OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Manage dependencies in Poetry packages stored in private github repos

  • Thread starter Thread starter Fraccalo
  • Start date Start date
F

Fraccalo

Guest
I just started playing around with Poetry to see if it's a valuable tool for my workflows. I came across the following problem and couldn't find a satisfactory answer online (except from a few github issues from in the Poetry repo itself that make me think this problem doesn't really have a simple solution).

I have two packages built with Poetry, stored in two private github repos: package-a and package-b. package-a has only dependencies on public repos (installable with pip), while package-b has as dependency package-a.

As a first test, I added the dependency this way: package-a = {git = "https://github.com/private_repo/package-a.git", rev = "v1"} and it seems to work fine when I work locally: I can install package-b with pip in a brand new environment, and package-a gets installed correctly. This is probably because I have the github credentials set up on my development machine.

I now wonder if this is good practice in general, and how to deal with eventual deployments in Docker builds etc. I can see two approaches:

Pass to docker the github credentials, so that installing the packages with pip works as if I was working locally. (This might be a bit annoying as I authenticate with temporary access tokens, and having to create and update the access tokens periodically for CI/CD is a bit of an overhead). Clone the two repos package-a and package-b locally, copy them into the Docker container and build them as local files. For doing this however, I couldn't use the dependency in the form: package-a = {git = "https://github.com/private_repo/package-a.git", rev = "v1"} but I would have to change it to a local (maybe relative) path, that comes with its own drawbacks (for example, one needs to be careful with the folder structure). What are best practices for dealing with situations like this?
<p>I just started playing around with Poetry to see if it's a valuable tool for my workflows. I came across the following problem and couldn't find a satisfactory answer online (except from a few github issues from in the Poetry repo itself that make me think this problem doesn't really have a simple solution).</p>
<p>I have two packages built with Poetry, stored in two private github repos: <code>package-a</code> and <code>package-b</code>.
<code>package-a</code> has only dependencies on public repos (installable with pip), while <code>package-b</code> has as dependency <code>package-a</code>.</p>
<p>As a first test, I added the dependency this way:
package-a = {git = "https://github.com/private_repo/package-a.git", rev = "v1"}
and it seems to work fine when I work locally: I can install <code>package-b</code> with pip in a brand new environment, and <code>package-a</code> gets installed correctly. This is probably because I have the github credentials set up on my development machine.</p>
<p>I now wonder if this is good practice in general, and how to deal with eventual deployments in Docker builds etc. I can see two approaches:</p>
<p>Pass to docker the github credentials, so that installing the packages with pip works as if I was working locally. (This might be a bit annoying as I authenticate with temporary access tokens, and having to create and update the access tokens periodically for CI/CD is a bit of an overhead).
Clone the two repos <code>package-a</code> and <code>package-b</code> locally, copy them into the Docker container and build them as local files. For doing this however, I couldn't use the dependency in the form: package-a = {git = "https://github.com/private_repo/package-a.git", rev = "v1"} but I would have to change it to a local (maybe relative) path, that comes with its own drawbacks (for example, one needs to be careful with the folder structure).
What are best practices for dealing with situations like this?</p>
 
Top