-
Notifications
You must be signed in to change notification settings - Fork 901
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(docs): add Google Artifact Registry index instructions #8579
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -62,6 +62,58 @@ $ # Configure the index URL with the username | |
$ export UV_EXTRA_INDEX_URL=https://VssSessionToken@pkgs.dev.azure.com/{organisation}/{project}/_packaging/{feedName}/pypi/simple/ | ||
``` | ||
|
||
## Google Artifact Registry | ||
|
||
uv can install packages from | ||
[Google Artifact Registry](https://cloud.google.com/artifact-registry/docs). Authenticate to a | ||
repository using password authentication or using [`keyring`](https://github.com/jaraco/keyring) | ||
package. | ||
|
||
!!! note | ||
|
||
This guide assumes `gcloud` CLI has previously been installed and setup. | ||
|
||
### Password authentication | ||
|
||
Credentials can be provided via "Basic" HTTP authentication scheme. Include access token in the | ||
password field of the URL. Username must be `oauth2accesstoken`, otherwise authentication will fail. | ||
|
||
For example, with the token stored in the `$ARTIFACT_REGISTRY_TOKEN` environment variable, set the | ||
index URL with: | ||
|
||
```bash | ||
export ARTIFACT_REGISTRY_TOKEN=$(gcloud auth application-default print-access-token) | ||
export UV_EXTRA_INDEX_URL=https://oauth2accesstoken:$ARTIFACT_REGISTRY_TOKEN@{region}-python.pkg.dev/{projectId}/{repositoryName}/simple | ||
``` | ||
|
||
### Using `keyring` | ||
|
||
You can also authenticate to Artifact Registry using [`keyring`](https://github.com/jaraco/keyring) | ||
package with | ||
[`keyrings.google-artifactregistry-auth` plugin](https://github.com/GoogleCloudPlatform/artifact-registry-python-tools). | ||
Because these two packages are required to authenticate to Artifact Registry, they must be | ||
pre-installed from a source other than Artifact Registry. | ||
|
||
The `artifacts-keyring` plugin wraps [gcloud CLI](https://cloud.google.com/sdk/gcloud) to generate | ||
short-lived access tokens, securely store them in system keyring and refresh them when they are | ||
expired. | ||
|
||
uv only supports using the `keyring` package in | ||
[subprocess mode](https://github.com/astral-sh/uv/blob/main/PIP_COMPATIBILITY.md#registry-authentication). | ||
The `keyring` executable must be in the `PATH`, i.e., installed globally or in the active | ||
environment. The `keyring` CLI requires a username in the URL and it must be `oauth2accesstoken`. | ||
|
||
```bash | ||
# Pre-install keyring and Artifact Registry plugin from the public PyPI | ||
uv tool install keyring --with keyrings.google-artifactregistry-auth | ||
|
||
# Enable keyring authentication | ||
export UV_KEYRING_PROVIDER=subprocess | ||
|
||
# Configure the index URL with the username | ||
export UV_EXTRA_INDEX_URL=https://oauth2accesstoken@{region}-python.pkg.dev/{projectId}/{repositoryName}/simple | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you please double check that it works for you? I can successfully make it work without python -m venv .venv
source .venv/bin/activate
pip install keyring keyrings.google-artifactregistry-auth and adding the AR's repo index to cat > .venv/pip.conf << EOF
[global]
extra-index-url = https://{LOCATION}-python.pkg.dev/{PROJECT}/{REPOSITORY/simple/
EOF Then I can install packages either from PyPI or from my private AR: But with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @Tsafaras are you including the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, I tried all combinations of the guide and none of them worked for me. |
||
``` | ||
|
||
## AWS CodeArtifact | ||
|
||
uv can install packages from | ||
|
@@ -118,4 +170,4 @@ uv publish | |
|
||
## Other indexes | ||
|
||
uv is also known to work with JFrog's Artifactory and the Google Cloud Artifact Registry. | ||
uv is also known to work with JFrog's Artifactory. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about using a Service Account?
That's how I approach it in a CI environment, at least. Following this Google guide too.
Not sure if you have a better approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can mention other authentication methods indeed 👍