Dependency from another PyPI in pyproject.toml with Setuptools - pip

I'm setting up a local PyPI repository on self-managed GitLab for wheels that cannot be made public. Pip is configured to look for wheels there. If not found, GitLab forwards request to global PyPI.
This can lead to distribution name conflicts, so I'd like to specify in pyproject.toml which dependency come from which PyPI. I think it's possible with Poetry, but I cannot find anything suitable in Setuptools documentation.
Do Setuptools support multiple PyPI indices?

Related

Does pip only use PyPI or does it use other domains to find packages?

I know that by default, pip uses PyPI to look for packages. I would like to know if there are other domains other than PypI that pip uses.
PIP Can install from
PyPI
VCS project URL
Local project directories
Local or remote source archives
to run from a local passage you can input pip install /opt/mypackage
Finally, run pip install --help to see all installation options
PIP can install from many different sources. You can find the whole list here
You can also setup your own Python package repository and configure pip to install from there.

installation of Neuraxle package with dependancies conflicts

Trying to install Neuraxle, i am facing to conflict caused by dependancies :
neuraxle 0.8.1 depends on markupsafe==2.0.1
jinja2 3.1.2 depends on MarkupSafe superior or =2.0
werkzeug 2.2.2 depends on MarkupSafe superior or =2.1.1.
Is it possible to force dependancies configuration files to end installation ?
Trying to update each package with pip processus manually.
thanks
The jinja2 and werkzeug packages are not required to run most features of Neuraxle, only the REST API serving feature.
There is a way to install a library on pip without all of its dependencies. See here:
https://stackoverflow.com/a/12759996/2476920
--no-deps, --no-dependencies
Ignore package dependencies
So you can run pip with a --no-dependencies flag.
If you want to manually install the other dependencies, you can find them here: https://github.com/Neuraxio/Neuraxle/blob/af917c984241178436a759be3b830e6d8b03245f/setup.py#L93

Handling name collisions when using pip with several registries

I have a private registry that stores SomePackage that depends on other packages listed on pypi. I would like to install SomePackage with all its dependencies using pip but I came across a problem.
At first I used the --extra-index-url pip option to install SomePackage:
pip install --extra-index-url http://my.package.repo/simple SomePackage
But if SomePackage also exist on pypi pip will simply install the latest version amongst the indexes given (and not give any priority to my private registry). That seems like a risk to me and some others. So I was wondering if there could be a workaround to prevent the involuntary installation of SomePackage from pypi.
I have an idea, but maybe that's a bad one (or maybe it doesn't work as I expect):
# Install the package from the private registry without its dependencies:
pip install --no-deps --index-url http://my.package.repo/simple SomePackage
# Then install only its dependencies:
pip install --extra-index-url http://my.package.repo/simple SomePackage
This would only work for SomePackage but all its dependencies from the private registry will not be "protected" by this approach. Any other/better idea?

Installing dependencies for a pip-only package through conda

Sometimes I need to install a pip-only package into a conda environment. If I install the package using pip install, then all the dependencies for that package are installed using pip, even if they are available to conda.
I would like to install as many packages as possible through conda, so currently I use a hack to get the list of package dependencies through pip, search for all of them on conda, conda install the ones that are found, and then go through with the pip install.
Am I right to prefer installing dependencies through conda rather than pip? And if so, can anyone think of a more elegant way to solve this problem?
pip and conda are two separate package managers. Only in very rare cases package managers actually work together. In practical applications conda and pip usually do not.
In reality, mixing conda and pip packages is usually unavoidable. This often leads to a messy package management, as you describe.
In my opinion, the best and currently only proper way to solve this problem is to create a conda package for all (pypi-)packages and dependencies you want to use in your conda environments.
conda-forge is a community effort that offers an easy way to contribute your own package to the conda infrastructure. You may want to check out if your package is already available, and if not if contributing is an option for you.
Am I right to prefer installing dependencies through conda rather than pip?
Yes.
Anaconda has a blog post that discusses best practices when you have no choice but to combine conda and pip. Here's a list of guidelines from that blog post:
Best Practices Checklist
Use pip only after conda
install as many requirements as possible with conda, then use pip
pip should be run with --upgrade-strategy only-if-needed (the default)
Do not use pip with the --user argument, avoid all “users” installs
Use conda environments for isolation
create a conda environment to isolate any changes pip makes
environments take up little space thanks to hard links
care should be taken to avoid running pip in the “root” [base] environment
Recreate the environment if changes are needed
once pip has been used conda will be unaware of the changes
to install additional conda packages it is best to recreate the environment
Store conda and pip requirements in text files
package requirements can be passed to conda via the --file argument
pip accepts a list of Python packages with -r or --requirements
conda env will export or create environments based on a file with conda and pip requirements

How to avoid installing an "install_requires" package of a pip requirement?

When installing with pip from a requirements.txt file, is there a way to override a requirement's dependencies which are installed due to being listed under install_requires in setup.py of the package?
My specific case is south being installed as a dependency of django-paypal, even though I'm using Django 1.8 so I don't want south installed - it just confuses django's own migrate command.

Resources