https://pantsbuild.org/ logo
#general
Title
# general
r

rapid-bird-79300

02/18/2022, 8:04 PM
Hey Team, curious how we can pass along the credentials with a custom wheel repo: https://www.pantsbuild.org/v2.7/docs/python-third-party-dependencies#custom-repositories We use aws code artifact and provide the credentials in our poetry configuration.
e

enough-analyst-54434

02/18/2022, 8:10 PM
The only way currently to securely pass credentials is to use the env var form of options; so
PANTS_PYTHON_REPOS_INDEXES=...
set up outside Pants by your infra.
Let me know if that makes vague sense. I can sharpen it if you need more pointers there.
FWIW, the security considerations there are standard ones surrounding env vars, and then after that we mix that env var along with all other inputs into a sha256 hash that gets saved to disk as a fingerprint for the associated Pex subprocess action. The actual contents of the env var aren't persisted anywhere.
r

rapid-bird-79300

02/18/2022, 10:13 PM
thank you @enough-analyst-54434 that did the trick!
there are some
pep-440
violations in packages which I think is breaking some installs. Is there a way to explicitly exclude those packages in the build (we're only running
pylint
for now)
e

enough-analyst-54434

02/18/2022, 10:17 PM
Excellent. It's a little unwieldy and maybe we'll come up with more direct, specialized means per backend / system, but this style has the advantage that it generalizes and will never go away. I can't imagine Pants ever dropping env var options support.
1
I missed the PEP-440 thing. If the broken packages are broken for all versions, no. There are no excludes ala Maven / JVM. If you want to exclude specific versions, yes. You'd want to add constraints use to the resolve with entries like:
Copy code
package1!=1.*,!=2.3.4
package2!=1.2.*
Ideally you'd supply these in a constraints file as a supplement to your direct requirements. This is possible with Pip and Pex but may or may not be possible depending on how you're using Pants.
1
4 Views