Add auth_file option to read authentication information for repositories from a file #413
Conversation
0xbe7a
changed the title
|
@wolfv, I have changed the PR and there is now only the option to specify a path to a file containing the authentication information. Should we leave the option hidden? |
|
If you keep the information hidden, please add a section for it in the docs. |
|
I would also like to add an end-to-end test for this. My idea was to use a technical user / API key for prefix.dev that has read-only access to a private channel containing a dummy package. We could then include the key in this repository. Do you already have such an account or could you create one? |
|
I also did this with setup-pixi but with my personal account. |
|
great stuff! I can make such an account on prefix, of course. Any package that you think would work good? |
|
Just any dummy package that we can list as a build dependency. Requires no content, e.g. we used this recipe for conda-forge conda-forge/_python_rc-feedstock@main/recipe/meta.yaml. |
|
I added you two to this channel and uploaded |
|
I want to include a read-only key for this channel within the test so that everyone can run the full integration tests. With prefix-dev I can only include one unrestricted API key for my entire account and all channels, right? |
|
yeah that's true. how about I add one as a secret to the repo for now and we do what you suggest once we have implemented this kind of scoped access on prefix? |
|
👍 Then just add the API key of a user who has read access to the channel as a secret and environment variable, and I'll just skip the test if the environment variable is not set. |
|
Added the following secret: |
…ease on disk, so compiling with --release is faster
|
@wolfv, I added an integration test to test authentication in a private prefix.dev channel and tested it locally and it works. The CI is currently failing as the secret is not exposed to outside contributors running. I think you need to make an empty commit to this PR for the secrets to get exposed to the workflow |
While testing the `auth-file` feature for `rattler-build` (prefix-dev/rattler-build#413) I noticed that the wildcard extension for domains does not work correctly: `https://repo.prefix.dev` was matched with `repo.prefix.dev` and `*.repo.prefix.dev`, but not with `*.prefix.dev`. On closer inspection, it looks like the function never worked properly: See #252 This PR fixes the wildcard handling and adds a unit test for it.
0xbe7a
force-pushed
the
force-fallback
branch
from
23a5018 to
f28f31f
Compare
|
The test currently fails on main, but works on my fork (https://github.com/0xbe7a/rattler-build/actions/runs/7246636641/job/19738988493). Can you run the test again to make sure it's not a temporary issue, @wolfv? |
This PR adds the option to disable the usage of the system keychain for storing login information but instead to rely soly on the fallback auth store, which is a simple JSON File.
Depends on conda/rattler#435