Document how to pip install from a private GitLab Python package repository
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
It took me a day to figure this out, so I think it should be added to the documentation. So current documentation explains how to authenticate for publish using CI_JOB_TOKEN, but not how to authenticate pip for download.
Or, it has a section, but it is not suitable for CI. In our case requirements.txt do not hard-code username/password but just specify --extra-index-url to our private GitLab Python package repository. So how does one then provide username/password in CI job which has to install from there?
Proposal
I ended up having the following in my CI configuration:
before_script:
# Provides credentials to pip to access private GitLab PyPi index.
- echo "machine gitlab.com" > ~/.netrc
- echo "login gitlab-ci-token" >> ~/.netrc
- echo "password ${CI_JOB_TOKEN}" >> ~/.netrcAnd it works great. Documentation for this can be found here.
~/.pypirc is not consulted by pip. And I also tried using/installing keyring and doing echo "${CI_JOB_TOKEN}" | keyring https://gitlab.com/api/v4/projects/.../packages/pypi/simple gitlab-ci-token and it did not work for some reason.
It is interesting to note that CI_JOB_TOKEN allows me to access packages in other private GitLab Python package repositories inside the same organization, which is what I need (and is similar to how it works for Docker), but maybe it should also be documented. Because I spend some time trying with deploy tokens because I thought this is the problem.
The issue with this approach is that it configuraes one token per whole gitlab.com, so if you have to access private packages from different organizations it might not work?
Who can address the issue
Anyone can validate this and make a MR.