diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-25 18:10:33 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-25 18:10:33 +0300 |
commit | a8c1bc6f757ecacbc3481e52a3f4cefb6c6db5fd (patch) | |
tree | 7ba85d57835274f11674c33155e68b6af33f2687 /doc/user/packages/pypi_repository | |
parent | 76ef00aac974a463243dcda6f692b17ff5d439bc (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/packages/pypi_repository')
-rw-r--r-- | doc/user/packages/pypi_repository/index.md | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/user/packages/pypi_repository/index.md b/doc/user/packages/pypi_repository/index.md index 1708bfdf2e5..a4d17595ddd 100644 --- a/doc/user/packages/pypi_repository/index.md +++ b/doc/user/packages/pypi_repository/index.md @@ -316,6 +316,8 @@ more than once, a `404 Bad Request` error occurs. ## Install a PyPI package +### Install from the project level + To install the latest version of a package, use the following command: ```shell @@ -350,6 +352,33 @@ Installing collected packages: mypypipackage Successfully installed mypypipackage-0.0.1 ``` +### Install from the group level + +To install the latest version of a package from a group, use the following command: + +```shell +pip install --index-url https://<personal_access_token_name>:<personal_access_token>@gitlab.example.com/api/v4/groups/<group_id>/packages/pypi/simple --no-deps <package_name> +``` + +In this command: + +- `<package_name>` is the package name. +- `<personal_access_token_name>` is a personal access token name with the `read_api` scope. +- `<personal_access_token>` is a personal access token with the `read_api` scope. +- `<group_id>` is the group ID. + +In these commands, you can use `--extra-index-url` instead of `--index-url`. However, using +`--extra-index-url` makes you vulnerable to dependency confusion attacks because it checks the PyPi +repository for the package before it checks the custom repository. `--extra-index-url` adds the +provided URL as an additional registry which the client checks if the package is present. +`--index-url` tells the client to check for the package at the provided URL only. + +If you're following the guide and want to install the `MyPyPiPackage` package, you can run: + +```shell +pip install mypypipackage --no-deps --index-url https://<personal_access_token_name>:<personal_access_token>@gitlab.example.com/api/v4/groups/<your_group_id>/packages/pypi/simple +``` + ### Package names GitLab looks for packages that use |