search

python-poetry / poetry

Python packaging and dependency management made easy
https://python-poetry.org
MIT License
31.8k stars 2.28k forks source link

poetry.core.masonry.api doesn't use private-repo auth tokens from env variables for development dependencies #4215

Closed jclerman closed 2 years ago

jclerman commented 3 years ago

Issue

I am building/testing my project using CircleCI, but to the best of my knowledge, the problem isn't specific to CircleCI.

My pyproject.toml file includes (I've replaced the name of my organization with "xyz" for privacy):

[tool.poetry.dev-dependencies]
xyz-stuff = {version = "^0.4.0", source = "xyz"}

[[tool.poetry.source]]
name = "xyz"
url = "https://repo.shared.xyz.com/repository/pypi-xyz/simple"

[build-system]
requires = ["poetry-core>=1.0.3"]
build-backend = "poetry.core.masonry.api"

I also have a tox.ini file which includes:

[tox]
envlist = lint,py37
isolated_build = True

In my CircleCI environment, I have the proper variables set to provide authentication information (username/password) for a private github repository. That is, values are set for variables like ("XYZ" replaces private info here):

POETRY_HTTP_BASIC_XYZ_USERNAME POETRY_HTTP_BASIC_XYZ_PASSWORD

My CircleCI config.yml file includes:

version: 2.1

jobs:
  build:
    docker:
      - image: 'cimg/python:3.7.10'
    steps:
      - checkout
      - run: sudo apt update
      - run: sudo apt install default-jre
      - run: pip install poetry
      - run: poetry install
      - run: pip install tox
      - run:
          name: tox testing
          command: |
            mkdir test-results
            tox -p 3 -- --junitxml=test-results/junit.xml

Everything (including the poetry install step!) succeeds up until the final "tox testing" step, which fails with:

  RepositoryError

  401 Client Error: Unauthorized for url: https://repo.shared.xyz.com/repository/pypi-sirona/simple/xyz-stuff/

  at ~/.pyenv/versions/3.7.10/lib/python3.7/site-packages/poetry/repositories/legacy_repository.py:393 in _get
      389│             if response.status_code == 404:
      390│                 return
      391│             response.raise_for_status()
      392│         except requests.HTTPError as e:
    → 393│             raise RepositoryError(e)
      394│ 
      395│         if response.status_code in (401, 403):
      396│             self._log(
      397│                 "Authorization error accessing {url}".format(url=response.url),

ERROR: InvocationError for command /home/********/.pyenv/versions/3.7.10/bin/poetry install -v (exited with code 1)

The problem goes away if I do EITHER of these:

As far as I understand, that poetry config http-basic... step should not be necessary, since it's using the same environment variables that poetry is supposed to be able to use directly.

dimbleby commented 2 years ago

dunno what's going on here but it's certainly some sort of misunderstanding, auth for dev dependencies is in no way different than auth for non-dev dependencies.

Also I know this sort of setup definitely works from personal experience

Perhaps the environment variables weren't making it through to tox at all, but this didn't affect other dependencies because they were being pulled from pypi without the reporter realising it? Just a guess, it's hard to say.

Absent some sort of repro, and after all this time, this probably wants closing out

jclerman commented 2 years ago

Yes, it's been quite a while since I opened this and I haven't run into the issue in a long time. At the time, it seemed clearly reproducible, but whatever the cause was, it seems to have been fixed in the interim.

OK with me to close this.

github-actions[bot] commented 8 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.