I’m having trouble getting more than one GitLab-hosted private pip package installed during docker building.
In one project where I only install one package, I have my .pypirc
:
[gitlab]
repository = https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi
username = __token__
password = <my personal access token>
… and my Dockerfile:
RUN apt-get update && apt-get install -y \
python3.10 \
python3-pip
COPY requirements.txt .
RUN pip install package_name --index-url https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi/simple
RUN pip install -r requirements.txt
COPY . .
This works absolutely fine. It gets weird when I try to do two or more packages.
Should my .pypirc have multiple [gitlab]
headings? Make them different somehow? I have tried both of the following configurations:
[gitlab]
repository = https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi
username = __token__
password = <my personal access token>
[gitlab1]
repository = https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi # different URL of course
username = __token__
password = <my personal access token>
[distutils]
index-servers =
package_name_1
package_name_2
[package_name_1]
repository = https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi
username = __token__
password = <my personal access token>
[package_name_2]
repository = https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi
username = __token__
password = <my personal access token>
… and my Dockerfile:
FROM python:3.10-bookworm as install
WORKDIR /app
RUN apt-get update && apt-get install -y \
python3.10 \
python3-pip
COPY requirements.txt .
RUN pip install package_name_1 --index-url https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi/simple
RUN pip install package_name_2 --index-url https://gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi/simple
RUN pip install --use-pep517 -r requirements.txt
COPY . .
Building my container using the above Dockerfile and .pypirc then prompts me to provide username and password (personal access token) when attempting to pip install the second package in the command line.
This isn’t great, because I’d like to be able to add this process to CI/CD eventually, and manual inputs during a build process isn’t conductive to that.
Putting both packages in the same pip install command (something akin to pip install package_name_1 --index-url url package_name_2 --index_url url
) it encounters errors due to wanting to get user input from command line:
File "/usr/local/lib/python3.10/site-packages/pip/_internal/utils/misc.py", line 205, in ask_input
return input(message)
EOFError: EOF when reading a line
User for gitlab.com: WARNING: There was an error checking the latest version of pip.
How do I configure things so that providing credentials is unnecessary?
EDIT: I have noticed that on the package registry pages for each repo, they visually have different access settings:
In package 1’s registry (the behaving package), under the copyable box for the pip install command under the heading Pip Command
, there is no other text before Registry setup
.
However, in package 2’s registry (the misbehaving package), under the copyable box for the pip install command under the heading Pip Command
, there is the following line:
You will need a personal access token.
and in the copyable box for the pip install command, it specifies needing to fill in username and token:
pip install package_name_2 --index-url https://__token__:<your_personal_token>@gitlab.com/api/v4/projects/XXXXXXXXXX/packages/pypi/simple
I must now assume that this is the root cause of the issues I’m facing. How do I make package 2 behave the same way as package 1 - that is, not requiring token info in the index url/not needing authentication in command line?