Better Python dependency and package management
I have been cooking this blog topic idea for a long time. I did a lot of searching, reading and trying while working on different projects. But even today after publishing it I don’t think I’m 100% satisfied with the provided solution how to manage python project dependencies efficiently.
What is package and dependency management?
Software released in bundled packages this way it’s easier to manage installed programs.
The package manager is a collection of libraries that are packaged together, which makes it easier to download entire package rather than each library.
Almost every library in the package has a dependency managed by the dependency manager.
Dependency management helps manage all the libraries required to make an application work. It’s incredibly beneficial when you’re dealing with complex projects and in a multi-environment. Dependency management also helps to keep track, update libraries faster and easier, as well as solve the problem then one package will depend on another package.
Every programming language has its flavor of dependency manager.
To summarize all above :
The library is a collection of already pre-written code.
The package is a collection of libraries that are built on each other or using each other one way or another.
Typical way of managing project dependency today
Today the most used Python package manager is pip, used to install and manage python software packages, found in the Python Package Index. Pip helps us, python developers, effortlessly “manually” control installation and lifecycle of publicly available Python packages from their online repositories.
Pip also can upgrade, show, uninstall project dependencies, etc.
To install the package, you can just run pip install <somepackage> that will build an extra Python library in your home directory.
Running pip freeze,can help to check installed packages and packages versions listed in case-insensitive sorted order.
After building your application, you will need to perform some set of actions(steps) to make application dependencies available in the different environments.
Actions will be similar to the one below:
Create a virtual environment $ python3 -m venv /path/to/new/virtual/env
Install packages using $pip install <package> command
Save all the packages in the file with $pip freeze > requirements.txt. Keep in mind that in this case, requirements.txt file will list all packages that have been installed in virtual environment, regardless of where they came from
Pin all the package versions. You should be pinning your dependencies, meaning every package should have a fixed version.
Add requirements.txt to the root directory of the project. Done.
Install project dependencies
When if you’re going to share the project with the rest of the world you will need to install dependencies by running $pip install -r requirements.txt
To find more information about individual packages from the requiements.txt you can use $pip show <packagename>. But how informative the output is?
How can project dependencies be easily maintained?
Personally, I think above setup is not easy to maintain, for the variety of reasons:
Sometime requirements.txt files contain more than thousands of lines. When maintain and update package version is hard, it will be even more hard to automate it (for example: delete development dependencies, etc.).