[BangPypers] Do you pin your requirements.txt ?

Vineet Naik naikvin at gmail.com
Sat Sep 14 10:31:20 CEST 2013


I too have learnt the hard way how `--upgrade` can cause conflicts due
to the `pip freeze` flattening the dependency tree. What works for me
though is to keep requirements.txt completely out of picture when
upgrading packages ie. to upgrade manually and preferably do it one
package at a time as far as possible. Considering that upgrades don't
happen frequently (at least in projects I have worked on), it's not
much of a hassle. But yes, this requires a list of top level deps to
be maintained (or they may be found out by guessing and confirming at
the time of upgrading :-))

IMO, where pinning really helps is guaranteeing a stable environment at
any time.

One advantage of pinning requirements even if there are automated
tests is that if tests fail due to a breaking upgrade, it will be
easier to know which version to rollback to.

Another thing is, as per the deployment workflow we follow at my
workplace, everytime while deploying code to the server, fabric runs a
`pip install -r requirements.txt` remotely. Since requirements are
pinned, most of the time installation is skipped unless some package
has been upgraded locally. But in case they are not pinned, a buggy
upgrade could break production (there could be a better
approach for synchronizing dependencies across different environments
and I would be happy to know about it)


On Fri, Sep 13, 2013 at 1:06 PM, Saager Mhatre <saager.mhatre at gmail.com>wrote:

> On Sep 13, 2013 9:19 AM, "Dhananjay Nene" <dhananjay.nene at gmail.com>
> wrote:
> > [...]
> > Given adequate test coverage to verify negative side effects of any
> transitive dependency version upgrades, pinning could be skipped imo.
> >
> > Dhananjay
>
> +1 for automated tests to cover relevant API contracts of dependencies.
> That's a great approach to decide when to pin.
>
> Thanks for pointing that out Dhananjay.
>
> - d
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> https://mail.python.org/mailman/listinfo/bangpypers
>



-- 
Vineet Naik


More information about the BangPypers mailing list