fix --with-credentials export of --extra-index-url lines #117

ejd · 2022-09-07T01:32:19Z

Resolves: #22.

The fix for this issue is to add a single character: indexes_header = ... becomes indexes_header += ... within the loop that builds the --index-url and --extra-index-url lines of the exported text.

I added a test case to demonstrate the problem and prove to myself that I'd fixed it.

I had to run poetry lock to bump the poetry dependency to 1.2.0. The previously locked version, 1.2.0b3, didn't actually remove the PyPI repository from poetry.pool when my new test called poetry.pool.remove_repository("PyPI"). The implementation of that method changed from 1.2.0b3 to 1.2.0 to address exactly that issue. If it's possible to add a different default repository with 1.2.0b3, I'm happy to revert the poetry lock commit and modify the test case.

Poetry 1.2.0 includes a change to `poetry.repositories.pool.Pool.remove_repository` that allows actually removing the PyPI repository. The test added by this branch needs to remove the default repository so it can add an alternate, custom repository.

ejd · 2022-09-09T20:47:14Z

Is there anything I can do to help move this PR along? I'm not sure how to fix the security hotspots (or if I need to -- they seem like false positives.)

tests/test_exporter.py

radoering · 2022-09-10T09:27:04Z

I had to run poetry lock to bump the poetry dependency to 1.2.0.

IMO, it's ok if we depend on the released version of poetry and do not support betas anymore in the next plugin release. Can please revert your lockfile change, update the dependencies in pyproject.toml for poetry and poetry-core to depend on the releases and run poetry lock --no-update using poetry 1.2.