pip: requirements vs. constraints (intermediate) anthony explains #367

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to another video in this one we're going to be talking about constraints and requirements in pip which is a python package manager i'm going to show you how both those work as well as two use cases that i have used constraints for anyway let's jump into it okay so for this today we are going to set up a virtual environment and activate that and we're gonna be using pip and the version of pip that we're using today is 21.3.1 which i believe is the current version right now in case any of this behavior changes in the future um and we're going to set up both a requirements file and a constraints file now a requirements file basically specifies pip what it should install so if we add a requirements.txt you can specify all sorts of stuff in here like uh the index url to limit it to a particular package index you can have other flags for pip like only binary all or like all sorts of different flags and you can also have packages and their versions you can have edible installs you can have all sorts of stuff but for today we're just going to be talking about packages and so let's say we're going to be installing a package that i wrote called ast pretty and let me grab the version of that pipi.org p ast pretty looks like the latest version is 2.1.0 so i'm going to use equals equals 2.1.0 and if i do pip install requirements.txt this will recursively find all the requirements we haven't actually shown anything new here this is just going to install what we've requested it to install there let's actually uninstall that because we're going to be demoing going back and forth with installations later now i also want to tell you about a constraints file and a constraints file tells pip what versions to install if that package happens to get installed so if we make a constraints.text let's say that we wanted to force a particular version of i don't know what's another library payamal uh yellow uh let's say for whatever reason we wanted to force i don't know 4. 5.4.1 we would say pi ml equals 5.4.1 now i previously talked about all you know requirements.txt can have all sorts of different syntaxes for pip flags and that sort of stuff constraints.txt does not support that it only supports package names operators and versions and it doesn't even support extras so if you had like some foo extra that is not supported in a constraints down text it is only intended to constrain the versions of packages uh and the way you use it on the command line is the same as we had before with dash r but instead we're going to use dash c constraints.txt and you'll notice when i run this we get exactly the same output as before we've installed asd pretty and it has not installed pi amol and that is because constraints only constrain the versions of packages they don't cause them to get installed but if we were to change our requirements.txt let's say that we installed some library which depended on piml let's see what is the most recent version of pre-commit 2.15 now i happen to know that pre-commit depends on pi ml so it should pull it in and by default pip would install the latest version of pioneer i guess just to show you that first we're going to do pip install point and you'll see that by default it's going to pull in 6.0 which is the latest version uninstall pi ammo yes and now if we install constraints uh you'll see that we installed a lot of output but we got 5.4.1 instead of 6.0 and that is because our constraints file forced it to be at that particular version um so even though pigment only depends on 5.1 the constraints caused it to get forced to 5.4.1 cool so that's that's what constraints is it doesn't force it to get installed but it does limit it to a particular version uh now i've seen two main uses of constraints.text uh the first is for use at companies uh which may want to force a particular version maybe for like security requirements or something like that and so they may use constraints.txt to say oh yeah we we always want to install pi m greater than or equal to six because we don't want any of the previous versions which don't know may have vulnerabilities or something like that and so what they'll do is they'll put this file at like etsy you know my company slash constraints.txt and they'll encode those global versions that they want to force in this constraints file and then they'll also set a pip.conf which forces that constraints file to get included that way any installation must use those particular versions and you can't bypass that it may also be useful to you know if you've forked a library say you have uh 6.0 plus my company one or something like that maybe your your first version of your fork of that library and you want to force everyone to install the forked version and not the upstream version so you may use constraints.txt to also do that as well the other use case that i've seen this for is for testing minimum versions of libraries in in open source so let's actually clone one of my libraries that has a dependency uh u reassert which is a regex assertion library that i wrote the road on vacation um and for the sake of discussion i think this just has an open dependency right now yeah so let's just say that we had pinned this to some minimum version let's find s regex was the first version that had a wheel that seems like a reasonable lower bound or a mini linux wheel maybe not that version because there's only three six this one has a 38 wheel so let's say that we set the minimum version to 2019 2019.12.17 which was that version here now this minimum bound might not actually be tested so if we were to run our tests here uh it'll actually install the latest version because that's you know pip defaults to the latest version and you'll see when we run this here that we got kind of hard to see but we got 2021.11.10 which i believe is the absolute latest version way down here yeah so this is this is the version that got installed and that's not super helpful for us because we want we want to make sure that this library continues to work in older versions and so what we might do is we might leverage talks to do this by setting up a separate test data with a separate set of constraints and uh the docs for talks actually uh tell you how to do this but then it doesn't work in the current version and it's a known bug that we will fix at some point um yeah like it says you can just specify it in depth and this works as long as the dependency is not part of your setup uh pi but since this is part of our set up top higher setup.cfg your eyebrows are tommel or however you're specifying your dependencies we actually have to uh modify install command instead and python dash and pip install and we're going to set our constraints file here so we're going to do c min versions and we're also going to have actually probably better to put the options first that way our constraints is always last then i think this is the install command syntax install command ops packages cool and so we can actually uh override the pip install command to force our uh constraints here and then if we were to set up our min versions.txt and let's say we did regex equals 20 that's it 2019.12.17 i think uh 2019.12.17. yes and so now if we were to run the min environment instead of getting this new version 2021.11.10 we can test against the minimum version by forcing a constraint and you'll see here that we yeah we have forced this particular version now of course you could also do this by by just setting that version here uh if we just did depths and you know in french x equals 20 2019.12.17 instead of that like you could you could force it in this way as well uh i think that works um yeah constraints just sometimes seems like a cleaner way to do that oh we forgot to inherit the other depths i guess that's where it's a little bit better because you would have to do this to include the depths from above but this this approach also works i don't know pick whichever one you're happy with i i actually have not used this constraints approach before so um i tend to just do this instead because it's you know it's a little bit simpler but constraints is kind of designed for this anyway that's the difference between constraints and requirements hopefully you found this interesting if there are additional things you would like me to explain leave a comment below or reach out to me on the various pro forms but thank you all for watching and i will see you in the next one you

Info

Channel: anthonywritescode

Views: 598

Rating: undefined out of 5

Keywords:

Id: SeT-Gj_frd0

Channel Id: undefined

Length: 9min 41sec (581 seconds)

Published: Mon Dec 06 2021