HOWTO: Proxy OSS Conda Packages from Public Repositories
With ProGet teams can proxy packages from public repositories such as Anaconda Packages or Conda Forge and consume them in their projects as they would if they were pulling from the OSS package repository directly.
The advantages of using ProGet for this are:
- ProGet will cache packages allowing teams to access them even when the Anaconda Packages repository is down
- ProGet will show which packages are being downloaded and used frequently
In this article, we'll explain how to create a "Feed" in ProGet that will proxy Conda packages from the public OSS Repository.
We'll also look at creating a private repository for when you also want to use internal packages, and how to create a package approval flow if you need to control which packages your team are using in production.
Step 1: Create a New Feed
First, we will create a Conda feed that will proxy packages from Anaconda OSS Package Repository.
Start by selecting "Feeds" and "Create New Feed". Next, select "Conda Packages", as we will be creating feeds to proxy and host Conda packages.
Now select "Connect to Anaconda Packages" which will allow us to proxy packages from the Anaconda OSS Package Repository
Then select "No, Create One Feed", as we will be creating a single feed to proxy Conda packages. From here, we name our feed, which in this example we will call public-conda
. Then click "Create Feed".
We are then presented with several options. More information on these can be found in the Vulnerability Scanning and Blocking documentation Finally, we select "Set Feed Features", which will create the feed, and redirect us to our public-conda
feed, now populated with packages proxied from the public OSS Conda repository.
Step 2: (Optional) Changing your Connector to Conda-Forge
By default ProGet creates a connector to Anaconda Packages when creating a new Conda feed. If you need to proxy Conda packages from Conda Forge instead, navigate to "Feeds" > "Connectors" and select the repo.anaconda.com
connector.
Then select "edit" under "Basic Properties". Replace the URL in the "Connector URL" field with https://conda.anaconda.org/conda-forge
. We also recommend changing the name to something appropriate such as conda.anaconda.org/conda-forge
. Then select "Save".
Note this it may take a short time for the local index to update. You can see the status under "Local Index" on the connector's page.
Step 3: Adding the Feed to Local Conda Environments
For your team to consume packages from the public-conda
feed, you'll need to add it as a channel in their local environment. For this, you will need feed's URL. This can be found at the top right of the feed's page.
In your terminal of choice, enter the following, which will require the public-conda
feed URL:
$ conda config --add channels «feed-url»
For example, adding a feed with the URL http://proget.corp.local/conda/public-conda/
you would enter:
$ conda config --add channels http://proget.corp.local/conda/public-conda
You can confirm that it was registered by entering:
$ conda config --show channels
Finally, to ensure that developers consume packages from the public-conda
feed rather than the OSS repository, we recommend removing the defaults
channel, which exists by default. This can be done by entering:
$ conda config --remove channels defaults
You can confirm that your local Conda environment can connect with your ProGet feed by listing Conda packages from the feed by entering:
$ conda search -c «feed-url»
Or by filtering by package name:
$ conda search -c «feed-url» «package-name»
To install packages from your public-conda feed, enter:
$ conda install «package-name»
(Optional) Authenticating to Your Conda Feed
By default your public-conda
feed does not require authentication and can be viewed anonymously. However, you may want to make your feed private and configure it to require authentication to access. For example, when also hosting your own internal packages.
(Optional) Creating a Package Approval Flow
So far we've looked at proxying packages from OSS repositories. However, this leaves developers free to install any OSS packages in the repository. In many cases, it's important to include some form of oversight in development, which can be done by introducing Package Approval.
To configure package approval flow you can read HOWTO: Approve and Promote Open-source Packages. In this guide it talks about setting up a NuGet package approval, but it can just as easily be done with Conda packages by creating Conda feeds instead.
After creating your "Unapproved" and "Approved" feeds, follow the earlier steps to add the "Approved" feed as a source in your local rpm environments, entering:
$ conda config --add channels «feed-url»
To ensure that developers only consume packages from the "Approved" feed rather than the OSS repository, we recommend removing the defaults
channel, which exists by default. This can be done by entering:
$ conda config --remove channels defaults