-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support artifacts-keyring integration to install pip packages from azure artifacts #1857
Comments
Hi @olivier-lacroix, thanks for the quick reply. Missed to mention that already tried with the keyring method from Pixi, but that's not enough for Azure Artifacts, they rely on artifacts-keyring for managing credentials. For example, in poetry you can do poetry self add artifacts-keyring, for Pixi there's an example on how to inject Google auth method, but nothing related to Azure. I found a discussion in the Pixi discord about this topic but there's no clear solution for a production environment |
You need to indeed install that azure specific package instead of the GCP specific one mentioned in the doc (keyrings.google-artifactregistry-auth) |
There have been people that have used this successfully with keyring in the past I think. One of the weird things is that you need |
Also it seems that OP of this issue had it working: #1853, would be great if we can somehow get the correct way of working documented :) Also see this for reference: https://docs.astral.sh/uv/guides/integration/alternative-indexes/#azure-artifacts I think I would also be okay with evaluating env variables in the |
I have spent quite some time on this for my team and have found out quite a few details necessary to make everything work smoothly. I just came back from vacation and will make a PR documenting this shortly. In the meantime, here are a few things that may help:
Hope this helps! |
We are in the process of transitioning our entire project from development in Databricks to local development environments using Inspired by this PR in the original artifacts-keyring repository, which proposed a plain Python implementation, and noting that this PR has been open since February 2023 without being merged, we decided to create our own artifacts keyring backend plugin and to open-source it. Our implementation leverages azure-identity. Given the topic of this issue and the discussion, we wanted to share our solution here. Please note that this package is in an early development phase. While it is already functional and has been tested, it may still contain bugs or other issues. As a result, it has not been published on the main PyPi channel yet, but is available on the test channel. For those interested, the package can be found here: keyrings.artifacts, Github We welcome any feedback and encourage you to report any issues or bugs you encounter. @tdejager This package is managed using |
This is absolutely amazing! Thank you for this, I'll add it both to the community projects (you can make the PR is you want yourself). Will also update the documentation on Monday to link to the project. Very cool! |
From my side I was able to make it work but discovered an issue while setting Steps for reproducing and workaround: pixi global install artifacts-keyring>=0.3.6
ln -s ~/.pixi/envs/artifacts-keyring/bin/keyring ~/.pixi/bin/
pixi init auth-test
cd auth-test
pixi install --pypi-keyring-provider subprocess -vvv
# Create config file with keyring-provider config
echo "[pypi-config]
keyring-provider = \"subprocess\"">.pixi/config.toml
# Add private feed to project definition
# The `<user>@` section is required, it does not work if removed
echo "
[pypi-options]
index-url = \"https://VssSessionToken@pkgs.dev.azure.com/<org-name>/_packaging/<feed-name>/pypi/simple/\"">>pixi.toml
# `pixi add --pypi` does not work if python is not explicitly added to the project
pixi add python
# Then it finally works
pixi add --pypi <private-package> |
@tdejager having support for reading |
Problem description
Currently, Pixi does not support automated installation of packages from Azure private feeds. For our project to switch to Pixi, this feature is essential. The only workaround we've found involves hard-coding the PAT (Personal Access Token) in the index_url within the pixi.toml file, which is not a sustainable solution.
Azure feed authentication relies on keyring and artifacts-keyring. My understanding is that Pixi uses UV to manage pip installations, and UV appears to support some integration with Azure Artifacts as outlined in their documentation. However, configuring the UV_INDEX_URL environment variable does not work in Pixi.
Given that there are ongoing efforts to integrate UV with Pixi and support private feeds, I would like to request specific support for Azure Artifacts
The text was updated successfully, but these errors were encountered: