Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How can I choose a source on a per-dependency basis?

See original GitHub issue

I have searched the issues of this repo and believe that this is not a duplicate.
I have searched the documentation and believe that my question is not covered.

Question

I would like to specify a source for a dependency on a per-dependency basis.

I would like to do this for a number of reasons:

PyPi is much faster than my private repository, so it makes sense to install all of my non-private dependencies from PyPi
I don’t understand the semantics of specifying another source… Will that source be used for all dependencies, or just ones that are not found in PyPi? (If the latter, that is a security issue as someone could register our package’s name on PyPi and have their code included in our app)

Therefore it seems to me that the way to have understandable semantics and the best installation speed is to support something like:

[[tool.poetry.source]]
name = "my-private-repo"
url = "http://<hostname>/simple/"

[tool.poetry.dependencies]
python = "^3.6"
my-private-package = { version = "^x.y.z", source = "my-private-repo }

Issue Analytics

State:
Created 5 years ago
Reactions:15
Comments:8 (1 by maintainers)

Top GitHub Comments

16reactions

jared-mackeycommented, Dec 12, 2018

I’d like to be able to specify a default source and then override it on a per-dependency basis. The use case is that for most of my packages I am use the public PyPI index but also have a couple private packages on a private repo.

Something like this would be perfect.

[[tool.poetry.source]]
name = "my-private-repo"
url = "http://<hostname>/simple/"
default = false  # Disable using it by default

[tool.poetry.dependencies]
python = "^3.6"
my-private-package = { version = "^x.y.z", source = "my-private-repo }
requests = "*"  # Use pypi and never look at my-private-repo

5reactions

sdispatercommented, Nov 1, 2019

This is now available in the latest beta release (see #908 for more information).

Top Results From Across the Web

Maven – Optional Dependencies and Dependency Exclusions

This section discusses optional dependencies and dependency exclusions. This will help users to understand what they are and when and how to use...

Learning the Basics - Gradle User Manual

Gradle supports a wide range of sources for dependencies, both in terms of format ... Giving a reason for choosing a certain module...

Get source jar files attached to Eclipse for Maven-managed ...

I was able to download the sources by control-clicking the project in Navigator view and choosing "m2 Maven"-->"Download Sources". I was then able...

Controlling Scope and Lifetime — Autofac 6.0.0 documentation

While some things in Autofac have changed over time, the concepts described there remain valid and may be helpful in understanding lifetime scopes....

Dependency Injection with Autofac - CodeProject

Autofac is an open-source dependency injection (DI) or inversion of control ... This article uses an example to demonstrate the most basic ......