Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Let's grant a-team permission to upload (certain) pypi packages



Release Engineering
3 years ago
3 months ago


(Reporter: pmoore, Unassigned)


Firefox Tracking Flags

(Not tracked)




3 years ago
Currently ateam has to request a package to be uploaded to pypi server.

Maybe we can grant them access, to avoid a releng bottleneck?

What are your thoughts on this dustin? I think setuptools provides a publish mechanism, but I don't know if that is compatible with our setup on the web heads. (something like python sdist upload ?) or maybe pip has a similar mechanism? Not sure what we need on the relengwebadm side though to achieve this, and how we'd handle authentication/authorization?

This might be more suitable than setting up full ssh access. Also not sure how we would make sure a-team couldn't accidentally change releng existing packages...

This could be one of the steps in line with our goal this year to eliminate monkey work from build duty.


3 years ago
Summary: Let's grant a team permission to upload (certain) pypi packages → Let's grant a-team permission to upload (certain) pypi packages
To be honest, I don't have any good ideas on how to solve this.  The sdist upload stuff seems to hard-code

The closest thing I can think of at Mozilla is the tooltool uploads, and that wound up being a decent amount of infrastructure (a dedicated VM, with a lot of puppety goodness to handle ssh logins).

Other options I can think of:

 * a checked-in manifest somewhere with names, URLs, and hashes
   - and a crontask to update that manifest and download anything not already in place
   - benefit: hashes checked regularly on all packages
   - benefit: automatically get history on why package X was added, from 'hg blame'
   - downside: delay between checkin and package appearing

 * an LDAP-authenticated webapp allowing uploads
   - this could check for filename collisions by opening files with O_EXCL
   - could be part of relengapi (meaning uploads could be scripted using tokens!)

My plate's a little full to do much of the work on either of those, but I'm happy to work with someone else!

Comment 2

a year ago
Shall we close this as WONTFIX now? Or are there any new mechanisms e.g. in RelEngAPI that would enable this?
Flags: needinfo?(dustin)
Last Resolved: a year ago
Flags: needinfo?(dustin)
Resolution: --- → WONTFIX


3 months ago
Component: Tools → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.