gcs_pypi is a CLI for creating a Python Package Repository in an GCS bucket.
Install gcs_pypi using pip:
pip install gcs_pypi- Create a new bucket
Setup service account with the following permissions
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
Recommended that you create a custom Role which can be inherited by the service account
Example
-
Create Role "PYPI"
-
Assign Permissions
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
-
Create a Service Account e.g pypi
-
Select the "PYPI" Role created above
-
Add a condition to limit access to only that GCS bucket
resource.name == "mybucket"Visit Cloud IAM Conditions for more information
You can now use gcspypi to create Python packages and upload them to your GCS bucket.
To hide packages from the public, you can use the --private option to prevent the packages from
being accessible directly via the GCS bucket (they will only be accessible via your Domain or
alternatively you can specify a secret subdirectory using the --secret option:
cd /path/to/your-project/
gcspypi --bucket mybucket [--private] [--secret SECRET]Set cache-control header for index.html
$ gsutil setmeta -h "cache-control:public, must-revalidate, proxy-revalidate, max-age=0" gs://[BUCKET]/index.htmlInstall your packages using pip by pointing the --extra-index-url to your Custom domain (optionally followed by a secret subdirectory):
pip install your-project --extra-index-url https://pypi.example.com/SECRET/Alternatively, you can configure the index URL in ~/.pip/pip.conf:
[global]
extra-index-url = https://pypi.example.com/SECRET/