Python Pipenv project with multiple private Github-hosted dependencies #190

mtr · 2023-08-17T10:11:18Z

mtr
Aug 17, 2023

Hi,

I'm trying to set up Qodana for a Python project P, which uses Pipenv for dependency management. There are several private sub-dependencies, d1, d2, …. Each such dependency has a configuration line like the following in the Pipfile under [packages]

…
[packages]
d1 = {editable = true, git = "ssh://[email protected]/<user_a>/d1.git"}
…
d2 = {editable = true, git = "ssh://[email protected]/<user_b>/d2.git"}
…

Until now, Pipenv have retrieved these dependencies automatically during deployment using a separate deployment SSH-key. However, since Qodana strongly (and correctly) advices against storing secrets such as private keys in the Qodana configuration, I wonder how to best accommodate for this scenario?

brichbash · 2023-09-05T09:27:19Z

brichbash
Sep 5, 2023
Maintainer

Hello,

Sorry for the delay.
Pipenv supports environment variables, so I would suggest you extract your token to a variable, e.g. $PIP_TOKEN1, and then add to your Qodana job configuration a GitHub secret:

env:
  PIP_TOKEN1: ${{ secrets.PIP_TOKEN1 }}

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Python Pipenv project with multiple private Github-hosted dependencies #190

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Python Pipenv project with multiple private Github-hosted dependencies #190

mtr Aug 17, 2023

Replies: 1 comment

brichbash Sep 5, 2023 Maintainer

mtr
Aug 17, 2023

brichbash
Sep 5, 2023
Maintainer