Skip to content

Comments

Preserve Git username for SSH dependencies#6335

Merged
charliermarsh merged 1 commit intomainfrom
charlie/git-at
Aug 21, 2024
Merged

Preserve Git username for SSH dependencies#6335
charliermarsh merged 1 commit intomainfrom
charlie/git-at

Conversation

@charliermarsh
Copy link
Member

@charliermarsh charliermarsh commented Aug 21, 2024
edited
Loading

Summary

We're gonna work on a more comprehensive review of whether we should preserve the username here, but for now, git@ is effectively a convention for GitHub and GitLab etc.

Closes #6305.

Test Plan

I guess we don't have infrastructure for testing SSH private keys right now, but...

❯ cargo run init foo
❯ cd foo
❯ cargo run add git+ssh://[email protected]/astral-sh/mkdocs-material-insiders.git

@charliermarsh charliermarsh requested a review from zanieb August 21, 2024 15:01
@charliermarsh
Copy link
Member Author

charliermarsh commented Aug 21, 2024

Adding tests...

zanieb
zanieb reviewed Aug 21, 2024
View reviewed changes
crates/pypi-types/src/requirement.rs Outdated
Comment on lines 766 to 773
if url.username() == "git" && url.password().is_none() {
return;
}
let _ = url.set_password(None);
let _ = url.set_username("");
Copy link
Member

@zanieb zanieb Aug 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems weird, shouldn't we always drop the password and conditionally drop the username? Or is this just for SSH credentials? A comment would be helpful if so.

Copy link
Member Author

@charliermarsh charliermarsh Aug 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The password is required to be None in the return case though.

Copy link
Member

@zanieb zanieb Aug 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes.. I expect:

let _ = url.set_password(None);
if url.username() != "git" {
    let _ = url.set_username("");
}

or for the documentation to properly declare that we only allow git if it doesn't have an associated password. Otherwise.. git:[email protected] would redact both git and foo.

Copy link
Member Author

@charliermarsh charliermarsh Aug 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a comment + ssh guard.

@charliermarsh charliermarsh force-pushed the charlie/git-at branch 2 times, most recently from 47db04c to 6f684fb Compare August 21, 2024 15:05
@charliermarsh charliermarsh requested a review from zanieb August 21, 2024 15:05
@charliermarsh charliermarsh added the bug Something isn't working label Aug 21, 2024
zanieb
zanieb reviewed Aug 21, 2024
View reviewed changes
@charliermarsh charliermarsh merged commit d627dea into main Aug 21, 2024
@charliermarsh charliermarsh deleted the charlie/git-at branch August 21, 2024 15:22
@BrewTestBot BrewTestBot mentioned this pull request Aug 22, 2024
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Aug 22, 2024
@tmeijn
build(deps): update astral-sh/uv to v0.3.1
5d5f5e6 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.3.0` -> `0.3.1` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.3.1`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#031)

[Compare Source](astral-sh/uv@0.3.0...0.3.1)

##### Enhancements

-   Add `--with-editable` support to `uv run` ([#&#8203;6262](astral-sh/uv#6262))
-   Respect `.python-version` files and `pyproject.toml` in `uv python find` ([#&#8203;6369](astral-sh/uv#6369))
-   Allow manylinux compatibility override via `_manylinux` module ([#&#8203;6039](astral-sh/uv#6039))

##### CLI

-   Avoid treating `uv add -r` as `--raw-sources` ([#&#8203;6287](astral-sh/uv#6287))

##### Bug fixes

-   Always invoke found interpreter when `uv run python` is used ([#&#8203;6363](astral-sh/uv#6363))
-   Avoid adding extra newline for script with non-empty prelude ([#&#8203;6366](astral-sh/uv#6366))
-   Fix metadata cache instability for lockfile ([#&#8203;6332](astral-sh/uv#6332))
-   Handle Ctrl-C properly in `uvx` invocations ([#&#8203;6346](astral-sh/uv#6346))
-   Ignore workspace discovery errors with `--no-workspace` ([#&#8203;6328](astral-sh/uv#6328))
-   Invalidate `uv.lock` when virtual `dev-dependencies` change ([#&#8203;6291](astral-sh/uv#6291))
-   Make cache robust to removed archives ([#&#8203;6284](astral-sh/uv#6284))
-   Preserve Git username for SSH dependencies ([#&#8203;6335](astral-sh/uv#6335))
-   Respect `--no-build-isolation` in `uv add` ([#&#8203;6368](astral-sh/uv#6368))
-   Respect `.python-version` files in `uv run` outside projects ([#&#8203;6361](astral-sh/uv#6361))
-   Use `sys_executable` for `uv run` invocations ([#&#8203;6354](astral-sh/uv#6354))
-   Use atomic write for `pip compile` output ([#&#8203;6274](astral-sh/uv#6274))
-   Use consistent logic for deserializing short revisions ([#&#8203;6341](astral-sh/uv#6341))

##### Documentation

-   Remove the preview default value of `python-preference` ([#&#8203;6301](astral-sh/uv#6301))
-   Update env vars doc about `XDG_*` variables on macOS ([#&#8203;6337](astral-sh/uv#6337))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zanieb zanieb zanieb approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

installing private repo in Dockerfile fails with uv, works with poetry

2 participants

@charliermarsh @zanieb