Configure the Project#
PDM's config
command works just like git config
, except that --list
isn't needed to
show configurations.
Show the current configurations:
1 |
|
Get one single configuration:
1 |
|
Change a configuration value and store in home configuration:
1 |
|
By default, the configuration are changed globally, if you want to make the config seen by this project only, add a --local
flag:
1 |
|
Any local configurations will be stored in pdm.toml
under the project root directory.
Configuration files#
The configuration files are searched in the following order:
<PROJECT_ROOT>/pdm.toml
- The project configuration<CONFIG_ROOT>/config.toml
- The home configuration<SITE_CONFIG_ROOT>/config.toml
- The site configuration
where <CONFIG_ROOT>
is:
$XDG_CONFIG_HOME/pdm
(~/.config/pdm
in most cases) on Linux as defined by XDG Base Directory Specification~/Library/Application Support/pdm
on macOS as defined by Apple File System Basics%USERPROFILE%\AppData\Local\pdm
on Windows as defined in Known folders
and <SITE_CONFIG_ROOT>
is:
$XDG_CONFIG_DIRS/pdm
(/etc/xdg/pdm
in most cases) on Linux as defined by XDG Base Directory Specification/Library/Application Support/pdm
on macOS as defined by Apple File System BasicsC:\ProgramData\pdm\pdm
on Windows as defined in Known folders
If -g/--global
option is used, the first item will be replaced by <CONFIG_ROOT>/global-project/pdm.toml
.
You can find all available configuration items in Configuration Page.
Configure the Python finder#
By default, PDM will try to find Python interpreters in the following sources:
venv
: The PDM virtualenv locationpath
: ThePATH
environment variablepyenv
: The pyenv install rootrye
: The rye toolchain install rootasdf
: The asdf python install rootwinreg
: The Windows registry
You can unselect some of them or change the order by setting python.providers
config key:
1 2 |
|
Allow prereleases in resolution result#
By default, pdm
's dependency resolver will ignore prereleases unless there are no stable versions for the given version range of a dependency. This behavior can be changed by setting allow-prereleases
to true
in [tool.pdm.resolution]
table:
1 2 |
|
Configure the package indexes#
You can tell PDM where to to find the packages by either specifying sources in the pyproject.toml
or via pypi.*
configurations.
Add sources in pyproject.toml
:
1 2 3 4 |
|
Change the default index via pdm config
:
1 |
|
Add extra indexes via pdm config
:
1 |
|
The available configuration options are:
url
: The URL of the indexverify_ssl
: (Optional)Whether to verify SSL certificates, default to trueusername
: (Optional)The username for the indexpassword
: (Optional)The password for the indextype
: (Optional) index or find_links, default to index
About the source types
By default, all sources are PEP 503 style "indexes" like pip's --index-url
and --extra-index-url
, however, you can set the type to find_links
which contains files or links to be looked for directly. See this answer for the difference between the two types.
For example, to use a local directory as a source:
1 2 3 4 |
|
These configurations are read in the following order to build the final source list:
pypi.url
, ifpypi
doesn't appear in thename
field of any source inpyproject.toml
- Sources in
pyproject.toml
pypi.<name>.url
in PDM config.
You can set pypi.ignore_stored_index
to true
to disable all additional indexes from the PDM config and only use those specified in pyproject.toml
.
Disable the default PyPI index
If you want to omit the default PyPI index, just set the source name to pypi
and that source will replace it.
1 2 3 4 |
|
Indexes in pyproject.toml
or config
When you want to share the indexes with other people who are going to use the project, you should add them in pyproject.toml
.
For example, some packages only exist in a private index and can't be installed if someone doesn't configure the index.
Otherwise, store them in the local config which won't be seen by others.
Respect the order of the sources#
By default, all sources are considered equal, packages from them are sorted by the version and wheel tags, the most matching one with the highest version is selected.
In some cases you may want to return packages from the preferred source, and search for others if they are missing from the former source. PDM supports this by reading the configuration respect-source-order
. For example:
1 2 3 4 5 6 7 8 9 10 |
|
A package will be searched from the private
index first, and only if no matching version is found there, it will be searched from the pypi
index.
Specify index for individual packages#
You can bind packages to specific sources with include_packages
and exclude_packages
config under tool.pdm.source
table.
1 2 3 4 5 |
|
With the above configuration, any package matching foo
or foo-*
will only be searched from the private
index, and any package matching bar-*
will be searched from all indexes except private
.
Both include_packages
and exclude_packages
are optional and accept a list of glob patterns, and include_packages
takes effect exclusively when the pattern matches.
