The Python Dependency Manager is a tool for managing python projects and their dependencies along with their build. PDM provides PEP-518 compatibility with other Python Packaging solutions via pyproject.toml files.
Publishing PDM Packages to Private Repositories
Gitlab
I want to use PDM to manage a Python project’s dependencies and publish wheels to a private pypi repo inside my company gitlab instance.
Configure PDM
Set the repo credentials - the repository name is defined in the config key repository.<name>.<property> so in the below example it is company.
For use in CI jobs we can set the username to gitlab-ci-token and the password to ${CI_JOB_TOKEN}.
For local use we need a personal access token with read_package_registry and write_package_registry permissions turned on. Then the username becomes __token__ and the password is the corresponding string from the settings page.
pdm config repository.company.url "https://gitlab.domain.com/api/v4/projects/<project_id>/packages/pypi"
pdm config repository.company.username gitlab-ci-token
pdm config repository.company.password ${CI_JOB_TOKEN}Publish The Package with PDM
pdm publish -r companyReference Material
- https://docs.gitlab.com/ee/user/packages/package_registry/index.html
- https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#use-a-job-token-to-clone-a-private-projects-repository
Overriding Downstream Dependencies
In some cases we may need to override dependencies of libraries that we depend on due to bugs or security holes that have been found in 2nd-order deps that have not been addressed by the immediate dependencies yet.
A recent example at time of writing is the relationship between Nvidia Triton‘s Python library and geventhttpclient - version 2.0.2 of which causes problems with SSL connections on Ubuntu which are fixed by version 2.0.11.
We can define specific package overrides via tool.pdm.resolution.overrides and we must also explicitely depend on the version of the library that we care about in the dependencies array like so:
dependencies = [
"tritonclient[http]>=2.43.0",
"geventhttpclient==2.0.11",
]
[tool.pdm.resolution.overrides]
geventhttpclient = "2.0.11"
This will allow pdm install to resolve to the more recent library. However, it does cause wheels generated by pdm build to break pip install runs. uv provides an override flag1.