What is the reasoning behind pip-tools not supporting URLs for non-editable installs? Is it possible to introduce a switch to override this behaviour?

For me, It would be great if pip-tools supported non-editable installs from Github repositories. I'd be happy to help implementing this, if you agree.

There's no reason preventing it per se, it's just not been implemented. The main thing that's tricky is to figure out how to distill the dependencies from it, and what name the package ends up with locally when you install it. You cannot derive these properties from the URL itself, you'll need to download the package, unpack it, inspect it. So there's definitely some work involved. If you feel brave, I invite you to try and add it to pip-tools, it'd be a cool feature :)

Thanks for the quick reply! I naively thought we could delegate most of this work to pip :) I will see if I can come up with a solution.

I wonder if an easier short-term solution would be to allow it to pass-through certain lines to the final requirements.txt file. We have some packages that we build and host in-house, and while I would love to get to the point where we have an internal PyPi-like server, right now it's just a zip file at a particular URL. It would be nice to be able to tell pip-compile "Do your normal thing, but just pass-through these lines".

Maybe a --pass-through-urls option?

Sounds like a great idea to me. I never got around to come up with a real solution. This would solve my use-cases and should be reasonably easy to implement.

It looks like there would have to be a corresponding --ignore-urls or similar on the pip-sync side, cause it can't parse them for dependencies (for the same reasons).

405 is related, I think?

“The main thing that's tricky is to figure out how to distill the dependencies from it”

The same issue exists with editable requirements (#466).

“and what name the package ends up with locally when you install it”

This could be solved with the same syntax as editable reqs: add #egg=requirement-name

Here is a PoC for this. Do you think I can continue and make a PR with this kind of stuff ?

from io import BytesIO
from zipfile import ZipFile
import mock
import setuptools
try: # python 3
    from urllib.request import urlopen
except: # python 2
    from urllib import urlopen

url = 'https://github.com/django/django/archive/master.zip'
zipfile = ZipFile(BytesIO(urlopen(url).read()))

for f in zipfile.namelist():
    if f == 'setup.py' or f.endswith('/setup.py'):
        setupfile = f
        break

with mock.patch.object(setuptools, 'setup') as mock_setup:
    exec(zipfile.open(setupfile).read(), {})

_, kwargs = mock_setup.call_args

assert 'pytz' in kwargs['install_requires']

Hum, no. We should use pip download.

Any update on this, could this perhaps be merged?

Is there any news with this? seems like pip-compile-multi isn't covering URL as its based upon pip-compile..

I'm feeling this lack, as well. I was trying to follow a good compile/sync flow, but either they fail if I specify a patch branch for one of my dependencies, or they uninstall my dependency and reinstall the broken pypi version.