ago

If you have the .env file in the root of your project, that will be loaded by scie-pants when running Pants so no need to manually export it as an environment variable.

If it is elsewhere (such in a users home dir), you could manually source it into the pants process using a .pants.bootstrap file in the project root instead:

# .pants.bootstrap
# Source users .env file
source ~/.env
jfelding commented 5 months ago

Thanks for you help, @kaos! I had not been able to find any documentation that .env is loaded like that. I can see that placing .env indeed does the trick! However, as it is a monorepo, I have a .env in its own project directory located in src/core/.env relative to the root. In .pants.bootstrap, specifying source src/core/.env does not work for me, as I still get the error:

12:24:03.73 [ERROR] 'types.SimpleNamespace' object has no attribute 'AZURE_ACCESS_TOKEN'

Note that !.env is in my pants ignore, which I guess could otherwise cause issues. Using ~ in .pants.bootstrap would not work for us, as our developers place their repositories in different directories relative to their home folders. I'd like the .env to be placed inside the monorepo, not in the root and its location to be specified with a relative path. Is that possible?

Otherwise, I will reluctantly use .env in the root as would be standard in non-mono-repositories.

kaos commented 5 months ago

In .pants.bootstrap, specifying source src/core/.env does not work for me, as I still get the error:

Ah, does it work with?:

source src/core/.env
export AZURE_ACCESS_TOKEN
jfelding commented 5 months ago

It works! Thanks!