pip-tools gives us a nice way to manage our
requirements.txt files, by specifying our top-level dependencies in a single file and then building a separate file that pins the entire dependency tree:
$ cat requirements.in test_alexwlchan $ cat requirements.txt # # This file is autogenerated by pip-compile # To update, run: # # pip-compile --output-file requirements.txt requirements.in # test-alexwlchan-foo==0.0.1 # via test-alexwlchan test-alexwlchan==0.0.1
This allows us to spot whenever any dependency changes, but also remove dependencies later if we need to, and know we removed exactly what we didn't need.
Meanwhile pyup.io can watch the repository, and offer a pull request whenever one of these dependencies changes a new version. (Example pull request.)
How do the two interact?
What if the
test-alexwlchan-foo package releases a new version?
Does pyup.io update the
requirements.txt file in such a way that preserves the useful comment?
- Upload a package
- Upload a second package
test-alexwlchanthat depends on the
- Create a
requirements.txtfile similar to the examples above.
- Configure pyup.io to run against the repository.
- Upload a new version of
pyup.io and pip-tools play nicely together. If you look at the pull request raised by pyup.io, it's only modified the version number, and left the comment intact.