I am defining a python project using a pyproject.toml file. No setup.py, no setup.cfg.
The project has dependencies on an alternate repository: https://artifactory.mypypy.com, how do I specify it ?
-
In short, you can't. You need to document it so that users of your project know where to find the dependencies and how to install them. That is the way it is, there is nothing wrong with that.– sinorocCommented Sep 10, 2022 at 10:48
Add a comment
|
2 Answers
The dependency is independent on where it is hosted, the dependency is on the package not the repository.
The correct way to remediate the problem is to change your pip configuration to look in multiple repositories using the extra-index-url setting. This can be done either in your pip.conf or by specifying --extra-index-url on the pip command line.
You put this in pyproject.toml:
[[tool.poetry.source]]
name = "internal-repo-2"
url = "https://<private-repo-2>"
priority = "explicit"
There are alternative for priority but they come with a security risk: an attacker who learns the name of your internal package can push a package of the same name to PyPI, and it will then become part of your executable.
