Add flags to disable pypi.org and add own private pip repository links

[ianpye]

Currently, when creating a conda-lock file using environment.yml, poetry will attempt to make a request to pypi.org, with the user being unable to disable it, resulting in a conda-lock exception when used in an environment that does not allow access to pypi.org. It is only currently possible to make such configurations when creating lock files using pyproject.toml.

With these 2 CLI flags, we will be able to both separately disable requests to pypi.org and add our own private mirror links.

[netlify]

✅ Deploy Preview for conda-lock ready!

Name	Link
🔨 Latest commit	436b16b
🔍 Latest deploy log	https://app.netlify.com/sites/conda-lock/deploys/66e4ac30c0c17f000871916c
😎 Deploy Preview	https://deploy-preview-590--conda-lock.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[maresb]

Adding a CLI flag to disable PyPI makes a lot of sense to me, and seems straightforward.

Are you able to add private repos from environment.yml like this example? I'm hesitant to add another a CLI method to specify private repos, in particular because the environment variable substitution for credentials would be messy. (It'll be difficult to know if the substitution is being done by Bash or conda-lock.)

[ianpye]

I do agree that the environment variable substitution for credentials would be very messy.

However, I believe that having an additional flag would still provide some value as it would be inconvenient from a user's experience perspective where they would have to carry out any additional actions and edit the environment.yml file before being able to create a lock file from it, especially if they would solely like to add a simple mirror to replace the https://pypi.org link.

How do you feel about this? Thank you for your time!

[ianpye]

Hi @maresb do you have any updates on this issue? Thanks!

[Simard302]

I am very happy to see this PR. My server can not consistently connect to pypi.org and I need to disable it to use mirrors instead. For now, I had to avoid using conda-lock entirely until this is resolved.

@ianpye @maresb what is the status of this PR. If any help is needed, I am happy to contribute.

[maresb]

I apologize for not finding more time to dedicate to conda-lock and to see through features like this.

Glancing over this, it seems very straightforward. I don't think this is problematic. If either of you @ianpye or @Simard302 could rebase this I think I could merge and release it, although it could take some days for me to respond.

In general if you're dealing with mixed Conda and pip dependencies I think you'd be better served with pixi. Their support for mixed environments is quite a bit more stable. But I'm not sure how far along they are with private repo support.