Skip to content

feat: add a Makefile goal simple-index that generates a PEP-503 compatible Simple Index directory inside the dist #947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: add a Makefile goal simple-index that generates a PEP-503 compatible Simple Index directory inside the dist #947

wants to merge 5 commits into from

Conversation

jenstroeger
Copy link
Owner

@jenstroeger jenstroeger commented Jun 2, 2025
edited
Loading

As discussed with @behnazh this changes makes available a PEP-503 compatible Simple Repository directory inside of our dist/ directory.

We can now use pip and its --extra-index-url argument to install packages, including support for their package hashes. For example to install the binary package (pip’s default):

> pip install --extra-index-url file:///path/to/dist/simple-index/ package
Looking in indexes: https://pypi.org/simple, file:///path/to/dist/simple-index/
Processing /path/to/dist/simple-index/package/package-2.16.0-py3-none-any.whl
Installing collected packages: package
Successfully installed package-2.16.0

or the source package (purge the pip cache first!):

> pip install --extra-index-url file:///path/to/dist/simple-index/ --no-binary package package
Looking in indexes: https://pypi.org/simple, file:///path/to/dist/simple-index/
Processing /path/to/dist/simple-index/package/package-2.16.0.tar.gz
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: package
  Building wheel for package (pyproject.toml) ... done
  Created wheel for package: filename=package-2.16.0-py3-none-any.whl size=13457 sha256=9791036dfa1a658e1e43afaa41404a126f3e01b8f36ccc1f98551bbfe50c1da4
  Stored in directory: /path/to/pip/wheels/03/64/4f/969f1993221587084c494fb7687826621c9273963119358c62
Successfully built package
Installing collected packages: package
Successfully installed package-2.16.0

or from the generated requirements file using package hashes:

> pip install --extra-index-url file:///path/to/dist/simple-index/ --require-hashes --requirement package-2.16.0-requirements.txt 
Looking in indexes: https://pypi.org/simple, file:///path/to/dist/simple-index/
...
Processing /path/to/dist/simple-index/package/package-2.16.0-py3-none-any.whl (from -r package-2.16.0-requirements.txt (line 982))
...

Should we mention/document this in the README, or is the comment in the Makefile enough?

@jenstroeger
feat: add a Makefile goal simple-index that generates a PEP-503 com…
a94e221 
…patible Simple Index directory inside the dist
@jenstroeger jenstroeger requested a review from behnazh as a code owner June 2, 2025 09:28
jenstroeger
jenstroeger commented Jun 2, 2025
View reviewed changes
@jenstroeger jenstroeger mentioned this pull request Jun 3, 2025
Merged
@jenstroeger
Copy link
Owner Author

jenstroeger commented Jun 4, 2025
edited
Loading

Hmm, should we call the Makefile goal simple-repo (because as per PEP-503 this is a simple repository API) instead of simple-index? But then the pip command line option is called --extra-index-url so the generated folder is an “index” implementing the Simple Repo API. Maybe call the goal extra-index?

🤷🏻‍♂️

@jenstroeger
Copy link
Owner Author

@behnazh the generated package/index.html file in the simple index

<!-- https://peps.python.org/pep-0503/ -->
<!DOCTYPE html>
  <html>
    <head><meta name='pypi:repository-version' content='1.3'></head>
    <body>
      <a href='package-2.16.0-py3-none-any.whl'>package-2.16.0-py3-none-any.whl</a>
      <a href='package-2.16.0.tar.gz'>package-2.16.0.tar.gz</a>
    </body>
</html>

does not make use of digest hashes as recommended in the specification:

The URL SHOULD include a hash in the form of a URL fragment with the following syntax: #<hashname>=<hashvalue>, where <hashname> is the lowercase name of the hash function (such as sha256) and <hashvalue> is the hex encoded digest.

We should probably add that and I think that would look something like this:

<a href='package-2.16.0-py3-none-any.whl#sha256=82a57ea6a6ec2cea54501b4798dd4684b3666fde92ba1bb524f37791b1ef810b'>package-2.16.0-py3-none-any.whl</a>
<a href='package-2.16.0.tar.gz#sha256=f75bb93f5b3097a3c8f93c3bc4bc357fc17e1db266fd2de04dab76c236e247c9'>package-2.16.0.tar.gz</a>

@behnazh
Copy link
Collaborator

behnazh commented Jun 14, 2025

Thanks for this PR, it's great.

Should we mention/document this in the README, or is the comment in the Makefile enough?
Yes, that's a good idea.

@behnazh
Copy link
Collaborator

behnazh commented Jun 14, 2025

Can we test this feature somehow in _build.yaml GitHub Action?

@jenstroeger
Copy link
Owner Author

Can we test this feature somehow in _build.yaml GitHub Action?

Hmm… you mean to use the simple index 🤔 Probably if we would add a Docker file? Hmm…

@behnazh
Copy link
Collaborator

behnazh commented Sep 10, 2025

Can we test this feature somehow in _build.yaml GitHub Action?

Hmm… you mean to use the simple index 🤔 Probably if we would add a Docker file? Hmm…

I don't think you would need to use a Docker file. You can test it in a separate job perhaps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@behnazh behnazh behnazh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jenstroeger @behnazh