$30 off During Our Annual Pro Sale. View Details »

Pipenv - Melbourne Python User Group (MPUG)

Pipenv - Melbourne Python User Group (MPUG)

August 2018 presentation introducing the Pipenv dependency management tool.

Rory Hart

August 06, 2018
Tweet

More Decks by Rory Hart

Other Decks in Technology

Transcript

  1. pipenv
    The Future of Python Dependency Management

    View Slide

  2. Rory Hart
    Biarri Rail
    Railroad Planning & Scheduling Software
    CTO - Biarri Rail
    @falican

    View Slide

  3. Hiring
    Senior Fullstack Python + Javascript

    View Slide

  4. Acknowledgement
    This talk liberally borrows from Kenneth Reitz’s PyCon talk of the same name.
    Follow @kennethreitz - creator of Requests: HTTP for Humans

    View Slide

  5. The Current State of Things

    View Slide

  6. A lot of tooling for newbies
    • pip
    • requirements.txt
    • requirements_dev.txt
    • requirements_*.txt
    • virtualenv
    • + virtualenvwrapper
    • pyenv
    • + pyenv-virtualenv
    • + a bunch more plugins …
    • anaconda

    View Slide

  7. This tooling has a missing feature
    Management of “transitive dependencies”.
    A B C
    A C

    View Slide

  8. Why do we need this?
    $ pip install requests
    Collecting requests
    Collecting urllib3<1.24,>=1.21.1 (from requests)
    Collecting certifi>=2017.4.17 (from requests)
    Collecting idna<2.8,>=2.5 (from requests)
    Collecting chardet<3.1.0,>=3.0.2 (from requests)
    Installing collected packages: urllib3, certifi, idna, chardet, requests
    Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.6 requests-2.19.1 urllib3-1.23
    $ pip install requests
    Collecting requests
    Collecting urllib3<1.24,>=1.21.1 (from requests)
    Collecting certifi>=2017.4.17 (from requests)
    Collecting idna<2.8,>=2.5 (from requests)
    Collecting chardet<3.1.0,>=3.0.2 (from requests)
    Installing collected packages: urllib3, certifi, idna, chardet, requests
    Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.7 requests-2.19.1 urllib3-1.23

    View Slide

  9. But pip has this feature right?
    Sort of . . .
    $ pip freeze > requirements.txt
    $ cat requirements.txt
    certifi==2018.4.16
    chardet==3.0.4
    idna==2.7
    requests==2.19.1
    urllib3==1.23
    But this mixes “what I want installed” with ”what I need installed”.

    View Slide

  10. So we have two problems in Python
    1. Managing application dependencies is complex for newbies.
    2. Dependency management could be better.

    View Slide

  11. A solution is at hand

    View Slide

  12. What do other languages do?
    Nodejs: yarn & npm (lockfile)
    PHP: Composer (lockfile)
    Rust: Cargo (lockfile)
    Ruby: Bundler (lockfile)

    View Slide

  13. $ cat Pipfile
    [[source]]
    url = "https://pypi.org/simple"
    verify_ssl = true
    name = "pypi"
    [packages]
    requests = "*”
    [dev-packages]
    [requires]
    python_version = "3.6"
    A new standard that will
    eventually be supported by pip.
    https://github.com/pypa/pipfile
    Pipfile

    View Slide

  14. Pipfile.lock

    View Slide

  15. View Slide

  16. Already usable with pipenv
    Officially recommended tool on python.org.
    Automates virtualenv.
    Simplifies different python versions (with pyenv).
    Ensures deterministic builds!

    View Slide

  17. Demo Time!

    View Slide

  18. Questions?

    View Slide