pip install can pull packages directly from Git repositories, which is super handy for installing unreleased features or private dependencies.
Let’s see it in action. Say you have a GitHub repo with a Python package you want to install.
pip install git+https://github.com/myusername/myrepository.git@main#egg=mypackage
Here’s what’s happening:
git+: This tells pip to use Git as the VCS (Version Control System).https://github.com/myusername/myrepository.git: This is the standard URL for your GitHub repository.@main: This specifies the branch, tag, or commit hash you want to install from.mainis common, but it could bedevelop, a specific tag likev1.2.0, or a commit SHA.#egg=mypackage: This part is crucial. It tells pip the name of the package being installed. This is especially important if the repository contains multiple packages or if the directory structure isn’t immediately obvious to pip.
This mechanism bypasses the need to publish your package to PyPI, making it ideal for rapid development, internal tooling, or installing specific commits for bug reproduction. Pip will clone the repository, find the setup.py or pyproject.toml file, and install the package as if it were a local directory.
You can also install directly from a specific commit hash, which is great for reproducible builds:
pip install git+https://github.com/myusername/myrepository.git@a1b2c3d4e5f67890abcdef1234567890abcdef12@main#egg=mypackage
If your package is in a subdirectory within the Git repository, you can specify that using the subdirectory parameter:
pip install git+https://github.com/myusername/myrepository.git@main#egg=mypackage&subdirectory=src/mypackage_dir
This tells pip to look for the package setup inside src/mypackage_dir within the repository.
Private repositories require authentication. The most straightforward way is to use a Personal Access Token (PAT) from GitHub. You can embed it directly in the URL, though this is generally not recommended for security reasons as it can end up in shell history.
pip install git+https://YOUR_GITHUB_USERNAME:YOUR_GITHUB_PAT@github.com/myusername/myrepository.git@main#egg=mypackage
A more secure approach is to configure Git with your credentials globally or use an SSH URL if you have SSH keys set up with GitHub.
# Using SSH
pip install git+ssh://git@github.com/myusername/myrepository.git@main#egg=mypackage
When installing from a Git repository, pip essentially performs a git clone behind the scenes. It checks out the specified commit/branch and then looks for a setup.py or pyproject.toml file in the root of the repository (or the specified subdirectory) to build and install the package. This means any dependencies listed in that setup file will also be installed.
The #egg= fragment isn’t strictly required for pip to find the package if the repository root contains a single setup.py or pyproject.toml that defines the package name. However, it’s good practice to include it for clarity and to explicitly tell pip what package name to associate with the installation, especially when dealing with complex repository structures or when you want to ensure a specific package name is used in your requirements.txt file.
You can also install editable versions from Git, just like you would from a local directory, by adding the -e flag:
pip install -e git+https://github.com/myusername/myrepository.git@main#egg=mypackage
This installs the package by linking to the cloned repository directory, so changes you make to the code in the cloned repository are immediately reflected without needing to reinstall.
The next challenge is managing dependencies that are themselves installed from Git repositories, and ensuring version consistency across different environments.