Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip doesn't resolve ENV vars in the requirements.txt file of the dependencies of a given dependency (recursive in depth) #13151

Open
1 task done
javier-wf opened this issue Jan 10, 2025 · 1 comment
Open
1 task done

pip doesn't resolve ENV vars in the requirements.txt file of the dependencies of a given dependency (recursive in depth) #13151

javier-wf opened this issue Jan 10, 2025 · 1 comment
Labels
type: support User Support

Comments

@javier-wf
Copy link

Description

Let's say we have a project called A in a Github repository from an organization, that has a requirements.txt file with the following dependencies:

B @ git+https://${PAT_TOKEN}@github.com/MY_ORGANIZATION/[email protected]

Then we have the project B also in a Github repository from the same organization, with his own requirements.txt file. For example:

C @ git+https://${PAT_TOKEN}@github.com/MY_ORGANIZATION/[email protected]

As said, all projects belong to the same Github organization (also C), so we can create a Personal Access Token (PAT) that can be used for authenticating in all projects. We export the PAT_TOKEN and set it as an environment variable in a terminal.

If we do pip install -r requirements.txt for project B everything works fine. The C project is installed as a dependency of B and the ${PAT_TOKEN} is correctly read from the environment variables, resolving the url, doing the checkout, etc.

However, if we do the same for project A it fails. Initially, it correctly resolves the B dependency, injecting the ${PAT_TOKEN} from env vars, but now B requires to install C, and in that case the ${PAT_TOKEN} is not replaced by the env variable, but passed literally to the checkout, then failing.

Expected behavior

The value of ${PAT_TOKEN} environment variable must be passed recursively to all dependencies and dependencies of dependencies.

pip version

24.3.1

Python version

3.11

OS

linux

How to Reproduce

  1. Create a private repository A in GitHub inside an organization O, and commit some random code that imports package B.
  2. Create a private repository B in GitHub inside an organization O, and commit some random code that imports package C.
  3. Create a private repository C in GitHub inside an organization O, and commit some random code.
  4. Create a requirements.txt file for project Aand add the following line:
    B @ git+https://${PAT_TOKEN}@github.com/O/[email protected]
  5. Create a requirements.txt file for project Band add the following line:
    C @ git+https://${PAT_TOKEN}@github.com/O/[email protected]
  6. In your account settings, create a personal access token that can be used for all the respositories within the organization.
  7. Run pip install -r requirements.txt for A project.

Output

...
Collecting B@ git+https://****@github.com/O/B (from -r requirements.txt (line 1))
  Cloning https://****@github.com/O/B (to revision v0.1.0) to /tmp/pip-install-l1b_8yth/B_afff0d9438154e0bbd86cc84bd9a6408
  Running command git clone --filter=blob:none --quiet 'https://****@github.com/O/B' /tmp/pip-install-l1b_8yth/B_afff0d9438154e0bbd86cc84bd9a6408
  Resolved https://****@github.com/O/B to commit 04060492b1907ca817366f20be6a87a32680bf04
Installing build dependencies: started
...
Collecting C@ git+https://****@github.com/O/[email protected] (from B@ git+https://***@github.com/O/[email protected]>-r requirements.txt (line 1))
  Cloning https://****@github.com/O/C (to revision v0.1.0) to /tmp/pip-install-l1b_8yth/C_66e1729f35a1430fa58d589084f2aacd
  Running command git clone --filter=blob:none --quiet 'https://****@github.com/O/C' /tmp/pip-install-l1b_8yth/C_66e1729f35a1430fa58d589084f2aacd
  fatal: could not read Password for 'https://${PAT_TOKEN}@github.com': No such device or address
  error: subprocess-exited-with-error
  
  × git clone --filter=blob:none --quiet 'https://****@github.com/O/C' /tmp/pip-install-l1b_8yth/C_66e1729f35a1430fa58d589084f2aacd did not run successfully.
  │ exit code: 128
  ╰─> See above for output.
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

Code of Conduct
@javier-wf javier-wf added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jan 10, 2025
@notatallshaw
Copy link
Member

notatallshaw commented Jan 10, 2025
edited
Loading

As you can see from the error:

note: This error originates from a subprocess, and is likely not a problem with pip

For pip install -r requirements.txt will read those requirements and substitute any environmental variables.

But when you pass a source tree, like a file path or a git link, pip invokes the defined build backend (setuptools, hatchling, poetry.core, flit, etc.) to build the package, it then receives that packages dependency metadata from the build backend, pip does not try to read any requirements.txt from that project, that's up to how the build backend is set up.

You've not provided a reproducible example of how you've set these projects up, but if you have a setup.py that reads and passes the dependencies from a requirements.txt then you need to check setuptools and see if it supports environmental substitution, I'm not very familiar myself sorry.

@notatallshaw notatallshaw added type: support User Support and removed type: bug A confirmed bug or unintended behavior S: needs triage Issues/PRs that need to be triaged labels Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: support User Support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@notatallshaw @javier-wf