Skip to content

Build, publish and share Python packages to the GitLab PyPI Repository

Problem to solve

Python developers need a mechanism to create, share, and consume packages that contain compiled code and other content in projects that consume these packages. PyPI, an open source project maintained by the Python Packaging Authority, is the standard for how to define, create, host and consume Python packages.

By integrating with PyPI, GitLab will provide a centralized location to store and view those packages, in the same place as their source code and pipelines.

This epic contributes to our vision, by providing a single application CI/CD experience for our customers and our users.

Intended users

Proposal

Provide support for users coding in Python by integrating with PyPI and allowing developers to publish, share and consume Python packages alongside their source code and CI/CD pipelines.

Proposed MVC Scope

  • Users can add GitLab as a remote repository.
  • Users are able to add a project PyPI Repository url in an authenticated manner using GitLab username + token via:
    • ~/.pip/pip.conf
    • requirements.txt
  • Users are able to publish a Python package to GitLab:
    • With sdist: python setup.py sdist upload -r <gitlab_remote>
    • With wheel: python setup.py bdist_wheel upload -r <gitlab_remote>
    • With twine: twine upload -r pypi <filename>
  • Users are able to pull a Python package (pip install <package_name>)
  • Users are able to delete a Python package (For the MVC - we will only allow users to delete packages via the UI or API)
  • The MVC will be limited to the backend work and we will address the UI in subsequent milestones.

Further details

User stories

Administrator
  • I as an administrator of GitLab, need the ability to enable/disable the Package Registry, so that I can ensure the developers in my organization have access to the features that they are supposed to.
  • I as an administrator of Gitlab, need the ability to configure object storage for the GitLab Package Registry, including the PyPI Repository, so that I can optimize how my organization utilizes storage.
Developer
  • I as a developer, need the ability to configure PyPI to point to GitLab as a remote repository, so that I can push, pull and view my Python packages with GitLab.
  • I as a developer, need the ability to setup authentication between GitLab and PyPI using my personal access token, so that I can push and pull packages to the GitLab PyPI Repository.
  • I as a developer, need the ability to run PyPI primary commands from the CLI to push, pull and update Python packages in the GitLab PyPI Repository at the project level.
  • I as a developer, need the ability to view basic meta data about packages from within the GitLab UI, so that I can verify package info and ensure my project is using the correct dependencies.
  • I as a developer need the ability to view GitLab metadata, such as pipeline_id, branch and commit associated with a package, so that I can understand how a package was built, by whom and when.
  • I as a developer, need the ability to delete packages from within the GitLab UI, so that I can remove old packages and ensure they are not accidentally used in my project.
Reporter
  • I as a project-stakeholder need the ability to view and pull packages from the PyPI Repository, so that I can view, inspect and download Python packages.

Example UI (not included in the MVC)

Package_List_View_Details_Row_Items Screen_Shot_2020-01-20_at_13.53.12

Metadata (for the UI)

  • Name
  • Version
  • Platform
  • Summary
  • Keywords
  • Homepage
  • Download URL
  • Author
  • Author email
  • License

Permissions and Security

The permissions should follow the same levels as all other package registries

Project Permissions: UI

Action Guest Reporter Developer Maintainer Owner
Pull a package x x x x
Publish a package x x x

Project Permissions: API

Action Guest Reporter Developer Maintainer Owner
List project packages (5) x x
Get a project package x x
List package files x x
Delete a project package x x

Group Permissions: API

Action Guest Reporter Developer Maintainer Owner
[List the packages of a group x x

Instance Level Permissions

Action Guest Reporter Developer Maintainer Owner
Enable the Packages feature x
Migrate local packages to object storage x
Disable the Packages feature x

Documentation

What does success look like, and how can we measure that?

The goal of the Package Group is to ensure that in 3 years, 90% of our customers are using GitLab as their sole package registry. Success for this issue will be that we begin to empower Python developers to utilize GitLab for publishing and sharing packages.

Outcomes

  • We'd like to see a 5% increase in overall adoption of the GitLab Package Registry with the launch of this MVC
  • We expect that number to rise to 10%, once we enable CI_JOB_TOKEN support
  • As this is an MVC, we expect to see an increased volume of issues for the feature.

Data and metrics

  • Count of packages pushed to the PyPI Repository
  • Count of packages pulled from the PyPI Repository
  • Count of packages deleted from the PyPI Repository
  • Count of repository setup commands copied
  • Count of package install commands copied

Links / references

Edited by Tim Rizzi