-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PyPi Simple endpoint end slash handling #8817
Comments
The PEP says:
While Artifactory clearly behaves incorrectly here by redirecting an HTTPS to HTTP, I think renovate would be safe to append / ensure |
This issue has been labeled with This label will be replaced with If it's not clear what is missing to move this issue forward, ask for clarification in a new comment. If you think we already have what we need to move forward, mention this in a new comment. |
I think this can be easily fixed by renovate/lib/datasource/pypi/index.ts Line 251 in 94be71c
|
Where is the URL coming from? e.g. Renovate config, requirements.txt, etc? Is it the plain registry url that's getting a 302, or one which we construct with dependency name too? |
Url is constructed here: renovate/lib/datasource/pypi/index.ts Lines 178 to 180 in 94be71c
so |
Just one thing to keep in mind also is that some proxies don't handle double/multiple slashes very well (mostly Apache I think, resulting in 404), so it should only append if needed. I know python-gitlab is doing the opposite (stripping trailing slashes from base urls) for this reason (python-gitlab/python-gitlab#1027). |
That's why we have a util function for it 😉 Lines 3 to 5 in d8df51f
|
What Renovate type, platform and version are you using?
Self-hosted latest
Describe the bug
At the moment I'm not sure if this is an actual bug, but wanted to open a discussion about it.
While combining renovate self-hosted with JFrog's artifactory and the PyPi Simple index, renovate is not being able to find dependencies on Artifactory due to handling of the end slash in the index endpoint.
The issue happens in combination with https://www.jfrog.com/jira/browse/RTFACT-14235, which basically is a problem on Artifactory redirecting HTTPS to HTTP (yeah 😒). So for instance:
While this looks to me an artifactory issue, the relevant PEP itself points to all addresses ending in slash, so at the moment I'm not sure where the issue really is. Should per spec all URLs end in slash?
But I'm relatively sure, if renovate appended the slash, everything would work because there wouldn't be any redirects involved 🙇
I'd be happy for some guidance or opinions.
/cc @max-wittig @fh1ch @nejch
The text was updated successfully, but these errors were encountered: