refactor: use pipenv to manage dependencies #150
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4141done
commented
May 17, 2022
| # Install certain utility packages like `nodeenv` and `wheel` that aid | ||
| # in the installation of other build tools and dependencies | ||
| # required by the other python packages. | ||
| PIPENV_VERBOSITY=-1 PIPENV_PIPFILE="${script_dir}/../pulumi/python/Pipfile" pipenv install --dev |
There was a problem hiding this comment.
annotation:
Here we are:
- Silencing an informational message telling us that pipenv is going to use the current venv with
PIPENV_VERBOSITY=-1 - Pointing
pipenvat ourPipfilewhich is not in the current dir withPIPENV_PIPFILE - Only installing
devdepenencies which are currentlynodeenvandwheel
| @@ -195,12 +194,15 @@ else | |||
| fi | |||
|
|
|||
| # Install general package requirements | |||
| pip3 install --requirement "${script_dir}/../pulumi/python/requirements.txt" | |||
| PIPENV_VERBOSITY=-1 PIPENV_PIPFILE="${script_dir}/../pulumi/python/Pipfile" pipenv install | |||
There was a problem hiding this comment.
annotation:
Here we are:
- Silencing an informational message telling us that pipenv is going to use the current venv with
PIPENV_VERBOSITY=-1 - Pointing
pipenvat ourPipfilewhich is not in the current dir withPIPENV_PIPFILE - Installing all packages
Comment on lines
+200
to
+205
| pip3 install "${script_dir}/../pulumi/python/utility/kic-pulumi-utils" | ||
|
|
||
| rm -rf "${script_dir}/../pulumi/python/utility/kic-pulumi-utils/.eggs" \ | ||
| "${script_dir}/../pulumi/python/utility/kic-pulumi-utils/build" \ | ||
| "${script_dir}/../pulumi/python/utility/kic-pulumi-utils/kic_pulumi_utils.egg-info" | ||
|
|
There was a problem hiding this comment.
annotation:
Removing the && prevents an issue where if the pip install does not work the script would not fail. The rm operation should not fail either way.
bin/setup_venv.sh
Outdated
| echo "Downloading Pulumi CLI into virtual environment" | ||
| PULUMI_VERSION="$(grep '^pulumi~=.*$' "${script_dir}/../pulumi/python/requirements.txt" | cut -d '=' -f2 || true)" | ||
| PULUMI_VERSION="$(pip list | grep 'pulumi ' | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p')" |
There was a problem hiding this comment.
annotation:
Here we read the pulumi version from pip to get the version that was actually installed.
dekobon
approved these changes
May 17, 2022
bin/setup_venv.sh
Outdated
| pip3 install --upgrade pip | ||
| pip install pipenv |
There was a problem hiding this comment.
Perhaps use pip3 here to bring it in harmony with the above line.
Using pip and `requirements.txt` led to issues where dependent library versions were unpredictable and led to errors in some deployment environments. This will also allow us to use semantic version properly without needing to explicitly pin dependencies at certain versions but perform updates to libraries intentionally.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Using pip and
requirements.txtled to issues where dependent library versions wereunpredictable and led to errors in some deployment environments.
This will also allow us to use semantic version properly without needing to explicitly
pin dependencies at certain versions but perform updates to libraries intentionally.
Proposed changes
Pipenvwhich will generate aPipfile.lockdetailing the exact versions of dependencies and their dependencies. This will help us have more reproducible builds since each dependency and subdependency will be installed at the exact version it was tested with.piprather than reading from the requirements file (since that's not an exact version).Pipenv Usage
pipenvis compatible with any commands that can be given topip. There are some niceties that are good to know too:graph
Prints the dependency graph with the
Pipfilespecs and the actual version resolved to.Figuring out updates
You can use
pipenv update --outdatedto display a list of packages that have newer versions in the upstream.From there, you can choose to update them one by one with
pipenv update <package name>which will update the package according to the rules specified in thePipfile. You may need to change the specification in thePipfileto get the latest version.https://pipenv-fork.readthedocs.io/en/latest/basics.html#example-pipenv-upgrade-workflow
Checklist
Before creating a PR, run through this checklist and mark each as complete.