Allow users to override default PyPI index URLs with PyPI mirror URLs #2281
Conversation
|
WIP - Still need to write the test cases and update the docs, but figured I'd start the PR to encourage review. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
7475070
to
eb55b19
Compare
| nargs=1, | ||
| callback=validate_pypi_mirror, | ||
| help="Specify a PyPI mirror.", | ||
| ) |
There was a problem hiding this comment.
Is the option needed here? I’d be more inclined to put it only on install, lock, update, and sync. I don’t quite see the need of passing this for project initialisation.
There was a problem hiding this comment.
It looks like this one is indeed for the install operation.
|
The implementation looks reasonable with a brief read (I didn’t actually run it, and yes tests are needed). I’m not sure if the flag is needed for bare |
|
I've been working on adding tests for install, but I'm running into an issue testing the --pypi-mirror parameter. It looks like the test suite overrides the default sources to use a locally-run web server, but I've written a test to ensure setting --pypi-mirror doesn't modify the Pipfile's sources. I haven't been able to narrow down where this is occurring, or how to prevent it, however, so the test fails when it reads a source url "http://localhost...". Also, right now this just covers install. I hope to test and address all functionality currently dependent on the two primary PyPI urls before proceeding. |
|
Thanks for the PR! The test fixtures and the project.py itself are both configured to use an enviroment variable to configure the test source to always use a local pypi cache for testing. Your test just needs to verify that the real url, when you place it in the sources somewhere, gets overridden during the install process. So you can write a Pipfile with an extra source to actual pypi and use |
|
@techalchemy Thanks, I'll take a look at that. |
|
@techalchemy If I go that route, where would you suggest I store that Pipfile? For the local pypi cache, I can't seem to see where it's set. During each test run, I see the server uses 127.0.0.1 with a random port, but I'm still looking (without much luck) for where this is set, or where PIPENV_TEST_INDEX is set by the test suite. |
|
@JacobNenner |
@pytest.mark.install
@flaky
def test_mirror_install(PipenvInstance, pypi):
with PipenvInstance(pypi=False) as p:
# This should sufficiently demonstrate the mirror functionality
# since pypi.org is the default.
c = p.pipenv('install requests --pypi-mirror https://pypi.python.org/simple')
assert c.return_code == 0
# Ensure the --pypi-mirror parameter hasn't altered the Pipfile or Pipfile.lock sources
assert len(p.pipfile['source']) == 1
assert len(p.lockfile["_meta"]["sources"]) == 1
assert 'https://pypi.org/simple' == p.pipfile['source'][0]['url']
assert 'https://pypi.org/simple' == p.lockfile['_meta']['sources'][0]['url']
assert 'requests' in p.pipfile['packages']
assert 'requests' in p.lockfile['default']
assert 'chardet' in p.lockfile['default']
assert 'idna' in p.lockfile['default']
assert 'urllib3' in p.lockfile['default']
assert 'certifi' in p.lockfile['default']still returns |
|
Hey thanks for all your work on this front, so here's what you actually need to do to get your tests to work (almost there!)-- not sure you need to pass @pytest.mark.install
@flaky
def test_mirror_install(PipenvInstance):
with PipenvInstance(chdir=True) as p:
with open(p.pipfile_path, 'w') as f:
f.write("""
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
""".strip())
# This should sufficiently demonstrate the mirror functionality
# since pypi.org is the default.
c = p.pipenv('install requests --pypi-mirror https://pypi.python.org/simple')
assert c.return_code == 0
# Ensure the --pypi-mirror parameter hasn't altered the Pipfile or Pipfile.lock sources
assert len(p.pipfile['source']) == 1
assert len(p.lockfile["_meta"]["sources"]) == 1
assert 'https://pypi.org/simple' == p.pipfile['source'][0]['url']
assert 'https://pypi.org/simple' == p.lockfile['_meta']['sources'][0]['url']
assert 'requests' in p.pipfile['packages']
assert 'requests' in p.lockfile['default']
assert 'chardet' in p.lockfile['default']
assert 'idna' in p.lockfile['default']
assert 'urllib3' in p.lockfile['default']
assert 'certifi' in p.lockfile['default']And FYI, I grabbed a copy of your branch and ran this test on it and it passes, so nice work! :) |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
2 times, most recently
from
7b63a5e
to
299baa7
Compare
|
Thanks @techalchemy. I've gone ahead and added that. I'm now going to work on the other functions which depend on connectivity to PyPI, such as updates. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
e92f856
to
f3d00fb
Compare
|
This is almost finished, I have two things left to address:
Hopefully I'll have time to work on this tomorrow. If not, I'll try to get to it by Wednesday. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
606d6b0
to
787a466
Compare
|
Maybe you can use the actual PyPI, and override it with the local (mocked) PyPI as mirror? I guess you could peek into the logs or peek into it directly to see if it gets used as expected. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
787a466
to
9154f88
Compare
|
Looks like all that's left are the additional tests. Thanks for the suggestions @uranusjr and @techalchemy, I'll investigate them soon (hopefully tomorrow). |
|
That's roughly what i've been attempting to suggest on IRC, but it might not be clear :p |
|
Looks like that worked. def test_mirror_install(PipenvInstance, pypi):
with temp_environ(), PipenvInstance(chdir=True) as p:
mirror_url = os.environ['PIPENV_TEST_INDEX']
del os.environ['PIPENV_TEST_INDEX']
