Do we need two version-locking files? (Pipfile = "*" vs pypoetry.toml vs venv + requirements.txt)
Pacharapol Withayasakpunt
Posted on October 5, 2021
Edit: I am also confused about .venv/bin/python
's location - in-project $PROEJCT_ROOT/.venv/bin/python
or global (e.g. ~/.pyenv/versions/$PROJECT_IDENTIFIER/.venv/bin/python
)?
Pipenv's defaults
I feels odd to me that my Pipfile
looks like this.
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
fastapi = "*"
aiofiles = "*"
uvicorn = "*"
gunicorn = "*"
gtts = {git = "https://github.com/patarapolw/gTTS.git"}
wordfreq = {extras = ["cjk"], version = "*"}
[dev-packages]
[requires]
python_version = "3.9"
To say that, if you know lock files in other programming languages' package managers; this looks VERY OPINIONATED.
Of course, there is Pipfile.lock
, but it doesn't look very readable to me, unlike package.json
or go.mod
(which, of course, have package.lock
and go.sum
to pair with).
Another problem is, Pipenv IS NOT VERY VERBOSE at all...
Personally, I also add export PIPENV_VENV_IN_PROJECT="enabled"
to
~/.zshrc
.
python -m venv .venv
This path typically creates only one version-locking - requirements.txt
; and it can be readable, if not compiled directly from pip freeze >
.
I have seen some projects with multiple requirements.txt
(e.g. .prod.txt
, .dev.txt
); but I have seen NONE with requirements.lock
But of course, it is as easy as pip freeze > requirements.lock
; even perhaps adding to git pre-commit hook.
cat << EOF > ~/.git/hooks/pre-commit
#!/usr/bin/env bash
source .venv/bin/activate
pip freeze > requirements.lock
EOF
chmod +x ~/.git/hooks/pre-commit
Personally, I don't really use this option much.
Poetry's opinionatedness
poetry add <PACKAGES>
actually pin versioning into TWO lock files, one with exact, another with >=
; but I distaste this.
$ poetry init
...
Would you like to define your main dependencies interactively? (yes/no) [yes] no
Would you like to define your development dependencies interactively? (yes/no) [yes] no
...
So, you wanted me to answer YES, huh?
Personally, I am add config,
poetry config set virtualenvs.in-project true
.
semver syntax I learnt from JavaScript Node.js
So, in Node.js, we have something like this.
>=2.0.1
^2.0.1
~2.0.1
2.0.1
2.0
2
Not sure about these syntaxes in Python, and whether it is just requirements.txt
(TXT file), setup.py
(Python file), or whatever *.toml
files.
Do we still need setup.py
; if we are not publishing to PyPI or local repository?
I don't know the answer to this either...
But of course, it can help with py2app or py2exe; which I don't need when I already have PyInstaller.
A thought
Why can't we just go back to
cat << EOF > requirements.txt
fastapi
aiofiles
EOF
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
pip freeze | grep -i "$(cat requirements.txt)" > requirements.txt
pip freeze > requirements.lock
python --version > .python-version
# Then, hand-edit requirements.txt
What is YOUR decision?
For me, even though I like Poetry, I don't like some of the defaults; but the general defaults of other options are even more insane.
How would you deviate from the default settings?
Posted on October 5, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.