Use private packages
Packages that are publicly available on PyPI can be specified in your app's
file to become available in your app as dependency, as shown here. But
sometimes you might want to add a package that is only available privately (e.g. code stored on a centralized
repository within the company to be reused in multiple apps). There are different options to make such a package
available in a (published) app, without the need to copy the code manually into your app folder:
The easiest way to add an app-dependency is to copy the package code (as a sub-folder) into your app folder. A disadvantage of this approach is that if the package is maintained in a separate repository, the copied code needs to be manually updated to receive the latest additions or bugfixes. This problem can be resolved by adding the dependency as a Git submodule to your app. Obviously, this requires your app code itself to be a Git repository.
Add an existing Git repository as a submodule to your app by:
git submodule add https://my-package-repository-url app/submodules/my-package
All code, including the submodules, must reside (in a sub-folder) within the 'app' folder to be available in production.
This will copy the repository's content in a sub-folder
submodules/my-package/ within your app folder, and creates a
.gitmodules file in your project folder that stores the mapping between the package URL and local path.
Updating your app including all submodules can be done with:
git pull --recurse-submodules
Cloning a project including all submodules to your local hard disk can be done by:
git clone --recurse-submodules https://my-project-repository-url
All ins and outs of using Git submodules can be found on the Git website.
Publish your package on a private PyPI
Another way to make a private package available in an app is to publish it on a private PyPI. This way the code is not copied in your app, but handled as any other package dependency. Moreover, access can even be restricted by means of authentication credentials.
Examples of platforms that allow for hosting your own packages, are:
Instructions on how to host your private package on each platform can be found in the corresponding links.
The hosted package can then be added in your app's
requirements.txt file, as follows:
If the private package index is protected by means of authentication credentials, this can be passed using the
VIKTOR_APP_SECRET environmental variable, as follows:
In order for
VIKTOR_APP_SECRET to be available in production, the variable must be set manually on the server. Please
contact email@example.com with your request. This must be done after creating your app on the VIKTOR environment,
but before publishing your app with the private dependency.
For security reasons, we advise against hard-coding the authentication credentials in
requirements.txt, prefer to use
Keep in mind though that when using
VIKTOR_APP_SECRET as shown above, no post-processing will be performed on the
VIKTOR_APP_SECRET can, in that case, not be used to pass any
additional secrets using concatenation (