[BangPypers] Do you pin your requirements.txt ?

Sriram Narayanan sriramnrn at gmail.com
Sun Sep 15 04:03:01 CEST 2013 

On Sep 15, 2013 4:37 AM, "Dhananjay Nene" <dhananjay.nene at gmail.com> wrote:
>
> On Sun, Sep 15, 2013 at 3:43 AM, Kiran Jonnalagadda <jace at pobox.com>
wrote:
>
> > Thanks to Travis, we test every commit, before deployment.
> >
>
> I was perhaps misunderstood. If you test (even with say travis) but
without
> a pinned requirements.txt, and then create a dist and later deploy the
dist
> onto the server using a pip install (w/o a requirements.txt) then you no
> longer have a repeatability in terms of transient dependencies. Because
> travis may have used a version x.y of a transient dependency but the
actual
> deployment may end up using version x.(y+1) if the dependency in setup.py
> of a dist you directly used specified the transient dependency as >= x.0
> say.

To avoid this problem, I'd ensure that my build and production systems are
setup using the same scripts.

I'm inclined to bundling dependencies as private libraries if I've no
control on the runtime systems.

>
> Or then perhaps I couldn't understand something.
>
> >
> > --
> > Kiran Jonnalagadda
> > http://jace.zaiki.in/
> > http://hasgeek.com/
> >
> > (Sent from my phone)
> > On Sep 14, 2013 11:58 PM, "Dhananjay Nene" <dhananjay.nene at gmail.com>
> > wrote:
> >
> > > On Sat, Sep 14, 2013 at 11:00 PM, Kiran Jonnalagadda <jace at pobox.com>
> > > wrote:
> > >
> > > > We almost never pin at HasGeek. If an external library breaks API,
we
> > > > upgrade our code ASAP (we discover breakage from Travis reports).
> > > >
> > > > I know I sound a little too particular, and frankly that is not my
> > > intent,
> > > but there still remains an issue in terms of repeatability. The tests
> > have
> > > to be run as a part of the deployment process if you want to ensure
that
> > > the distributions you test with are the distributions that you deploy
> > with.
> > >
> > >
> > > > Between the risk of breaking code and having the hot seat at any
hint
> > of
> > > > bit rot, I find the latter preferable.
> > > >
> > > > A sentiment I empathise with. Only yesterday I found code breaking
> > > against
> > > python 3.3.1 (as opposed to 3.3.0) and hopefully should fix it in the
> > next
> > > couple of days. Its just that I've rarely found the luxury to hold
back a
> > > deployment should a piece of code break due to dependency version
> > upgrades.
> > > Thus dependency version upgrades almost work with a different time
window
> > > than just pure deployable distribution version upgrade cycle.
> > >
> > > > Kiran
> > > >
> > > > --
> > > > Kiran Jonnalagadda
> > > > http://jace.zaiki.in/
> > > > http://hasgeek.com/
> > > >
> > > > (Sent from my phone)
> > > > On Sep 14, 2013 10:50 PM, "Noufal Ibrahim" <noufal at nibrahim.net.in>
> > > wrote:
> > > >
> > > > > Dhananjay Nene <dhananjay.nene at gmail.com> writes:
> > > > >
> > > > >
> > > > > [...]
> > > > >
> > > > > > The difficulty with that approach (I've never actually done it)
is
> > > > > > that it requires versioning these bundles, make them available
to
> > > your
> > > > > > installation scripts and code to them (lately I've started using
> > > > > > ansible to do this).
> > > > >
> > > > > I know. I don't think I'd do it again. This was a stop gap thing
back
> > > > > then.
> > > > >
> > > > >
> > > > > [...]
> > > > >
> > > > > > After realising distributions eventually disappear pypi
(central),
> > > > > > makes sense to have your own pypi mirror which lacks the
feature of
> > > > > > disappearing dists.
> > > > >
> > > > > I actually had a script which would make a bundle and then wrap
it up
> > > in
> > > > > a self extracting script (using makeself). If you ran it, it would
> > > serve
> > > > > the packages in that bundle as a local PyPI mirror which you could
> > > > > install off of.
> > > > > [...]
> > > > >
> > > > >
> > > > > --
> > > > > Cordially,
> > > > > Noufal
> > > > > http://nibrahim.net.in
> > > > > _______________________________________________
> > > > > BangPypers mailing list
> > > > > BangPypers at python.org
> > > > > https://mail.python.org/mailman/listinfo/bangpypers
> > > > >
> > > > _______________________________________________
> > > > BangPypers mailing list
> > > > BangPypers at python.org
> > > > https://mail.python.org/mailman/listinfo/bangpypers
> > > >
> > >
> > >
> > >
> > > --
> > >
> > >
> >
----------------------------------------------------------------------------------------------------------------------------------
> > > http://blog.dhananjaynene.com twitter: @dnene
> > > <http://twitter.com/dnene>google plus:
> > > http://gplus.to/dhananjaynene
> > > _______________________________________________
> > > BangPypers mailing list
> > > BangPypers at python.org
> > > https://mail.python.org/mailman/listinfo/bangpypers
> > >
> > _______________________________________________
> > BangPypers mailing list
> > BangPypers at python.org
> > https://mail.python.org/mailman/listinfo/bangpypers
> >
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> https://mail.python.org/mailman/listinfo/bangpypers

More information about the BangPypers mailing list