Use private packages
Packages that are publicly available on PyPI can be specified in your app's requirements.txt
file to become available in your app as dependency, as shown here. But
sometimes you might want to add a package that is only available privately (e.g. code stored on a centralized
repository within the company to be reused in multiple apps). There are different options to make such a package
available in a (published) app, without the need to copy the code manually into your app folder:
Git submodule
The easiest way to add an app-dependency is to copy the package code (as a sub-folder) into your app folder. A disadvantage of this approach is that if the package is maintained in a separate repository, the copied code needs to be manually updated to receive the latest additions or bugfixes. This problem can be resolved by adding the dependency as a Git submodule to your app. Obviously, this requires your app code itself to be a Git repository.
Add an existing Git repository as a submodule to your app by:
git submodule add https://my-package-repository-url app/submodules/my-package
All code, including the submodules, must reside (in a sub-folder) within the 'app' folder to be available in production.
This will copy the repository's content in a sub-folder submodules/my-package/ within your app folder, and creates a
.gitmodules file in your project folder that stores the mapping between the package URL and local path.
Updating your app including all submodules can be done with:
git pull --recurse-submodules
Cloning a project including all submodules to your local hard disk can be done by:
git clone --recurse-submodules https://my-project-repository-url
All ins and outs of using Git submodules can be found on the Git website.
Install from a Git repository
Alternatively, it is possible to install a Python package directly from a (private) Git repository host. For example,
it is possible to install my-package that is hosted on the URL https://github.com/my-user-account/my-package
by adding the line below to requirements.txt. Additionally, you can install a specific branch or tag by appending an @
followed by the reference to the url, for example @v1.2.3.
my-package@git+https://${MY_USER}:${MY_PASSWORD}@github.com/my-user-account/my-package
For security reasons, we advise against hard-coding the authentication credentials in requirements.txt, prefer to use
environment variables instead.
Publish your package on a private PyPI
Another way to make a private package available in an app is to publish it on a private PyPI. This way the code is not copied in your app, but handled as any other package dependency. Moreover, access can even be restricted by means of authentication credentials.
Examples of platforms that allow for hosting your own packages, are:
- GitLab - Package Registry
- Microsoft Azure - Azure Artifacts
Instructions on how to host your private package on each platform can be found in the corresponding links.
The hosted package can then be added in your app's requirements.txt file, as follows:
--extra-index-url https://my-private-package-index-url
my-private-package
If the private package index is protected by means of authentication credentials, this can be passed using environment variables:
--extra-index-url https://${MY_USER}:${MY_PASSWORD}@my-private-package-index-url
my-private-package
For security reasons, we advise against hard-coding the authentication credentials in requirements.txt, prefer to use
environment variables instead.