I want to install multiple private Github repositories as python packages into my repository using poetry. This works fine when running poetry install locally as I have my public SSH key added to Github which allows poetry to access the private repos. The problem is that I want to install these same private packages in my CI/CD pipeline and for that I need to add one deploy key per repo. The correct deploy key needs to be used towards the correct repository and for that to work, I need to setup a config with some aliases on the following format (I haven't actually gotten so far as to know whether this will actually work or not):
// /.ssh/config
Host repo-1.github.com
IdentityFile ~/.ssh/repo-1-deploy-key
Host repo-2.github.com
IdentityFile ~/.ssh/repo-2-deploy-key
Where repo-1 and repo-2 are the names of the private repositories I need to install. When running locally the pyproject.toml packages need to be setup in the following format:
// pyproject.toml
...
[tool.poetry.dependencies]
repo-1 = { git = "ssh://[email protected]/equinor/repo-1.git" }
repo-2 = { git = "ssh://[email protected]/equinor/repo-2.git" }
...
As this will allow the developer to install the packages without any configuration (given that they have access). For the CI/CD pipeline however, the URLs need to match the alias in the SSH config file and therefore it needs to look something like this:
// pyproject.toml
...
[tool.poetry.dependencies]
repo-1 = { git = "ssh://[email protected]/equinor/repo-1.git" }
repo-2 = { git = "ssh://[email protected]/equinor/repo-2.git" }
...
Now, where I seem to be stuck at is on how I can include two different git paths in the same pyproject file? I tried the following:
//pyproject.toml
[tool.poetry.dependencies]
repo-1 = { git = "ssh://[email protected]/equinor/repo-1.git", optional=true }
repo-2 = { git = "ssh://[email protected]/equinor/repo-2.git", optional=true }
[tool.poetry.dev-dependencies]
repo-1 = { git = "ssh://[email protected]/equinor/repo-1.git" }
repo-2 = { git = "ssh://[email protected]/equinor/repo-2.git" }
[tool.poetry.extras]
cicd_modules = ["repo-1", "repo-2"]
So that I could run poetry install locally and it would use the dev dependencies and poetry install --no-dev --extras cicd_modules in the CI/CD pipeline to use the aliased paths. Sadly, this gives me a CalledProcessError as it seems like poetry tries to install the optional package despite the optional flag set to true.
What am I doing wrong here, am I using the optional flag incorrectly somehow? Is there a better way to solve this? In summary I just want to be able to install multiple private repositories as packages using poetry and Github deploy keys in a CI/CD pipeline without breaking local install behaviour, if it's in this way or another better way, I don't really have a strong opinion on.
If you are running in the CI/CD pipeline a subtly different configuration, consider using a shell script to modify the text of the
pyproject.tomlfile. In this case I might use asedone-liner to replacessh://[email protected]withhttps://PRIVATE_TOKEN:[email protected].And add the appropriate environment variable values for
CI_CD_USERandCI_CD_TOKENto your configuration.