2017 - Fabio Fleitas - Python Package Management with pip-tools

Slide 1

Slide 1 text

PYTHON PACKAGE MANAGEMENT WITH PIP-TOOLS Fabio Fleitas @ Tesorio August 13, 2017 https://www.tesorio.com/careers

Slide 2

Slide 2 text

HOW PYTHON PACKAGE MANAGEMENT IS DONE TODAY

Slide 3

Slide 3 text

TOOLS OF THE TRADE pip virtualenv requirements.txt

Slide 4

Slide 4 text

PIN THE TOP-LEVEL DEPENDENCIES # requirements.txt django==1.8.18 djangorestframework==3.5.3 django-extensions==1.7.5 requests==2.18.3

Slide 5

Slide 5 text

$ pip install -r requirements.txt

Slide 6

Slide 6 text

ISSUE WITH THAT APPROACH IS THAT IT CAN BE NON-DETERMINISTIC This is because you did not pin sub-dependencies

Slide 7

Slide 7 text

MOST COMMON SOLUTION FOR DETERMINISTIC BUILDS $ pip freeze > requirements.txt

Slide 8

Slide 8 text

# requirements.txt certifi==2017.7.27.1 chardet==3.0.4 Django==1.8.18 django-extensions==1.7.5 djangorestframework==3.5.3 idna==2.5 requests==2.18.3 six==1.10.0 urllib3==1.22

Slide 9

Slide 9 text

ISSUE WITH THAT APPROACH IS THAT YOU NOW HAVE TOP- LEVEL DEPENDENCIES MIXED WITH SUB-DEPENDENCIES This will make you life much harder to deal with upgrades/removals of dependencies

Slide 10

Slide 10 text

THE SOLUTION: PIP-TOOLS $ pip install pip-tools

Slide 11

Slide 11 text

pip-tools = pip-compile + pip-sync

Slide 12

Slide 12 text

CREATE A REQUIREMENTS.IN Only include top-level dependencies # requirements.in django==1.8.18 djangorestframework==3.5.3 django-extensions==1.7.5 requests==2.18.3

Slide 13

Slide 13 text

$ pip-compile requirements.in

Slide 14

Slide 14 text

# # This file is autogenerated by pip-compile # To update, run: # # pip-compile --output-file requirements.txt requirements.in # certifi==2017.7.27.1 # via requests chardet==3.0.4 # via requests django-extensions==1.7.5 django==1.8.18 djangorestframework==3.5.3 idna==2.5 # via requests requests==2.18.3 six==1.10.0 # via django-extensions urllib3==1.22 # via requests

Slide 15

Slide 15 text

PIP-SYNC pip-sync ensures that your virtualenv is synced with your requirements.txt and removes everything else. This is important so you don't accidentally have other packages in your virtualenv that may have forgotten to be uninstalled.

Slide 16

Slide 16 text

$ pip-sync requirements.txt

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

WE'RE HIRING https://www.tesorio.com/careers