Store credentials with the index#
You can specify credentials in the URL with ${ENV_VAR}
variable expansion and these variables will be read from the environment variables:
1 2 3 |
|
Configure HTTPS certificates#
You can use a custom CA bundle or client certificate for HTTPS requests. It can be configured for both indexes(for package download) and repositories(for upload):
1 2 |
|
Besides, it is possible to use the system trust store, instead of the bundled certifi certificates for verifying HTTPS certificates. This approach will typically support corporate proxy certificates without additional configuration.
To use truststore
, you need Python 3.10 or newer and install truststore
into the same environment as PDM:
1 |
|
In addition, CA certificates specified by env vars REQUESTS_CA_BUNDLE
and CURL_CA_BUNDLE
will be used if they are set.
Index configuration merging#
Index configurations are merged with the name
field of [[tool.pdm.source]]
table or pypi.<name>
key in the config file.
This enables you to store the url and credentials separately, to avoid secrets being exposed in the source control.
For example, if you have the following configuration:
1 2 3 |
|
You can store the credentials in the config file:
1 2 |
|
PDM can retrieve the configurations for private
index from both places.
If the index requires a username and password, but they can't be found from the environment variables nor config file, PDM will prompt you to enter them. Or, if keyring
is installed, it will be used as the credential store. PDM can use the keyring
from either the installed package or the CLI.
Central installation caches#
If a package is required by many projects on the system, each project has to keep its own copy. This can be a waste of disk space, especially for data science and machine learning projects.
PDM supports caching installations of the same wheel by installing it in a centralized package repository and linking to that installation in different projects. To enable it, run:
1 |
|
It can be enabled on a per-project basis by adding the --local
option to the command.
The caches are located in $(pdm config cache_dir)/packages
. You can view the cache usage with pdm cache info
. Note that the cached installations are managed automatically -- they will be deleted if they are not linked to any projects. Manually deleting the caches from disk may break some projects on the system.
In addition, several different link methods are supported:
symlink
(default), create symlinks to the package files.hardlink
, create hard links to the package files of the cache entry.
You can switch between them by running pdm config [--local] install.cache_method <method>
.
Note
Only packages installed from one of the package sources can be cached.
Configure the repositories for upload#
When using the pdm publish
command, it reads the repository secrets from the global config file(<CONFIG_ROOT>/config.toml
). The content of the config is as follows:
1 2 3 4 5 6 7 8 9 |
|
Alternatively, these credentials can be provided with env vars:
1 2 3 4 |
|
A PEM-encoded Certificate Authority bundle (ca_certs
) can be used for local / custom PyPI repositories where the server certificate is not signed by the standard certifi CA bundle.
Note
Repositories are different from indexes in the previous section. Repositories are for publishing while indexes are for locking and resolving. They don't share the configuration.
Tip
You don't need to configure the url
for pypi
and testpypi
repositories, they are filled by default values.
The username, password, and certificate authority bundle can be passed in from the command line for pdm publish
via --username
, --password
, and --ca-certs
, respectively.
To change the repository config from the command line, use the pdm config
command:
1 2 3 4 5 |
|
Password management with keyring#
When keyring is available and supported, the passwords will be stored to and retrieved from the keyring instead of writing to the config file. This supports both indexes and upload repositories. The service name will be pdm-pypi-<name>
for an index and pdm-repository-<name>
for a repository.
You can enable keyring by either installing keyring
into the same environment as PDM or installing globally. To add keyring to the PDM environment:
1 |
|
Alternatively, if you have installed a copy of keyring globally, make sure the CLI is exposed in the PATH
env var to make it discoverable by PDM:
1 |
|
Password management with keyring for Azure Artifacts#
When trying to authenticate towards azure artifacts, this can be achieved by either using AD groups to authenticate: pdm self add keyring artifacts-keyring
ensuring that artifacts-keyring will be used for authentication.
And then adding the artifacts url to pyproject.toml
1 2 3 |
|
Exclude specific packages and their dependencies from the lock file#
Added in version 2.12.0
Sometimes you don't even want to include certain packages in the locked file because you are sure they won't be used by any code. In this case, you can completely skip them and their dependencies during dependency resolution:
1 2 |
|
With this config, requests
will not be locked in the lockfile, and its dependencies such as urllib3
and idna
will also not show up in the resolution result, if not depended on by other packages. The installer will not be able to pick them up either.
Passing constant arguments to every pdm invocation#
Added in version 2.7.0
You can add extra options passed to individual pdm commands by tool.pdm.options
configuration:
1 2 3 4 |
|
These options will be added right after the command name. For instance, based on the configuration above,
pdm add requests
is equivalent to pdm add --no-isolation --no-self requests
.
Ignore package warnings#
Added in version 2.10.0
You may see some warnings when resolving dependencies like this:
1 2 3 4 5 |
|
This is because the supported range of Python versions of the package doesn't cover the requires-python
value specified in the pyproject.toml
.
You can ignore these warnings in a per-package basis by adding the following config:
1 2 |
|
Where each item is a case-insensitive glob pattern to match the package name.