Standard for uploads to package repositories

While commenting on the global package index configuration PEP I realised I don’t know if the PyPI upload API is standardised anywhere. I can’t find anything on packaging.python.org, and the Warehouse docs just explain API URL and fields (here) but not how the server should handle the request.

I did find PEP 301 which talks about an upload API for distutils, but it looks different to Warehouse’s.

Is there a specification (PEP or otherwise) of the upload API, or do other package repositories have to copy Warehouse as the de facto implementation?

This is what Artifactory has been doing AFAIK…

2 Likes

GitLab mentions twine in their official docs, on uploading pypi packages to its own pypi registry:
PyPI packages in the Package Registry | GitLab

But I don’t know if they copied the warehouse implementation or not.

2 Likes

Is it though?.. Not sure if I’m understanding this correctly, but even the HTTP error codes are different from Artifactory, so I don’t think so. This thing has been my pet peeve for some time now. E.g. if you upload the same distribution again, and the repo doesn’t allow for overwrites, you get (this list is 1 year old, had it in my notes):

  • Artifactory: Upload failed (403): Forbidden
  • Nexus: Upload failed (400): Repository does not allow updating assets: <group name>
  • pypiserver: Upload failed (409): Conflict
  • devpi: Server response (200): OK - doesn’t care when using basic configuration
  • pypi.org: Upload failed (400): File already exists.
  • pydist.com: Upload failed (400): File already exists; overwriting is not allowed. Create a new release by changing the version number.
1 Like

This is not standardized, at this time.

The place that we’ve been “informally” aggregating and documenting progress/interest in this effort is Document data format for upload API · Issue #3151 · pypa/warehouse · GitHub.

2 Likes