Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Inconsistent documentation: "setenv" is not supported in "global settings" #1999

Closed
AndreyNautilus opened this issue Apr 6, 2021 · 6 comments
Labels
area:documentation help:wanted Issues that have been acknowledged, a solution determined and a PR might likely be accepted.

Comments

@AndreyNautilus
Copy link

tox version: 3.23.0

I want to add an extra pip index to all testenvs, and I've found this documentation: https://tox.readthedocs.io/en/latest/example/basic.html#installing-dependencies-from-multiple-pypi-servers with the following example:

[tox]
setenv =
    PIP_EXTRA_INDEX_URL = https://mypypiserver.org

[testenv]
deps =
    # docutils will be installed directly from PyPI
    docutils
    # mypackage missing at PyPI will be installed from custom PyPI URL
    mypackage

but this doesn't work. In my tox.ini with similar content (the only difference is the package name and the url), mypackage wasn't found. Even more: tox --showconfig didn't show PIP_EXTRA_INDEX_URL env var in setenv section for testenv.

Then I found documentation for "tox global settings" (https://tox.readthedocs.io/en/latest/config.html#tox-global-settings) which doesn't list setenv as an available keyword for the tox section.

If I move setenv from [tox] section to [testenv] section, everything works (as expected, according to the docs: https://tox.readthedocs.io/en/latest/config.html#conf-setenv).

So, my question (or bug report) is:

  • is the documentation inconsistent and the example should be updated to not use setenv in [tox] section
  • or is it a bug in tox and documentation for global settings should include setenv and tox should respect setenv from [tox] section?
@gaborbernat
Copy link
Member

  • is the documentation inconsistent and the example should be updated to not use setenv in [tox] section

This one.

@gaborbernat gaborbernat added area:documentation help:wanted Issues that have been acknowledged, a solution determined and a PR might likely be accepted. labels Apr 6, 2021
@jugmac00
Copy link
Member

jugmac00 commented Apr 6, 2021

additional comments to the current documentation

  • it has to be PyPI and not PYPI
  • relying that a package is not present on PyPI and using a fallback (private) package server could be dangerous, as somebody could register mypackage on PyPI and then you would install a potential harmful package

I read the comment # mypackage missing at PyPI will be installed from custom PyPI URL as we suggest this would be a good idea.

pips documentation is a bit vague what extra-index-url means exactly, or in which order the URLs are used, but I think this means, if a package is not present on the main index url, the extra index url is used as fallback.

I suggest that we either use two private package servers in the example or add a security warning about the potential danger of relying that a package name is unregistered on PyPI.

@gaborbernat What's your take on this?

@gaborbernat
Copy link
Member

IMHO, it's up to the user to configure the tool correctly. That being said, I'm happy with either way, perhaps more practical would be:

add a security warning about the potential danger of relying that a package name is unregistered on

@jugmac00
Copy link
Member

jugmac00 commented Apr 6, 2021

@AndreyNautilus Would you like to create a pull request to update the documentation?

@AndreyNautilus
Copy link
Author

@jugmac00 sure, why not. I'll look into it later this week.

@AndreyNautilus
Copy link
Author

#2016

ssbarnea pushed a commit to ssbarnea/tox that referenced this issue Apr 19, 2021
fixes tox-dev#1999

Co-authored-by: Jürgen Gmach <juergen.gmach@googlemail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:documentation help:wanted Issues that have been acknowledged, a solution determined and a PR might likely be accepted.
Projects
None yet
Development

No branches or pull requests

3 participants