Tox: Inconsistent documentation: "setenv" is not supported in "global settings"

Created on 6 Apr 2021  路  6Comments  路  Source: tox-dev/tox

tox version: 3.23.0

I want to add an extra pip index to all testenvs, and I've found this documentation: https://tox.readthedocs.io/en/latest/example/basic.html#installing-dependencies-from-multiple-pypi-servers with the following example:

[tox]
setenv =
    PIP_EXTRA_INDEX_URL = https://mypypiserver.org

[testenv]
deps =
    # docutils will be installed directly from PyPI
    docutils
    # mypackage missing at PyPI will be installed from custom PyPI URL
    mypackage

but this doesn't work. In my tox.ini with similar content (the only difference is the package name and the url), mypackage wasn't found. Even more: tox --showconfig didn't show PIP_EXTRA_INDEX_URL env var in setenv section for testenv.

Then I found documentation for "tox global settings" (https://tox.readthedocs.io/en/latest/config.html#tox-global-settings) which doesn't list setenv as an available keyword for the tox section.

If I move setenv from [tox] section to [testenv] section, everything works (as expected, according to the docs: https://tox.readthedocs.io/en/latest/config.html#conf-setenv).

So, my question (or bug report) is:

  • is the documentation inconsistent and the example should be updated to not use setenv in [tox] section
  • or is it a bug in tox and documentation for global settings should include setenv and tox should respect setenv from [tox] section?
documentation wanted
Source
picture AndreyNautilus
👍2

Most helpful comment

@jugmac00 sure, why not. I'll look into it later this week.

picture AndreyNautilus on 7 Apr 2021
2

All 6 comments

  • is the documentation inconsistent and the example should be updated to not use setenv in [tox] section

This one.

gaborbernat picture gaborbernat on 6 Apr 2021
👍1

additional comments to the current documentation

  • it has to be PyPI and not PYPI
  • relying that a package is not present on PyPI and using a fallback (private) package server could be dangerous, as somebody could register mypackage on PyPI and then you would install a potential harmful package

I read the comment # mypackage missing at PyPI will be installed from custom PyPI URL as we suggest this would be a good idea.

pips documentation is a bit vague what extra-index-url means exactly, or in which order the URLs are used, but I think this means, if a package is not present on the main index url, the extra index url is used as fallback.

I suggest that we either use two private package servers in the example or add a security warning about the potential danger of relying that a package name is unregistered on PyPI.

@gaborbernat What's your take on this?

jugmac00 picture jugmac00 on 6 Apr 2021

IMHO, it's up to the user to configure the tool correctly. That being said, I'm happy with either way, perhaps more practical would be:

add a security warning about the potential danger of relying that a package name is unregistered on

gaborbernat picture gaborbernat on 6 Apr 2021

@AndreyNautilus Would you like to create a pull request to update the documentation?

jugmac00 picture jugmac00 on 6 Apr 2021

@jugmac00 sure, why not. I'll look into it later this week.

AndreyNautilus picture AndreyNautilus on 7 Apr 2021
2

https://github.com/tox-dev/tox/pull/2016

AndreyNautilus picture AndreyNautilus on 11 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pytoxbot picture pytoxbot  路  3Comments
moggers87 picture moggers87  路  3Comments
obestwalter picture obestwalter  路  5Comments
jugmac00 picture jugmac00  路  3Comments
pytoxbot picture pytoxbot  路  4Comments