Pipenv - Melbourne Python User Group (MPUG)

Transcript

1. pipenv The Future of Python Dependency Management

2. Rory Hart Biarri Rail Railroad Planning & Scheduling Software CTO

   - Biarri Rail @falican

3. Hiring Senior Fullstack Python + Javascript

4. Acknowledgement This talk liberally borrows from Kenneth Reitz’s PyCon talk

   of the same name. Follow @kennethreitz - creator of Requests: HTTP for Humans

5. The Current State of Things

6. A lot of tooling for newbies • pip • requirements.txt

   • requirements_dev.txt • requirements_*.txt • virtualenv • + virtualenvwrapper • pyenv • + pyenv-virtualenv • + a bunch more plugins … • anaconda

7. This tooling has a missing feature Management of “transitive dependencies”.

   A B C A C

8. Why do we need this? $ pip install requests Collecting

   requests Collecting urllib3<1.24,>=1.21.1 (from requests) Collecting certifi>=2017.4.17 (from requests) Collecting idna<2.8,>=2.5 (from requests) Collecting chardet<3.1.0,>=3.0.2 (from requests) Installing collected packages: urllib3, certifi, idna, chardet, requests Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.6 requests-2.19.1 urllib3-1.23 $ pip install requests Collecting requests Collecting urllib3<1.24,>=1.21.1 (from requests) Collecting certifi>=2017.4.17 (from requests) Collecting idna<2.8,>=2.5 (from requests) Collecting chardet<3.1.0,>=3.0.2 (from requests) Installing collected packages: urllib3, certifi, idna, chardet, requests Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.7 requests-2.19.1 urllib3-1.23

9. But pip has this feature right? Sort of . .

   . $ pip freeze > requirements.txt $ cat requirements.txt certifi==2018.4.16 chardet==3.0.4 idna==2.7 requests==2.19.1 urllib3==1.23 But this mixes “what I want installed” with ”what I need installed”.

10. So we have two problems in Python 1. Managing application

    dependencies is complex for newbies. 2. Dependency management could be better.

11. A solution is at hand

12. What do other languages do? Nodejs: yarn & npm (lockfile)

    PHP: Composer (lockfile) Rust: Cargo (lockfile) Ruby: Bundler (lockfile)

13. $ cat Pipfile [[source]] url = "https://pypi.org/simple" verify_ssl = true

    name = "pypi" [packages] requests = "*” [dev-packages] [requires] python_version = "3.6" A new standard that will eventually be supported by pip. https://github.com/pypa/pipfile Pipfile

14. Pipfile.lock

15. None

16. Already usable with pipenv Officially recommended tool on python.org. Automates

    virtualenv. Simplifies different python versions (with pyenv). Ensures deterministic builds!

17. Demo Time!

18. Questions?