Skip to content

Add uv auth commands#15570

Merged
zanieb merged 22 commits intomainfrom
feature/auth
Sep 2, 2025
Merged

Add uv auth commands#15570
zanieb merged 22 commits intomainfrom
feature/auth

Conversation

@zanieb
Copy link
Member

@zanieb zanieb commented Aug 28, 2025
edited
Loading

@zanieb zanieb added the tracking A "meta" issue that tracks completion of a bigger task via a list of smaller scoped issues. label Aug 28, 2025
@zanieb zanieb temporarily deployed to uv-test-registries August 28, 2025 14:16 — with GitHub Actions Inactive
@zanieb zanieb added the no-build Disable building binaries in CI label Aug 28, 2025
@zanieb zanieb temporarily deployed to uv-test-registries August 28, 2025 15:38 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 28, 2025 15:38 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 28, 2025 15:48 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 28, 2025 15:55 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 28, 2025 15:55 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 28, 2025 20:22 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 28, 2025 20:22 — with GitHub Actions Inactive
@zanieb zanieb mentioned this pull request Aug 28, 2025
Merged
zanieb added a commit that referenced this pull request Aug 28, 2025
@zanieb
Split the "Authentication" page into sections (#15575)
bf189c5 
In preparation for more content for #15570
@zanieb zanieb temporarily deployed to uv-test-registries August 29, 2025 19:21 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 29, 2025 19:21 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 30, 2025 14:16 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 30, 2025 16:57 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 30, 2025 16:57 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 30, 2025 17:07 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 30, 2025 17:08 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-registries August 30, 2025 17:30 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 30, 2025 17:31 — with GitHub Actions Inactive
zanieb and others added 7 commits August 31, 2025 15:14
@zanieb
Add test case for uv auth login in publish integration tests (#15592)
712a0c0
@zanieb
Add documentation on the uv credential store and CLI (#15597)
1bd10d2
@zanieb
Respect UV_CREDENTIALS_DIR (#15598)
13ff8eb
@zanieb
Add case for uv auth login in registry integration tests (#15593)
919c071 
Adds an alternative third-party registry test mode that uses `uv auth
login` instead of the environment variables to provide configuration.
@charliermarsh @zanieb
Misc. tweaks
81bb26a
@charliermarsh @zanieb
Use a dedicated wire type for credentials serialization (#15599)
caf5845 
This is a little closer to what we do elsewhere when we want to
encapsulate differences in the serialization format.
@zanieb
Add uv auth dir (#15600)
d97a1e8
@zanieb zanieb temporarily deployed to uv-test-registries August 31, 2025 20:19 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish August 31, 2025 20:24 — with GitHub Actions Inactive
@zanieb
Lock the credentials store when reading or writing (#15610)
cc63c38 
Adds locking of the credentials store for concurrency safety. It's
important to hold the lock from read -> write so credentials are not
dropped during concurrent writes.

I opted not to attach the lock to the store itself. Instead, I return
the lock on read and require it on write to encourage safe use. Maybe
attaching the source path to the store struct and adding a `lock(&self)`
method would make sense? but then you can forget to take the lock at the
right time. The main problem with the interface here is to write a _new_
store you have to take the lock yourself, and you could make a mistake
by taking a lock for the wrong path or something. The fix for that would
be to introduce a new `CredentialStoreHandle` type or something, but
that seems overzealous rn. We also don't eagerly drop the lock on token
read, although we could.
@zanieb zanieb temporarily deployed to uv-test-registries September 2, 2025 13:02 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish September 2, 2025 13:02 — with GitHub Actions Inactive
@zanieb
Respect usernames when finding matching credentials in the plaintext …
99499ff 
…store (#15620)

We're not respecting the username when searching for a match, which is
no good!
@zanieb zanieb temporarily deployed to uv-test-registries September 2, 2025 13:17 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish September 2, 2025 13:18 — with GitHub Actions Inactive
@zanieb
Remove the native system store from the keyring providers (#15612)
d166487 
We're not sure what the best way to expose the native store to users is
yet and it's a bit weird that you can use this in the `uv auth` commands
but can't use any of the other keyring provider options. The simplest
path forward is to just not expose it to users as a keyring provider,
and instead frame it as a preview alternative to the plaintext uv
credentials store. We can revisit the best way to expose configuration
before stabilization.

Note this pull request retains the _internal_ keyring provider
implementation — we can refactor it out later but I wanted to avoid a
bunch of churn here.
@zanieb zanieb temporarily deployed to uv-test-registries September 2, 2025 13:39 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish September 2, 2025 13:39 — with GitHub Actions Inactive
@zanieb
Allow storage of multiple usernames per service in the plaintext store (
e123f28 
#15628)

We weren't keying our hash map with the username, which meant that only
one user could be used per service.
@zanieb zanieb temporarily deployed to uv-test-registries September 2, 2025 14:14 — with GitHub Actions Inactive
@zanieb zanieb temporarily deployed to uv-test-publish September 2, 2025 14:14 — with GitHub Actions Inactive
@zanieb zanieb had a problem deploying to uv-test-registries September 2, 2025 18:03 — with GitHub Actions Failure
@zanieb zanieb temporarily deployed to uv-test-publish September 2, 2025 18:04 — with GitHub Actions Inactive
@zanieb zanieb marked this pull request as ready for review September 2, 2025 18:16
@zanieb zanieb merged commit aa16188 into main Sep 2, 2025
110 of 111 checks passed
@zanieb zanieb deleted the feature/auth branch September 2, 2025 18:16
@BrewTestBot BrewTestBot mentioned this pull request Sep 3, 2025
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Sep 5, 2025
build(deps): update astral-sh/uv to v0.8.15
224a3be 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.8.14` -> `0.8.15` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.8.15`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0815)

[Compare Source](astral-sh/uv@0.8.14...0.8.15)

##### Python

- Upgrade SQLite 3.50.4 in CPython builds for [CVE-2025-6965](GHSA-2m69-gcr7-jv3q) (see also [python/cpython#137134](python/cpython#137134))

##### Enhancements

- Add `uv auth` commands for credential management ([#&#8203;15570](astral-sh/uv#15570))
- Add pyx support to `uv auth` commands ([#&#8203;15636](astral-sh/uv#15636))
- Add `uv tree --show-sizes` to show package sizes ([#&#8203;15531](astral-sh/uv#15531))
- Add `--python-platform riscv64-unknown-linux` ([#&#8203;15630](astral-sh/uv#15630))
- Add `--python-platform` to `uv run` and `uv tool` ([#&#8203;15515](astral-sh/uv#15515))
- Add `uv publish --dry-run` ([#&#8203;15638](astral-sh/uv#15638))
- Add zstandard support for wheels ([#&#8203;15645](astral-sh/uv#15645))
- Allow registries to pre-provide core metadata ([#&#8203;15644](astral-sh/uv#15644))
- Retry streaming Python and binary download errors ([#&#8203;15567](astral-sh/uv#15567))

##### Bug fixes

- Fix settings rendering for `extra-build-dependencies` ([#&#8203;15622](astral-sh/uv#15622))
- Skip non-existent directories in bytecode compilation ([#&#8203;15608](astral-sh/uv#15608))

##### Error messages

- Add error trace to invalid package format ([#&#8203;15626](astral-sh/uv#15626))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45My4zIiwidXBkYXRlZEluVmVyIjoiNDEuOTMuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

no-build Disable building binaries in CI tracking A "meta" issue that tracks completion of a bigger task via a list of smaller scoped issues.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zanieb @charliermarsh