setup-python
setup-python copied to clipboard
actions
Add support for custom PyPI repository configuration
Description
This PR adds the ability to configure pip to use a custom PyPI repository with authentication credentials through the setup-python action. This addresses the need for users working in enterprise environments where:
- Public PyPI is blocked by firewall
- Internal repositories (Nexus, Artifactory, etc.) are used for security-scanned packages
- Custom package indices need to be configured
Changes
-
action.yml: Added three new optional inputs:
-
pypi-url: URL of the custom PyPI repository -
pypi-username: Username for authentication -
pypi-password: Password or token for authentication
-
-
src/utils.ts: Implemented
configurePipRepository()function that:- Creates
pip.conf(Linux/macOS) orpip.ini(Windows) with proper configuration - Embeds credentials securely in the repository URL
- Automatically masks passwords in logs using
core.setSecret() - Handles missing or partial credentials gracefully
- Creates
-
src/setup-python.ts: Integrated pip configuration into the workflow, running after cache restoration but before package installation
-
tests/utils.test.ts: Added comprehensive unit tests covering:
- Configuration with URL only
- Configuration with credentials
- Empty URL handling
- Partial credential warnings
- Directory creation
-
README.md: Added documentation with usage examples and security notes
Usage Example
steps:
- uses: actions/checkout@v5
- uses: actions/setup-python@v6
with:
python-version: '3.13'
pypi-url: ${{ secrets.PYPI_REPO_URL }}
pypi-username: ${{ secrets.PYPI_USER }}
pypi-password: ${{ secrets.PYPI_PASSWORD }}
- run: pip install -r requirements.txt
Testing
All unit tests pass successfully:
- ✅ Creates pip config file with URL only
- ✅ Creates pip config file with credentials
- ✅ Does nothing when pypiUrl is not provided
- ✅ Warns when only username is provided
- ✅ Warns when only password is provided
- ✅ Creates config directory if it does not exist
Fixes #814
