Our company develops and internally distributes several python packages as wheels and sdists. We are attempting to consolidate the deployment location in order to provide a better end-user installation process for our internal packages.
From an end-user’s perspective, are there advantages to using a repository that supports PEP 503-compliant API endpoints over a file system (like a GitLab registry)?
It seems that pip can be configured to install from either format without issues using either --find-links or --index-url (or --extra-index-url). Poetry does not yet seem to support this:
My understanding is that a PyPI-like repository makes dependency resolution much more efficient for installers (like pip). In many cases pip does not need to download and inspect a distribution (source or wheel) to decide if it as a good match for dependency resolution, because PyPI serves metadata besides the distribution that contains enough information for pip to realize that the distribution would not be a good match.
There’s no standard on how the directory should be structured or anything, so you’re at the mercy of your installer (e.g., pip might be your only option).
Correct, you avoid having to get a wheel and unzip the METADATA file from the wheel compared to directly getting the METADATA file itself in order to do dependency resolution.
After that is probably implementations simply not optimizing for this specific case. If you mix downloading and reading from the file system to get info you makes your installer have to handle both potential scenarios compared to just the downloading one. Now an installer could stand up a simple index server on your behalf to try and abstract out your file system to look like an index server, but then I’m sure some folks will have issues around opening a local port, security concerns, etc.
You can also use simpleindex to run a lightweight local server over one or more file system directories that works like PyPI. You can even filter by name, and forward some packages to a real index server.