Skip to main content

Self-hosted PyPI server with automatic updates for Insiders versions of projects.

Project description

PyPI Insiders

ci documentation pypi version gitpod gitter

Self-hosted PyPI server with automatic updates for Insiders versions of projects.

Motivation

Some open source projects follow the sponsorware release strategy, which means that new features are first exclusively released to sponsors as part of an "Insiders" version of the project. This Insiders version is usually a private fork of the public project.

To use the Insiders projects as dependencies, sponsors have two options:

  1. specify the dependency as a Git URL (HTTPS or SSH), or as a direct HTTPS URL to a build artifact
  2. build and store the artifact in a self-hosted PyPI-like index

The first option is problematic when sponsors' projects are also open source, because most of their contributors will probably not have access to the Insiders version. It means they won't be able to resolve the dependency, even less install it locally. As a result, maintainers must specify the public version of the project as a dependency, and override it with the Insiders version in Continuous Integration / Deployment.

In contrast, the second option allows maintainers to specify the dependency normally, i.e. using the same name/identifier as the public version. Maintainers/contributors with access to the Insiders version will resolve and get the Insiders version, while maintainers/contributors without access to the Insiders version will simply get the public one.

However, self-hosting a PyPI-like index, and building artifacts for each new Insiders version is not a trivial, straight-forward task: companies and organizations might already have such a setup (with an Artifactory server, a Google Cloud registry, etc.), but individual contributors often won't, and automatically updating repositories, building artifacts and uploading them requires custom scripts.

In both cases (company setup or individual contributor) PyPI Insiders comes to the rescue, and manages repository/package updates for you. It comes bundled with a PyPI-like index that you can serve locally, and it watches Insiders repositories, building and uploading distributions to your local index (or any other online index) for each new Insiders version getting published.

See below how to install and use PyPI Insiders!

Installation

pip install pypi-insiders

With uv:

uv tool install pypi-insiders

Usage

Run the server with:

pypi-insiders server start

The local PyPI server should be running:

pypi-insiders server status

Now, if you wish, you can configure your tools to use your local index by default:

export PIP_INDEX_URL=http://localhost:31411/simple/
export PDM_PYPI_URL=http://localhost:31411/simple/
export UV_INDEX_URL=http://localhost:31411/simple/

Your local index will give precedence to its own packages, and redirect to PyPI.org if it doesn't know the specified packages. It means that Insiders versions will always take precedence over public versions, even if the latter are higher (more recent).

Configuring your tools with environment variables makes it easy to temporarily "deactivate" your local index:

# This will install directly from PyPI.org.
env -u PIP_INDEX_URL pip install something
env -u PDM_PYPI_URL pdm sync
env -u UV_INDEX_URL uv sync

You can declare a shell alias to make things even simpler:

alias no-insiders='env -u PIP_INDEX_URL -u PDM_PYPI_URL -u UV_INDEX_URL'
no-insiders uv sync

Configure the repositories to watch:

pypi-insiders repos add pawamoy-insiders/devboard:devboard

The format is NAMESPACE/PROJECT:DISTRIBUTION_NAME. Only GitHub projects are supported for now.

List watched repositories:

pypi-insiders repos list

Remove watched repositories:

pypi-insiders repos remove pawamoy-insiders/devboard

Start/stop the local PyPI index, get the server status:

pypi-insiders server start
pypi-insiders server status
pypi-insiders server stop

Update all packages from watched repositories:

pypi-insiders update

Update a specific package:

pypi-insiders update pawamoy-insiders/devboard

Start/stop the watcher, get the watcher status:

pypi-insiders watcher start
pypi-insiders watcher status
pypi-insiders watcher stop

Show logs of the server/watcher:

pypi-insiders server logs
pypi-insiders watcher logs

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pypi_insiders-1.0.0.tar.gz (44.6 kB view details)

Uploaded Source

Built Distribution

pypi_insiders-1.0.0-py3-none-any.whl (21.1 kB view details)

Uploaded Python 3

File details

Details for the file pypi_insiders-1.0.0.tar.gz.

File metadata

  • Download URL: pypi_insiders-1.0.0.tar.gz
  • Upload date:
  • Size: 44.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for pypi_insiders-1.0.0.tar.gz
Algorithm Hash digest
SHA256 6dd99abd42897ee6ddb08791e6b4653473b58ec95f01150c7ad5a16228caed8f
MD5 e2ea6b697b999aee4598a597219a31b8
BLAKE2b-256 3191835e8310b765cac893ec1485b15e4c6f1f944e2a22e2d286d57518b3ef46

See more details on using hashes here.

File details

Details for the file pypi_insiders-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pypi_insiders-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 adbfabec6979cf0b2ce94b386c209137ba6e711ff5cb996239284517f556fee6
MD5 8da21966b809445b57c75544dab7fca4
BLAKE2b-256 70041449481fa01031e19d43cb113d1282947e0c49556118d1d9bc118ff285f7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page