# This should sufficiently demonstrate the mirror functionality
# since pypi.org is the default when PIPENV_TEST_INDEX is unset.
c = p.pipenv('install requests --pypi-mirror {0}'.format(mirror_url))
assert c.return_code == 0
# Ensure the --pypi-mirror parameter hasn't altered the Pipfile or Pipfile.lock sources
assert len(p.pipfile['source']) == 1
assert len(p.lockfile["_meta"]["sources"]) == 1
assert 'https://pypi.org/simple' == p.pipfile['source'][0]['url']
assert 'https://pypi.org/simple' == p.lockfile['_meta']['sources'][0]['url']
assert 'requests' in p.pipfile['packages']
assert 'requests' in p.lockfile['default']
assert 'chardet' in p.lockfile['default']
assert 'idna' in p.lockfile['default']
assert 'urllib3' in p.lockfile['default']
assert 'certifi' in p.lockfile['default']I'll go ahead and use this pattern for the rest of my tests. So far, I intend to add tests for:
This should cover all of the functions that now have the extra pypi_mirror parameter. Not sure if I'll get to this today. If not, I'll have a look tomorrow. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
9154f88
to
3eabbbe
Compare
JacobHenner
changed the title
|
I've written tests that should cover installs, uninstalls, locks, and syncs using the --pypi-mirror parameter. Please let me know if you think there are additional tests I should add. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
3eabbbe
to
69b3e43
Compare
|
@uranusjr @techalchemy I performed additional manual tests in a restrictive environment, with no access to PyPI. All tested operations worked as expected. Looks like this one is ready for review, unless there are additional integration tests you'd like me to include. |
pipenv/utils.py
Outdated
| @@ -277,6 +277,7 @@ class PipCommand(basecommand.Command): | |||
| pypi = PyPIRepository( | |||
| pip_options=pip_options, use_json=True, session=session | |||
| ) | |||
| print(pip_options) | |||
There was a problem hiding this comment.
Yep, missed in my pre-commit diff grep. Removed.
pipenv/utils.py
Outdated
| @@ -442,6 +445,7 @@ def resolve_deps( | |||
| collected_hashes = [] | |||
| if any('python.org' in source['url'] or 'pypi.org' in source['url'] | |||
| for source in sources): | |||
| #FIXME Add support for mirrors. | |||
There was a problem hiding this comment.
Nope, this was a note-to-self that was missed in my pre-commit diff grep. Removed.
There was a problem hiding this comment.
That being said, it looks like something might have been missed with venv_resolve_deps, I'll take a look now.
There was a problem hiding this comment.
Fixed the missing bit, will push shortly.
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
2 times, most recently
from
ba6ad56
to
625d739
Compare
|
Removed some accidentally included debugging artifacts, added pypi_mirror support to venv_resolve_deps in get_vcs_deps. Should be good to continue review. |
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
625d739
to
18f8a69
Compare
|
One note: starting from scratch, I had expected the first Is there a more ergonomic way to support the use case of initializing a project to use a mirror for all the packages? Or configuring an existing project to use a mirror from now on? I'd expect that this is more common than selectively installing some packages from PyPI and some from a mirror. |
|
I think the behaviour is intended. The flag is used to override the index during lock and install, not replace it in the declaration. The “right” way to do what you want is to write the mirror into pypirc, or produce your own Pipfile by hand. This really goes back to #2188 IMO—we can’t have an |
|
Ah! Yes, I absolutely agree - a hypothetical |
|
Side note: I'm not sure how to do this with |
|
@brettdh Sorry, I meant pip.conf :p I believe (didn’t check) we do extract sources from it when initialising the project. |
|
Looks like there have been some conflicting changes. I'll rebase and iron
out the conflicts later today.
|
Adds support for the --pypi-mirror command line parameter and the
PIPENV_PYPI_MIRROR environment variable for most pipenv operations.
This permits pipenv to function without pypi.org, which is necessary for
users:
1. behind restrictive networks
2. facing strict artifact sourcing policies
3. experiencing poor performance connecting to pypi.org
4. who've configured a local cache for performance reasons
When specified, the value of this parameter replaces all instances of
pypi.org and pypi.python.org within pipenv operations without modifying
or requring the modification of Pipfiles.
- Resolves pypa#2075
JacobHenner
force-pushed
the
add_pypi_mirrors
branch
from
18f8a69
to
af91eb6
Compare
|
Rebased and (seemingly) ready to go. |
| @@ -1131,7 +1138,7 @@ def do_lock( | |||
| lockfile['default'][dep['name']]['markers'] = dep['markers'] | |||
| # Add refs for VCS installs. | |||
| # TODO: be smarter about this. | |||
| _vcs_deps, vcs_lockfiles = get_vcs_deps(project, pip_freeze, which=which, verbose=verbose, clear=clear, pre=pre, allow_global=system, dev=False) | |||
| _vcs_deps, vcs_lockfiles = get_vcs_deps(project, pip_freeze, which=which, verbose=verbose, clear=clear, pre=pre, allow_global=system, dev=False, pypi_mirror=pypi_mirror) | |||
There was a problem hiding this comment.
FYI I did realize how ugly and horrible this is, there is a minor refactor PR over in #2315 that will change this a bit
|
Merging, thanks for your hard work 🍰 |
In response to #2075, allow users to override the default PyPI indices (pypi.org, pypi.python.org) with a mirror specified via CLI parameter or environment variable.