Python packages can be installed into your image from both public and private sources. To install packages listed on private PyPI indices or a private git-based repository, you need to complete additional configuration in your project.
Depending on where your private packages are stored, use one of the following setups to install these packages to an Astro project by customizing your Runtime image.
This topic provides instructions for building your Astro project with Python packages from a private GitHub repository. Although GitHub is used in these examples, the same approach works with any hosted Git repository.
Use the --build-secrets flag to pass .netrc credentials at build time. This approach lets you add private packages to your requirements.txt file without custom Dockerfile configuration.
Add your private packages to your requirements.txt file using HTTPS URLs in the following format:
For example, to install mypackage1 and mypackage2 from myorganization:
Define the NETRC_CONTENT environment variable in your shell profile (.bashrc or .zshrc):
If you don’t use the GitHub CLI, replace $(gh auth token) with a GitHub personal access token that has access to your private repositories.
Pass the --build-secrets flag when running Astro CLI commands:
To run tests:
The --build-secrets flag securely provides the .netrc content during the Docker build without storing credentials in the image.
To build your image in a GitHub Actions workflow, pass the .netrc content as a build secret:
To deploy using the Astronomer deploy action, pass the .netrc content through build-secrets and set the NETRC_CONTENT environment variable: