What's the best way to let a Hugging Face Space pull a private Python library?

Say you have a Hugging Face Space that depends on a Python library that you host on GitHub in a private repository. Normally, you’d simply add git+https://github.com/umarbutler/mylibrary.git to your requirements.txt and then Hugging Face would automatically install the library on startup.

If the repository is private, however, you need to authenticate to be able to pull the repository. So then you could do git+https://${GIT_TOKEN}@github.com/umarbutler/mylibrary.git and then add GIT_TOKEN as a secret in your space, GIT_TOKEN being a personal access token. The problem is when you are trying to do this for an organisation and there is no guarantee that the employee who used their personal access token will always be there. What do you do in that case?

1 Like

It turns out what I suggested doesn’t even work unless you actually hardcode the token :cry: which is fine for a private space but really, it should be possible to this without hardcoding.

1 Like

Can’t we do something using the Secrets of Spaces?

# last resort
import os
import subprocess
GIT_TOKEN = os.environ.get("GIT_TOKEN")
subprocess.run(f"pip install git+https://${GIT_TOKEN}@github.com/umarbutler/mylibrary.git", shell=True)
2 Likes

Hmm… You’re right. It’s hacky, but at least it isn’t hard coding a token. Cheers.

2 Likes

Sure. I’ve had a long break, and I don’t know any virtual environments other than HF… I’ve only recently started using Colab a little.
So I don’t know if it’s strange or not.:sweat_smile:
If there are functions that should naturally be there in other companies’ virtual environments that are not in HF’s VM, it would be helpful if you could request them. I can at least like your comments.

1 Like

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.