Currently in my requirements.txt file I can include a package from a private github repo in one of the following ways:
git+https://github.com/<repo-name>@<version>
or
git+ssh://[email protected]/<repo-name>@<version>
However I would like to not have to enforce the manner in which the installer connects to github (ssh or https). Is there a way that I can generically list this repo/package so that either way of connecting will work in a pip install -r requirements.txt command?
I'm almost certain this is impossible for pip because Git doesn't, in general, provide a way to do this.
Just because GitHub provides both HTTPS and SSH remotes for the same repository doesn't mean that all providers do. Even when a hosting provider provides both, they may not necessarily be under the same location relative to the root for each protocol.
Moreover, Git doesn't do automatic fallbacks between protocols in case of failure because different protocols are implemented in completely different code (and sometimes, in different binaries) and because it's not clear in what case a fallback should occur. For example, should Git fall back if authentication fails? Should it fall back if there are no authentication credentials but some are required?
In general, if you're providing a public repo (which is not the case here), yo should always use HTTPS for GitHub, because that's anonymous, which means it will just work. For a private repository, I'd use whatever you think everyone is most likely to have. For example, if you know every engineer will have an SSH key for access to certain systems, that can be a good choice, but if you know that your development environment setup script uses HTTPS, then use that.
Note that people can rewrite the URLs in their local instances using url.*.insteadOf, which can rewrite one type of URL into the other automatically. I happen to use this to use an SSH key for all my access because my organization requires time-limited HTTPS tokens and I don't want to deal with rotation.