--find-links (or similar) in PipEnv

[samupl]

In a project I'm working on, we've been using pip with setup.py for a while. Now we're considering moving to pipenv.

We have a couple of internal packages in a private git repository, and we distribute our software in a Docker Container. For security reasons, we did not want to pass credentials to this repository into the container - even during builds.

Previously we managed it like this:

• We had a dependency_links section in our setup.py file, where each private package got its repository URL listed
• We had a script that was run as a part of the built, that run pip download -d download --no-deps, which simply downloaded all those packages from our github repository into the download/ directory
• In the Dockerfile, we installed packages like this: pip install -e . --find-links download/

What this did, essentially, was that it first looked if our private packages were already downloaded into the download/ directory. If they were there (which should be the case, as our download script was run as part of the build process), pip did not try to download them again.

However, if the files were not present in the download/ directory, they were cloned and then installed - which was easier for local development to follow.

I'm looking for a similar solution for pipenv - a way to make pipenv first "look" into some cache directory and if packages are already downloaded there - don't reinstall them. Is it possible with pipenv?

[uranusjr]

IIRC dependency_links has long been deprecated by PyPA. It might not be removed from old tools because it is already there, but I imagine it would be extremely unlikely to be implemented in new tools (e.g. Pipenv). My suggestion is maybe you need to consider migrating away from this workflow altogether.

[techalchemy]

It’s technically deprecated although it still works for various reasons. You should use a local mirroring tool like bandersnatch and make your first source localhost:whatever

[samupl]

I think I am going to move to a local package mirror tool in the end. For now though I wonder if it's possible (more out of curiosity at this point) to make pipenv use a cache dir for packages defined as git repositories, instead of cloning the package each time.

[techalchemy]

@samupl It was possible, but pip itself even uses ephemeral wheels for this now (which is to say, pip literally builds a wheel anytime you install a VCS repository)

[uranusjr]

Closing since there is mot much we can do at this point anyway.