• Original author: Kenneth Reitz[1]
  • Original publication date: 2016/02/25
  • [2]
  • This article was originally compiled and published on the wechat official account “Programpi”. For more Python tutorials and resources, please search “Programming school” on wechat.

It is now standard practice to add a requirements.txt file to the root of your code base when developing Python applications.

This file is quite useful, generally has the following two forms:

  • A list of top-level dependencies of a project, usually without specifying a version number
  • A list of all dependencies for the project, each with a specified version number

Method 1: Simplerequirementsfile

A top-level list of dependencies for a project, usually without specifying a version number.

Cat requirements. TXT requests[Security] flask Gunicorn ==19.4.5Copy the code

Method 1 is very simple and is the user experience that every developer using a Requirements file wants. However, if you deploy such a requirements.txt file into a production environment, unexpected problems can occur. Because you did not specify a version number, the Python package you install today may not be the same as the one you install tomorrow after running PIP Install.

This is bad. Because subdependencies may update version numbers frequently, rerunking PIP install -r requiredings.txt may cause you to install a different Python package. This can cause your application to fail for unknown reasons.

Method 2: Be preciserequirementsfile

A list of all dependencies for the project, each with a specified version number

$cat requirements.txt cFFi ==1.5.2 Cryptography ==1.2.2 enum34==1.1.2 Flask==0.10.1 gunicorn==19.4.5 idna==2.0 Ipaddress ==1.0.16 itsDangerous ==0.24 Jinja2==2.8 MarkupSafe==0.23 Ndg-httpsclient ==0.4.0 pyASn1 ==0.1.9 pyCParser ==2.14 PyOpenSSL = = 0.15.1 requests = = = = when 2.9.1 six 1.10.0 Werkzeug = = 0.11.4Copy the code

Method 2 is a best practice for deploying your application to ensure that your runtime environment does not run into problems.

All dependencies, including subdependencies, are explicitly listed and their version numbers specified.

This type of requirements. TXT is automatically generated by running the PIP freeze command in the application’s current working runtime environment. This practice encourages developers to treat dev/ Prod parity and external dependencies as if they were part of your application code.

Although method 2 is a best practice for using requirements.txt, it’s actually a bit of a hassle. For example, if I have a large code base and want to update some or all of my Python packages with the PIP install –upgrade command, I can’t easily do this.

My previous approach was to pick out the top-level dependencies one by one and manually type PIP Install requests[Security] flask –upgrade. It’s not a pleasant process.

I thought long and hard about developing a tool to solve this problem. Now, of course, there are tools like pip-tools. However, I don’t want to add anything to my tool chain. This problem should be solved with the tools available.

In the end, I came up with a great solution that solved the problem using the tools I already had, with the best of both methods 1 and 2. I’ve been using this workflow on projects for a while and am very pleased with the results.

It’s really simple: instead of putting one Requirements file, we put two:

  • requirements-to-freeze.txt
  • requirements.txt

requirements-to-freeze.txt

Requests [security] flask gunicorn = = 19.4.5Copy the code

requirements.txt

Cffi ==1.5.2 Cryptography ==1.2.2 enum34==1.1.2 Flask==0.10.1 gunicorn==19.4.5 IDNA ==2.0 IPAddress ==1.0.16 Itsdangerous ==0.24 Jinja2==2.8 MarkupSafe==0.23 Ndg-httpsclient ==0.4.0 pyASn1 ==0.1.9 PyCParser ==2.14 pyOpenSSL==0.15.1 Requests the = = = = when 2.9.1 six 1.10.0 Werkzeug = = 0.11.4Copy the code

Requirements-to-freeze. TXT follows method 1, which states the top-level dependency package for your project and the specific version number you need to specify.

Requirements. TXT follows method 2, where the content is generated by PIP Freeze after running PIP install requirements-to-freeze-txt.

project-repo

pip install -r requirements-to-freeze.txt --upgrade
Installing collected packages: six, enum34, ipaddress, ...

pip freeze > requirements.txt
Copy the code

Have your cake and eat it.

I encourage you to try this workflow, which will probably save you from future build failures.

All articles on this site are original or compiled unless otherwise indicated. If you need to reprint, please contact wechat official number “Programpi” for authorization. When reprinted, the source, author and original link should be indicated.