Add pypi-keyring-provider option

.github/workflows/build.yml

@@ -47,7 +47,7 @@ jobs:
         run: |
           set -euo pipefail
           latest_version="$(jq -r '.version' package.json)"
-          count_expected=19
+          count_expected=20
           count_actual="$(grep -c "setup-pixi@v$latest_version" README.md || true)"
           if [ "$count_actual" -ne "$count_expected" ]; then
             echo "::error file=README.md::Expected $count_expected mentions of \`setup-pixi@v$latest_version\` in README.md, but found $count_actual."

README.md

@@ -213,6 +213,16 @@ You can also specify the session token using the `auth-session-token` input argu
 
 See the [pixi documentation](https://pixi.sh/latest/advanced/s3) for more information about S3 authentication.
 
+#### PyPI keyring provider
+
+You can specify whether to use keyring to look up credentials for PyPI.
+
+```yml
+- uses: prefix-dev/[email protected]
+  with:
+    pypi-keyring-provider: subprocess # one of 'subprocess', 'disabled'
+```
+
 ### Custom shell wrapper
 
 `setup-pixi` allows you to run command inside of the pixi environment by specifying a custom shell wrapper with `shell: pixi run bash -e {0}`.

action.yml

@@ -63,6 +63,10 @@ inputs:
     description: Secret access key to use for S3 authentication.
   auth-s3-session-token:
     description: Session token to use for S3 authentication.
+  pypi-keyring-provider:
+    description: |
+      Specifies whether to use keyring to look up credentials for PyPI.
+      options: disabled, subprocess
   post-cleanup:
     description: |
       If the action should clean up after itself. Defaults to `true`.

src/main.ts

@@ -66,17 +66,23 @@ const pixiInstall = async () => {
   }
   return tryRestoreCache()
     .then(async (_cacheKey) => {
-      if (options.environments) {
-        for (const environment of options.environments) {
-          core.debug(`Installing environment ${environment}`)
-          const command = `install -e ${environment}${options.frozen ? ' --frozen' : ''}${
-            options.locked ? ' --locked' : ''
-          }`
-          await core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
+      const environments = options.environments ?? [undefined]
+      for (const environment of environments) {
+        core.debug(`Installing environment ${environment ?? 'default'}`)
+        let command = `install`
+        if (environment) {
+          command += ` -e ${environment}`
         }
-      } else {
-        const command = `install${options.frozen ? ' --frozen' : ''}${options.locked ? ' --locked' : ''}`
-        return core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
+        if (options.frozen) {
+          command += ' --frozen'
+        }
+        if (options.locked) {
+          command += ' --locked'
+        }
+        if (options.pypiKeyringProvider) {
+          command += ` --pypi-keyring-provider ${options.pypiKeyringProvider}`
+        }
+        await core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
       }
     })
     .then(saveCache)

src/options.ts

@@ -32,6 +32,7 @@ type Inputs = Readonly<{
   authS3AccessKeyId?: string
   authS3SecretAccessKey?: string
   authS3SessionToken?: string
+  pypiKeyringProvider?: 'disabled' | 'subprocess'
   postCleanup?: boolean
 }>
 
@@ -79,6 +80,7 @@ export type Options = Readonly<{
   cache?: Cache
   pixiBinPath: string
   auth?: Auth
+  pypiKeyringProvider?: 'disabled' | 'subprocess'
   postCleanup: boolean
   activatedEnvironment?: string
 }>
@@ -88,6 +90,9 @@ const pyprojectPath = 'pyproject.toml'
 const logLevelSchema = z.enum(['q', 'default', 'v', 'vv', 'vvv'])
 export type LogLevel = z.infer<typeof logLevelSchema>
 
+const pypiKeyringProviderSchema = z.enum(['disabled', 'subprocess'])
+export type PypiKeyringProvider = z.infer<typeof pypiKeyringProviderSchema>
+
 export const PATHS = {
   pixiBin: path.join(os.homedir(), '.pixi', 'bin', `pixi${os.platform() === 'win32' ? '.exe' : ''}`)
 }
@@ -323,8 +328,10 @@ const inferOptions = (inputs: Inputs): Options => {
                 s3SessionToken: inputs.authS3SessionToken
               }) as Auth)
   const postCleanup = inputs.postCleanup ?? true
+  const pypiKeyringProvider = inputs.pypiKeyringProvider
   return {
     pixiSource,
+    pypiKeyringProvider,
     downloadPixi,
     logLevel,
     manifestPath,
@@ -382,6 +389,7 @@ const getOptions = () => {
     authS3AccessKeyId: parseOrUndefined('auth-s3-access-key-id', z.string()),
     authS3SecretAccessKey: parseOrUndefined('auth-s3-secret-access-key', z.string()),
     authS3SessionToken: parseOrUndefined('auth-s3-session-token', z.string()),
+    pypiKeyringProvider: parseOrUndefined('pypi-keyring-provider', pypiKeyringProviderSchema),
     postCleanup: parseOrUndefinedJSON('post-cleanup', z.boolean())
   }
   core.debug(`Inputs: ${JSON.stringify(inputs)}`)