Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(docs): add Google Artifact Registry index instructions #8579

Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 53 additions & 1 deletion docs/guides/integration/alternative-indexes.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,58 @@ $ # Configure the index URL with the username
$ export UV_EXTRA_INDEX_URL=https://VssSessionToken@pkgs.dev.azure.com/{organisation}/{project}/_packaging/{feedName}/pypi/simple/
```

## Google Artifact Registry

uv can install packages from
[Google Artifact Registry](https://cloud.google.com/artifact-registry/docs). Authenticate to a
repository using password authentication or using [`keyring`](https://github.com/jaraco/keyring)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about using a Service Account?

That's how I approach it in a CI environment, at least. Following this Google guide too.
Not sure if you have a better approach.

Copy link
Contributor Author

@stegayet stegayet Oct 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can mention other authentication methods indeed 👍

package.

!!! note

This guide assumes `gcloud` CLI has previously been installed and setup.

### Password authentication

Credentials can be provided via "Basic" HTTP authentication scheme. Include access token in the
password field of the URL. Username must be `oauth2accesstoken`, otherwise authentication will fail.

For example, with the token stored in the `$ARTIFACT_REGISTRY_TOKEN` environment variable, set the
index URL with:

```bash
export ARTIFACT_REGISTRY_TOKEN=$(gcloud auth application-default print-access-token)
export UV_EXTRA_INDEX_URL=https://oauth2accesstoken:$ARTIFACT_REGISTRY_TOKEN@{region}-python.pkg.dev/{projectId}/{repositoryName}/simple
```

### Using `keyring`

You can also authenticate to Artifact Registry using [`keyring`](https://github.com/jaraco/keyring)
package with
[`keyrings.google-artifactregistry-auth` plugin](https://github.com/GoogleCloudPlatform/artifact-registry-python-tools).
Because these two packages are required to authenticate to Artifact Registry, they must be
pre-installed from a source other than Artifact Registry.

The `artifacts-keyring` plugin wraps [gcloud CLI](https://cloud.google.com/sdk/gcloud) to generate
short-lived access tokens, securely store them in system keyring and refresh them when they are
expired.

uv only supports using the `keyring` package in
[subprocess mode](https://github.com/astral-sh/uv/blob/main/PIP_COMPATIBILITY.md#registry-authentication).
The `keyring` executable must be in the `PATH`, i.e., installed globally or in the active
environment. The `keyring` CLI requires a username in the URL and it must be `oauth2accesstoken`.

```bash
# Pre-install keyring and Artifact Registry plugin from the public PyPI
uv tool install keyring --with keyrings.google-artifactregistry-auth

# Enable keyring authentication
export UV_KEYRING_PROVIDER=subprocess

# Configure the index URL with the username
export UV_EXTRA_INDEX_URL=https://oauth2accesstoken@{region}-python.pkg.dev/{projectId}/{repositoryName}/simple
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please double check that it works for you?
Because it doesn't work for me at all, so I don't know if I'm doing something wrong, or if something's wrong with your guide.

I can successfully make it work without uv though, if I use this:

python -m venv .venv
source .venv/bin/activate
pip install keyring keyrings.google-artifactregistry-auth

and adding the AR's repo index to pip.conf:

cat > .venv/pip.conf << EOF
[global]
extra-index-url = https://{LOCATION}-python.pkg.dev/{PROJECT}/{REPOSITORY/simple/
EOF

Then I can install packages either from PyPI or from my private AR:

image

But with uv, it doesn't work, no matter what I've tried so far. I can't even install from PyPI...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Tsafaras are you including the oauth2accesstoken username as described there?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I tried all combinations of the guide and none of them worked for me.
I even tried stuff that's not in the guide, still nothing...

```

## AWS CodeArtifact

uv can install packages from
Expand Down Expand Up @@ -118,4 +170,4 @@ uv publish

## Other indexes

uv is also known to work with JFrog's Artifactory and the Google Cloud Artifact Registry.
uv is also known to work with JFrog's Artifactory.
Loading