pyup-testing

This is a little bit of experimenting to test the interaction between pyup.io and pip-tools, motivated by a proposed patch to hypothesis-python.

pip-tools gives us a nice way to manage our requirements.txt files, by specifying our top-level dependencies in a single file and then building a separate file that pins the entire dependency tree:

$ cat requirements.in
test_alexwlchan

$ cat requirements.txt
#
# This file is autogenerated by pip-compile
# To update, run:
#
#    pip-compile --output-file requirements.txt requirements.in
#
test-alexwlchan-foo==0.0.1  # via test-alexwlchan
test-alexwlchan==0.0.1

This allows us to spot whenever any dependency changes, but also remove dependencies later if we need to, and know we removed exactly what we didn't need.

Meanwhile pyup.io can watch the repository, and offer a pull request whenever one of these dependencies changes a new version. (Example pull request.)

How do the two interact? What if the test-alexwlchan-foo package releases a new version? Does pyup.io update the requirements.txt file in such a way that preserves the useful comment?

Methodology

1. Upload a package test-alexwlchan-foo to PyPI.
2. Upload a second package test-alexwlchan that depends on the -foo variant.
3. Create a requirements.in and requirements.txt file similar to the examples above.
4. Configure pyup.io to run against the repository.
5. Upload a new version of text-alexwlchan-foo.

Outcome

Success!

pyup.io and pip-tools play nicely together. If you look at the pull request raised by pyup.io, it's only modified the version number, and left the comment intact.