Pipenv - Melbourne Python User Group (MPUG)

Transcript

1. pipenv
   The Future of Python Dependency Management
   

   View Slide

2. Rory Hart
   Biarri Rail
   Railroad Planning & Scheduling Software
   CTO - Biarri Rail
   @falican
   

   View Slide

3. Hiring
   Senior Fullstack Python + Javascript
   

   View Slide

4. Acknowledgement
   This talk liberally borrows from Kenneth Reitz’s PyCon talk of the same name.
   Follow @kennethreitz - creator of Requests: HTTP for Humans
   

   View Slide

5. The Current State of Things
   

   View Slide

6. A lot of tooling for newbies
   • pip
   • requirements.txt
   • requirements_dev.txt
   • requirements_*.txt
   • virtualenv
   • + virtualenvwrapper
   • pyenv
   • + pyenv-virtualenv
   • + a bunch more plugins …
   • anaconda
   

   View Slide

7. This tooling has a missing feature
   Management of “transitive dependencies”.
   A B C
   A C
   

   View Slide

8. Why do we need this?
   $ pip install requests
   Collecting requests
   Collecting urllib3<1.24,>=1.21.1 (from requests)
   Collecting certifi>=2017.4.17 (from requests)
   Collecting idna<2.8,>=2.5 (from requests)
   Collecting chardet<3.1.0,>=3.0.2 (from requests)
   Installing collected packages: urllib3, certifi, idna, chardet, requests
   Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.6 requests-2.19.1 urllib3-1.23
   $ pip install requests
   Collecting requests
   Collecting urllib3<1.24,>=1.21.1 (from requests)
   Collecting certifi>=2017.4.17 (from requests)
   Collecting idna<2.8,>=2.5 (from requests)
   Collecting chardet<3.1.0,>=3.0.2 (from requests)
   Installing collected packages: urllib3, certifi, idna, chardet, requests
   Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.7 requests-2.19.1 urllib3-1.23
   

   View Slide

9. But pip has this feature right?
   Sort of . . .
   $ pip freeze > requirements.txt
   $ cat requirements.txt
   certifi==2018.4.16
   chardet==3.0.4
   idna==2.7
   requests==2.19.1
   urllib3==1.23
   But this mixes “what I want installed” with ”what I need installed”.
   

   View Slide

10. So we have two problems in Python
    1. Managing application dependencies is complex for newbies.
    2. Dependency management could be better.
    

    View Slide

11. A solution is at hand
    

    View Slide

12. What do other languages do?
    Nodejs: yarn & npm (lockfile)
    PHP: Composer (lockfile)
    Rust: Cargo (lockfile)
    Ruby: Bundler (lockfile)
    

    View Slide

13. $ cat Pipfile
    [[source]]
    url = "https://pypi.org/simple"
    verify_ssl = true
    name = "pypi"
    [packages]
    requests = "*”
    [dev-packages]
    [requires]
    python_version = "3.6"
    A new standard that will
    eventually be supported by pip.
    https://github.com/pypa/pipfile
    Pipfile
    

    View Slide

14. Pipfile.lock
    

    View Slide

15. View Slide

16. Already usable with pipenv
    Officially recommended tool on python.org.
    Automates virtualenv.
    Simplifies different python versions (with pyenv).
    Ensures deterministic builds!
    

    View Slide

17. Demo Time!
    

    View Slide

18. Questions?
    

    View Slide