Slide 1

Slide 1 text

pipenv The Future of Python Dependency Management

Slide 2

Slide 2 text

Rory Hart Biarri Rail Railroad Planning & Scheduling Software CTO - Biarri Rail @falican

Slide 3

Slide 3 text

Hiring Senior Fullstack Python + Javascript

Slide 4

Slide 4 text

Acknowledgement This talk liberally borrows from Kenneth Reitz’s PyCon talk of the same name. Follow @kennethreitz - creator of Requests: HTTP for Humans

Slide 5

Slide 5 text

The Current State of Things

Slide 6

Slide 6 text

A lot of tooling for newbies • pip • requirements.txt • requirements_dev.txt • requirements_*.txt • virtualenv • + virtualenvwrapper • pyenv • + pyenv-virtualenv • + a bunch more plugins … • anaconda

Slide 7

Slide 7 text

This tooling has a missing feature Management of “transitive dependencies”. A B C A C

Slide 8

Slide 8 text

Why do we need this? $ pip install requests Collecting requests Collecting urllib3<1.24,>=1.21.1 (from requests) Collecting certifi>=2017.4.17 (from requests) Collecting idna<2.8,>=2.5 (from requests) Collecting chardet<3.1.0,>=3.0.2 (from requests) Installing collected packages: urllib3, certifi, idna, chardet, requests Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.6 requests-2.19.1 urllib3-1.23 $ pip install requests Collecting requests Collecting urllib3<1.24,>=1.21.1 (from requests) Collecting certifi>=2017.4.17 (from requests) Collecting idna<2.8,>=2.5 (from requests) Collecting chardet<3.1.0,>=3.0.2 (from requests) Installing collected packages: urllib3, certifi, idna, chardet, requests Successfully installed certifi-2018.4.16 chardet-3.0.4 idna-2.7 requests-2.19.1 urllib3-1.23

Slide 9

Slide 9 text

But pip has this feature right? Sort of . . . $ pip freeze > requirements.txt $ cat requirements.txt certifi==2018.4.16 chardet==3.0.4 idna==2.7 requests==2.19.1 urllib3==1.23 But this mixes “what I want installed” with ”what I need installed”.

Slide 10

Slide 10 text

So we have two problems in Python 1. Managing application dependencies is complex for newbies. 2. Dependency management could be better.

Slide 11

Slide 11 text

A solution is at hand

Slide 12

Slide 12 text

What do other languages do? Nodejs: yarn & npm (lockfile) PHP: Composer (lockfile) Rust: Cargo (lockfile) Ruby: Bundler (lockfile)

Slide 13

Slide 13 text

$ cat Pipfile [[source]] url = "https://pypi.org/simple" verify_ssl = true name = "pypi" [packages] requests = "*” [dev-packages] [requires] python_version = "3.6" A new standard that will eventually be supported by pip. https://github.com/pypa/pipfile Pipfile

Slide 14

Slide 14 text

Pipfile.lock

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

Already usable with pipenv Officially recommended tool on python.org. Automates virtualenv. Simplifies different python versions (with pyenv). Ensures deterministic builds!

Slide 17

Slide 17 text

Demo Time!

Slide 18

Slide 18 text

Questions?