Use pip install --report to generate pinned requirements for different optional dependencies.
Project description
iso-freeze: Use pip install --report
to separate pinned requirements for different optional dependencies
Warning: The --report
option of pip install
is considered experimental. Expect stuff to break after pip updates.
pip 22.2
introduced the pip install --report
option, which together with the --dry-run
and --ignore-installed
options can be used to resolve requirements without installing them. While the classic pip freeze
always pins everything installed, this makes it possible to pin requirements independently from your current environment.
iso-freeze
is an experimental application that uses these new pip
options to pin requirements. Just specify a requirements
file or dependencies in your pyproject.toml
and it uses the output of pip install --report
to generate pinned *requirements.txt
files. You can also sync packages installed in your virtual environment with the output of pip install report
.
This makes iso-freeze
a very simple version of the pip-compile
and pip-sync
commands provided by pip-tools
. The biggest difference is that is iso-freeze
does not rely on any pip
internals.
Install
The recommended way to install iso-freeze
is with pipx
:
pipx install iso-freeze
However, you can of course install iso-freeze
in your local venv via pip:
python -m pip install --upgrade iso-freeze
Usage
You can use iso-freeze
either with a PEP621 compatible pyproject.toml
file or with requirements
files.
Let's assume you're currently in the directory where your pyproject.toml
file is stored and you want to pin the base dependencies of your project. Simply call:
iso-freeze
# OR `iso-freeze pyproject.toml` if you like to be explicit
Afterwards, your pinned requirements are stored in requirements.txt
:
# Top level requirements
iso-freeze==0.0.11
# Dependencies of top level requirements
tomli==2.0.1
If you would like to pin requirements for a specific optional dependency listed in your pyproject.toml
file, say dev
dependencies, you can specify it with the -d/--dependency
flag. Ideally you will use it in combination with the -o/--output
flag to specify the name and location of the file you want to store the pinned requirements in:
iso-freeze -d dev -o dev-requirements.txt
# OR `iso-freeze pyproject.toml -d dev -o dev-requirements.txt`
For working with requirements files, iso-freeze
follows the convention established by pip-tools
and assumes you store your unpinned top-level requirements in *requirements.in
files. So if you're currently in the directory that contains your requirements.in
file, you can also just call the following to create or update your requirements.txt
:
iso-freeze
Note: If you have both a requirements.in
and a pyproject.toml
file in the same directory, requirements.in
is preferred if iso-freeze
is called without specifying a file name.
To pin requirements from a different *requirements.in
file, simply specify it:
iso-freeze requirements/dev-requirements.in -o requirements/dev-requirements.txt
By default, iso-freeze
will use whatever Python interpreter is currently activate in your shell by calling python3 -m pip install
. If you need a different version of Python, you can specify it with the --python/-p
flag:
iso-freeze pyproject.toml -p python3.11 -o 311-requirements.txt
# Or specify full path if the Python version you need is not in your PATH:
iso-freeze pyproject.toml -p /Library/Frameworks/Python.framework/Versions/3.11/bin/python -o 311-requirements.txt
You can pass arguments directly to pip install
with the --pip-args
flag:
iso-freeze dev-requirements.in --pip-args "--upgrade-strategy eager --require-hashes"
Please note that by default, iso-freeze
calls pip
as follows:
# If dependencies come from pyproject.toml
env PIP_REQUIRE_VIRTUALENV=false python_exec -m pip install -q --dry-run --ignore-installed --report - package1 package2
# If dependencies come from a requirements file
env PIP_REQUIRE_VIRTUALENV=false python_exec -m pip install -q --dry-run --ignore-installed --report - -r requirements_file
env PIP_REQUIRE_VIRTUALENV=false
is set to ensure that this command will not fail if require-virtualenv = true
is set in pip.conf
. Arguments added with --pip-args
will be injected after the install
keyword. Example: Calling iso-freeze dev-requirements.in --pip-args "--upgrade-strategy eager"
will result in the following command:
env PIP_REQUIRE_VIRTUALENV=false python3 -m pip install --upgrade-strategy eager -q --dry-run --ignore-installed --report - -r dev-requirements.in
Sync
With the --sync/-s
flag, iso-freeze
syncs your current environment with the output of pip install --report
:
iso-freeze pyproject.toml -d dev --sync
This will remove any packages that are not dependencies of dev
, install missing packages and update existing packages to match the exact versions provided in the pip install --report
output.
Warning: Be careful when combining the --sync
and --python
options. For example:
iso-freeze pyproject.toml -d dev --sync --python python3.11
This command would install your dependencies globally! If used in combination with --sync
, the --python
flag should point to the executable of a virtual environment. Using --sync
without the --python
flag when no virtual environment is activated will install packages globally too. For security, consider adding require-virtualenv = true
to your pip configuration.
Note that --sync
ignores editable installs.
Hashes
iso-freeze
has limited support for adding hashes because pip install --report
only provides one hash for the exact file used to install a package on your system. You can include hashes with the --hashes
flag:
iso-freeze pyproject.toml -d dev --hashes
This creates an output like this (truncated example):
# Top level requirements
pytest==7.1.2 \
--hash=sha256:13d0e3ccfc2b6e26be000cb6568c832ba67ba32e719443bfe725814d3c42433c
# Dependencies of top level requirements
attrs==21.4.0 \
--hash=sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file iso_freeze-0.0.14.tar.gz
.
File metadata
- Download URL: iso_freeze-0.0.14.tar.gz
- Upload date:
- Size: 12.1 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d6f8174fe945b97056cffce6ec172fa3223c60ff7f1d10213d75b6429c021882 |
|
MD5 | 1609bbc15963c2a5eb01eb3681cc535e |
|
BLAKE2b-256 | bfe5e610340c4091d81bd4b9a1b139e2ba5b8e71f911d5850085f790b748cf67 |
File details
Details for the file iso_freeze-0.0.14-py3-none-any.whl
.
File metadata
- Download URL: iso_freeze-0.0.14-py3-none-any.whl
- Upload date:
- Size: 12.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0a0c10321df67c5bea497d77faa2765ac10edd63403c660885a4ddb836150848 |
|
MD5 | ae8fdd90a110984dcf8c32388a632cda |
|
BLAKE2b-256 | 6465ee2d3d36d205d38f4c98f86284bda1ff56118577d095eedb2e465e02d0de |