Speaker
Dustin Ingram
Material
Note
-
Speaker
- Dustin Ingram (twitter)
- Organize PyTexas
- PyPi contributor
- Dustin Ingram (twitter)
-
Topics
- dev, test env
- dependency workflows
- linting & autoformatting
- go to prod
-
Focus: anything that's not code and will be check into code base
dev, test environment
Your development environment.
"But it works on my machine"You laptop is not production.
-
Problem:
virtualenv
only isolate Python. Platform-level stuff are still shared. -
Fully isolate a reproducible environments
- containerization (e.g., docker)
- Dockerfile
- docker-compose
- containerization (e.g., docker)
A modern workflow for dependencies
-
Problems: When install a new package and it depends on newer version of old dependency, it might upgrade unnoticeably.
-
Don't
pip freeze > requirements.txt
anymore- Bad
- Get everything from your system
- Good
- Version pinning
- Managing sub-dependencies
- Bad
pip-tools
-
Pin and compile the dependencies and sub-dependencies
sh pip-compile requirements.in
- Pinning and compiling only get 90%
- Artifact hashing
pip compile --generate-hashes requirements.in
pip install --require-hashes -r requirements.txt
- Artifact hashing
- Now our deps are 100% frozen
When / How to upgrade dependencies
- When: early and often
- How: automated dependency services → scan you repo and see your deps
Linting and autoformatting
Use black
Taking your env to prod
Through services that supports deployment through container
Conclusion
- Use docker
- Use docker-compose
- Use
pip-compile
frompip-tools
- Use dependabot / pyup.io
for auto-upgrade deps - Use dependabot
- Deploy your docker container to prod
Q & A
- Q: pipenv, poetry or pip-tools
- A: Personal preference