Skip to content

feat: Add support for private PyPI repositories #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
yustme wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: Add support for private PyPI repositories #25

yustme wants to merge 1 commit into from

Conversation

@yustme
Copy link

@yustme yustme commented Jan 9, 2026

Summary

Adds support for private PyPI repositories (e.g., Artifactory, Nexus) in the custom Python component. Users can now configure a private PyPI repository as an additional package index alongside the public PyPI.

Configuration options added:

  • enabled: Toggle to enable/disable the feature
  • url: Private PyPI repository URL (PEP 503 compliant simple index)
  • username: Optional username for authentication
  • #password: Encrypted password/token for authentication

The implementation uses uv's environment variables (UV_INDEX, UV_INDEX_PRIVATE_USERNAME, UV_INDEX_PRIVATE_PASSWORD) to configure the additional index and authentication.

Review & Testing Checklist for Human

  • Verify UV_INDEX format: Confirm that UV_INDEX=private=<url> is the correct format for uv to recognize an additional index. The uv docs suggest this should work but needs verification.
  • Test with actual private PyPI: This has not been tested end-to-end with a real Artifactory/Nexus instance. Test with both authenticated and unauthenticated private repositories.
  • Verify encrypted password mapping: The schema uses #password which should map to encrypted_password via the encrypted_keys function - verify this works correctly.
  • Check uv sync behavior: When using Git source with pyproject.toml/uv.lock, verify that uv sync --inexact respects the UV_INDEX environment variable.

Recommended test plan:

  1. Configure a test private PyPI repository (or use an existing Artifactory instance)
  2. Create a component configuration with private_pypi.enabled=true and valid credentials
  3. Test installing a package that only exists in the private repository
  4. Verify both CODE and GIT source modes work correctly

Notes

Note: _setup_private_pypi_env is called redundantly in install_packages_for_repository (once directly, once via install_packages). This is harmless but could be cleaned up.

Link to Devin run: https://app.devin.ai/sessions/a858822356fb4c66962081b4b638ee82
Requested by: Vojta Tuma (@yustme)

Release Notes

Justification, description

Adds support for private PyPI repositories to enable users to install packages from internal package indexes like Artifactory or Nexus.

Plans for Customer Communication

N/A

Impact Analysis

Low risk - feature is opt-in and disabled by default. Existing configurations without private_pypi will continue to work unchanged.

Deployment Plan

N/A

Rollback Plan

N/A

Post-Release Support Plan

N/A

@devin-ai-integration @yustme
feat: add support for private PyPI repositories
1e3e290 
Add configuration options for private PyPI repository (Artifactory, Nexus, etc.)
to install packages from. The private repository is used as an additional index
alongside the public PyPI.

Configuration includes:
- enabled: boolean to enable/disable the feature
- url: the private PyPI repository URL (PEP 503 compliant)
- username: optional username for authentication
- password: encrypted password/token for authentication

The implementation uses uv's UV_INDEX environment variable to configure the
additional index, and UV_INDEX_PRIVATE_USERNAME/PASSWORD for authentication.

Co-Authored-By: Vojta Tuma <[email protected]>
@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Jan 9, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@yustme yustme

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yustme