Disable adding github token in requirements.txt from pip-compile

Question

I have a file requirements.in with below context:

.
.
.
git+https://${GITHUB_TOKEN}@github.com/company/some-lib-name.git@v1.4.0
pyzipcode3==2.2
pytz==2019.3
timezonefinder==4.1.0
sqlalchemy==1.2.18

Private lib is downloaded from company's github repo over token.

My problem is that ${GITHUB_TOKEN} is replaced with real token and stored in requirements.txt when I call pip-compile, how to remove token from requirements.txt?

My output looks like for requirements.txt:

some-lib-name @ git+https://ghp_MY_REAL_GITHUB_KEY@github.com/company/some-lib-name.git@v1.4.0
    # via -r requirements.in
s3transfer==0.2.1
    # via boto3

I am using python 3. How to get requirements.txt without real github_token in this file? Can I get format as in requirements.in (git+https://${GITHUB_TOKEN}@github.com/company/some-lib-name.git@v1.4.0)

score 1 · Answer 1 · answered Oct 08 '21 at 19:53

1

Currently, pip-tools expands all environments in requirements.in while compiles requirements.txt. There is an open issue, see #966. See also this comment for suggested workarounds.

answered Oct 08 '21 at 19:53

Albert Tugushev

1,504
13
25

Disable adding github token in requirements.txt from pip-compile

1 Answers1