I have hosted my own private pypi-server, where I published my own private packages, however this package has some dependencies which I mentioned as part of "install_requires" in setup.py file.
For building the package, I created sdist as below:
python3 setup.py sdist
I have not pushed any dependencies to my private pypi server and I expected that the dependencies will be installed from Public pypi server.
As part of testing, I set --index-url to my private pypi server and I expect that the packages will be installed only from my private pypi server and not look in the index of public pypi server.
I tested in my venv with installation as below:
pip install --verbose --no-cache-dir --index-url https://privatepypi/simple/ mypackage
I expected that the above will fail as my private pypi doesn't have any dependencies, but it did not and installation went smoothly without an issue and it showed the dependencies being downloaded (with verbose option, I can see its looking only at the index of my private pypi server).
I have removed all the pip cache, system wide and in venv just to be sure if --no-cache option is not working as expected.
So my question is when you make a sdist does the dependency sources/wheels are also packed for my private package and all dependencies are resolved just from package?
I found some conflicting statements on internet. The official python documentation says: official python doc it doesn't decide where and how.
contradicting to that, zetcode says it creates a release tree where everything needed to run package is copied.
Can anyone shed some light on how this works?
Thanks