[BangPypers] Do you pin your requirements.txt ?
Dhananjay Nene
dhananjay.nene at gmail.com
Sun Sep 15 01:06:56 CEST 2013
On Sun, Sep 15, 2013 at 3:43 AM, Kiran Jonnalagadda <jace at pobox.com> wrote:
> Thanks to Travis, we test every commit, before deployment.
>
I was perhaps misunderstood. If you test (even with say travis) but without
a pinned requirements.txt, and then create a dist and later deploy the dist
onto the server using a pip install (w/o a requirements.txt) then you no
longer have a repeatability in terms of transient dependencies. Because
travis may have used a version x.y of a transient dependency but the actual
deployment may end up using version x.(y+1) if the dependency in setup.py
of a dist you directly used specified the transient dependency as >= x.0
say.
Or then perhaps I couldn't understand something.
>
> --
> Kiran Jonnalagadda
> http://jace.zaiki.in/
> http://hasgeek.com/
>
> (Sent from my phone)
> On Sep 14, 2013 11:58 PM, "Dhananjay Nene" <dhananjay.nene at gmail.com>
> wrote:
>
> > On Sat, Sep 14, 2013 at 11:00 PM, Kiran Jonnalagadda <jace at pobox.com>
> > wrote:
> >
> > > We almost never pin at HasGeek. If an external library breaks API, we
> > > upgrade our code ASAP (we discover breakage from Travis reports).
> > >
> > > I know I sound a little too particular, and frankly that is not my
> > intent,
> > but there still remains an issue in terms of repeatability. The tests
> have
> > to be run as a part of the deployment process if you want to ensure that
> > the distributions you test with are the distributions that you deploy
> with.
> >
> >
> > > Between the risk of breaking code and having the hot seat at any hint
> of
> > > bit rot, I find the latter preferable.
> > >
> > > A sentiment I empathise with. Only yesterday I found code breaking
> > against
> > python 3.3.1 (as opposed to 3.3.0) and hopefully should fix it in the
> next
> > couple of days. Its just that I've rarely found the luxury to hold back a
> > deployment should a piece of code break due to dependency version
> upgrades.
> > Thus dependency version upgrades almost work with a different time window
> > than just pure deployable distribution version upgrade cycle.
> >
> > > Kiran
> > >
> > > --
> > > Kiran Jonnalagadda
> > > http://jace.zaiki.in/
> > > http://hasgeek.com/
> > >
> > > (Sent from my phone)
> > > On Sep 14, 2013 10:50 PM, "Noufal Ibrahim" <noufal at nibrahim.net.in>
> > wrote:
> > >
> > > > Dhananjay Nene <dhananjay.nene at gmail.com> writes:
> > > >
> > > >
> > > > [...]
> > > >
> > > > > The difficulty with that approach (I've never actually done it) is
> > > > > that it requires versioning these bundles, make them available to
> > your
> > > > > installation scripts and code to them (lately I've started using
> > > > > ansible to do this).
> > > >
> > > > I know. I don't think I'd do it again. This was a stop gap thing back
> > > > then.
> > > >
> > > >
> > > > [...]
> > > >
> > > > > After realising distributions eventually disappear pypi (central),
> > > > > makes sense to have your own pypi mirror which lacks the feature of
> > > > > disappearing dists.
> > > >
> > > > I actually had a script which would make a bundle and then wrap it up
> > in
> > > > a self extracting script (using makeself). If you ran it, it would
> > serve
> > > > the packages in that bundle as a local PyPI mirror which you could
> > > > install off of.
> > > > [...]
> > > >
> > > >
> > > > --
> > > > Cordially,
> > > > Noufal
> > > > http://nibrahim.net.in
> > > > _______________________________________________
> > > > BangPypers mailing list
> > > > BangPypers at python.org
> > > > https://mail.python.org/mailman/listinfo/bangpypers
> > > >
> > > _______________________________________________
> > > BangPypers mailing list
> > > BangPypers at python.org
> > > https://mail.python.org/mailman/listinfo/bangpypers
> > >
> >
> >
> >
> > --
> >
> >
> ----------------------------------------------------------------------------------------------------------------------------------
> > http://blog.dhananjaynene.com twitter: @dnene
> > <http://twitter.com/dnene>google plus:
> > http://gplus.to/dhananjaynene
> > _______________________________________________
> > BangPypers mailing list
> > BangPypers at python.org
> > https://mail.python.org/mailman/listinfo/bangpypers
> >
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> https://mail.python.org/mailman/listinfo/bangpypers
>
More information about the BangPypers
mailing list