Issue with CI building package and pypi credentials

I am trying to build a package in a CI workflow using the build package. By default the build package does the build in an isolated environment. My problem is that, in my CI workflow, I need certain credential for the pip repository I am using. The isolated build environment does not inherit those credentials and is, thus, unable to install the build dependencies.

My workaround is to use python3 -m build --no-isolation and manually install the dependencies from pyproject.toml [build-system][requires] into the local environment. This works but requires the [build-system][requires] dependencies to be manually copied into the CI script. And there is an opportunity for divergence is the [build-system][requires] changes but the CI script doesn’t.

ChatGPT gave me idea/code to do something like

$(python -c "import toml; print(' '.join(toml.load('pyproject.toml')['build-system']['requires']))")

to use python to read the dependencies. I could then store the result into a variable and use that variable in a pip install process. But this feels hacky/fragile. ChatGPT didn’t give me ideas that I found better than this.

Is there a better way to accomplish my goal using build? I haven’t looked into hatch or poetry or any other build tools but it would be frustrating if this is the one thing that would make me prefer one of those since they seem unnecessarily heavyweight for what I’m trying to do.

Depending on which CI. E.g. On Azure DevOps there’s a task you could use for authenticating to a private registry.

I might misunderstand, but I don’t think that addresses my question. I know how to authenticate my pip registry in the CI local environment. What I don’t know is how to authenticate it in the isolated environment within my local environment that is created and used by the build package.

CI script is a Jenkinsfile for Jenkins pipeline. build backend is setuptools.build_meta.

Maybe there’s a way to pass the pip credential through to the isolated build environment?

Maybe this is a quirk of some implementation details about how I’m doing the CI.

Some research seems to indicate that the pip inside the isolated environment does inherit the pip configuration from the local environment. If so, that would be an answer to my question. Not sure if I can make something like that work in my workflow or not, but I would be happy to know the answer here.