Fixing PR failures if pypi.org unavailable#5876
Merged
Conversation
pavera
force-pushed
the
pavera/python-firewalled
branch
from
e77df7b to
58bd5eb
Compare
landongrindheim
approved these changes
Oct 13, 2022
Contributor
There was a problem hiding this comment.
Is the preceding space important here? If so, what do you think about using "\ #{? I'm able to notice it here because of diff highlighting, but I'd be much less likely to notice it when I need to.
Contributor
Author
There was a problem hiding this comment.
Yes the space is important, I've applied the suggested change.
pavera
force-pushed
the
pavera/python-firewalled
branch
2 times, most recently
from
a5e1ae6 to
d6f9c66
Compare
pavera
force-pushed
the
pavera/python-firewalled
branch
from
d6f9c66 to
8467689
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
There are many ways to specify an alternate pypi index in Python depending on the package manager, for the most part we attempt to parse these settings from pyproject.toml, pip.conf, and requirements.txt settings. If the project specifies an alternate index url we shouldn't call the public pypi.org index.
There are a number of calls we make to pypi.org to retrieve data that is only available there (primarily the
<package name>/jsonmetadata endpoint). These calls currently cause PR creation to fail if pypi.org is unavailable or otherwise blocked/firewalled. We should be able to generate a PR given a private index even if pypi.org is unavailable.Approach
There are 3 classes of issues I found in attempting to run updates without pypi.org access:
I've added a couple rescues to catch timeouts so failed attempts to reach pypi.org do not crash pr creation. These could probably be expanded further to include other network errors (SocketError maybe?)
Calls to
pyenv versionswere always failing to find installed python for pipenv and pip-compile as they were expecting a newline which is no longer in the output. This "fix" only resolves the issue if the repo is using a version of python we have pre-installed.I have not attempted to address point 3 above yet, I added a partial solution of exposing the
main_urlfromIndexFindervia a new public method onIndexFinderand this worked, however it would require a larger change to properly set this in context withreplaces_baseand I feel there might be better options to explore around parsing the exact command pip-compile recommends from the requirements.txt file. Since pip-compile supports multiple source files (requirements.in, setup.py, and pyproject.toml) we should probably take a more holistic approach here.