Skip to content

Hide access token related instructions for public pypi package

Rahul Chanila requested to merge 387822-update-package-registry-instructions-when-allow-anyone-to-pull-option-is-enabled-2 into master

What does this MR do and why?

In #329253 (closed), we introduced a new option allow anyone to pull to the Package Registry.

With that option, users can configure private project to let anonymous users to download packages from that project.

The problem is that the package details for PyPi have some instructions presented and those instructions are currently presenting that a token is mandatory.

If pypi package is published in a project which is either public or has public package registry access settings, we do not need to show instructions related to access token. Also, based on comment, I've removed the token from the pip command and kept in the .pypirc since it is only used by twine for uploads.

This is a follow-up MR to Adds field public_package to package details gr... (!111992 - merged)

Screenshots or screen recordings

When package is publically available,

Before

Screenshot_2023-03-01_at_4.30.59_pm

After

Screenshot_2023-03-01_at_4.14.46_pm

How to set up and validate locally

  1. rails c - Open the rails console

  2. p = Project.find(1) - Find a public project within GDK. Project id can be found on the project home page

  3. FactoryBot.create(:pypi_package, project: p) - Create a python package within project

  4. Add this line if above fails during the creation of files

       def fixture_file_upload(*args, **kwargs)
     Rack::Test::UploadedFile.new(*args, **kwargs)
   end

  5. Find the published package in the package list page of the project & click on the package to visit the details page.

  6. Instructions related to access token should not be present under Installation > Pip command

  7. Visit Settings > General > Visibility, project features, permissions of the project in a new tab.

  8. Set project to private/internal, then instructions related to access token should be visible under Installation > Pip command

  9. Check the Allow anyone to pull from Package Registry checkbox, then instructions related to access token should not be present under Installation > Pip command

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #387822 (closed)

Edited by Rahul Chanila

Merge request reports