Skip to main content

Use pip install --report to generate pinned requirements for different optional dependencies.

Project description

iso-freeze: Use pip install --report to separate pinned requirements for different optional dependencies

Warning: The --report option of pip install is considered experimental. Expect stuff to break after pip updates.

pip 22.2 introduced the pip install --report option, which together with the --dry-run and --ignore-installed options can be used to resolve requirements without installing them. While the classic pip freeze always pins everything installed, this makes it possible to pin requirements independently from your current environment.

iso-freeze is an experimental application that uses these new pip options to pin requirements. Just specify a requirements file or dependencies in your pyproject.toml and it uses the output of pip install --report to generate pinned *requirements.txt files. You can also sync packages installed in your virtual environment with the output of pip install report.

This makes iso-freeze a very simple version of the pip-compile and pip-sync commands provided by pip-tools. The biggest difference is that is iso-freeze does not rely on any pip internals.

Install

The recommended way to install iso-freeze is with pipx:

pipx install iso-freeze

However, you can of course install iso-freeze in your local venv via pip:

python -m pip install --upgrade iso-freeze

Usage

You can use iso-freeze either with a PEP621 compatible pyproject.toml file or with requirements files.

Let's assume you're currently in the directory where your pyproject.toml file is stored and you want to pin the base dependencies of your project. Simply call:

iso-freeze
# OR `iso-freeze pyproject.toml` if you like to be explicit

Afterwards, your pinned requirements are stored in requirements.txt:

# Top level requirements
iso-freeze==0.0.11
# Dependencies of top level requirements
tomli==2.0.1

If you would like to pin requirements for a specific optional dependency listed in your pyproject.toml file, say dev dependencies, you can specify it with the -d/--dependency flag. Ideally you will use it in combination with the -o/--output flag to specify the name and location of the file you want to store the pinned requirements in:

iso-freeze -d dev -o dev-requirements.txt
# OR `iso-freeze pyproject.toml -d dev -o dev-requirements.txt`

For working with requirements files, iso-freeze follows the convention established by pip-tools and assumes you store your unpinned top-level requirements in *requirements.in files. So if you're currently in the directory that contains your requirements.in file, you can also just call the following to create or update your requirements.txt:

iso-freeze

Note: If you have both a requirements.in and a pyproject.toml file in the same directory, requirements.in is preferred if iso-freeze is called without specifying a file name.

To pin requirements from a different *requirements.in file, simply specify it:

iso-freeze requirements/dev-requirements.in -o requirements/dev-requirements.txt

By default, iso-freeze will use whatever Python interpreter is currently activate in your shell by calling python3 -m pip install. If you need a different version of Python, you can specify it with the --python/-p flag:

iso-freeze pyproject.toml -p python3.11 -o 311-requirements.txt
# Or specify full path if the Python version you need is not in your PATH:
iso-freeze pyproject.toml -p /Library/Frameworks/Python.framework/Versions/3.11/bin/python -o 311-requirements.txt

You can pass arguments directly to pip install with the --pip-args flag:

iso-freeze dev-requirements.in --pip-args "--upgrade-strategy eager --require-hashes"

Please note that by default, iso-freeze calls pip as follows:

# If dependencies come from pyproject.toml 
env PIP_REQUIRE_VIRTUALENV=false python_exec -m pip install -q --dry-run --ignore-installed --report - package1 package2
# If dependencies come from a requirements file
env PIP_REQUIRE_VIRTUALENV=false python_exec -m pip install -q --dry-run --ignore-installed --report - -r requirements_file

env PIP_REQUIRE_VIRTUALENV=false is set to ensure that this command will not fail if require-virtualenv = true is set in pip.conf. Arguments added with --pip-args will be injected after the install keyword. Example: Calling iso-freeze dev-requirements.in --pip-args "--upgrade-strategy eager" will result in the following command:

env PIP_REQUIRE_VIRTUALENV=false python3 -m pip install --upgrade-strategy eager -q --dry-run --ignore-installed --report - -r dev-requirements.in

Sync

With the --sync/-s flag, iso-freeze syncs your current environment with the output of pip install --report:

iso-freeze pyproject.toml -d dev --sync

This will remove any packages that are not dependencies of dev, install missing packages and update existing packages to match the exact versions provided in the pip install --report output.

Warning: Be careful when combining the --sync and --python options. For example:

iso-freeze pyproject.toml -d dev --sync --python python3.11

This command would install your dependencies globally! If used in combination with --sync, the --python flag should point to the executable of a virtual environment. Using --sync without the --python flag when no virtual environment is activated will install packages globally too. For security, consider adding require-virtualenv = true to your pip configuration.

Note that --sync ignores editable installs.

Hashes

iso-freeze has limited support for adding hashes because pip install --report only provides one hash for the exact file used to install a package on your system. You can include hashes with the --hashes flag:

iso-freeze pyproject.toml -d dev --hashes

This creates an output like this (truncated example):

# Top level requirements
pytest==7.1.2 \
    --hash=sha256:13d0e3ccfc2b6e26be000cb6568c832ba67ba32e719443bfe725814d3c42433c
# Dependencies of top level requirements
attrs==21.4.0 \
    --hash=sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iso_freeze-0.0.14.tar.gz (12.1 MB view details)

Uploaded Source

Built Distribution

iso_freeze-0.0.14-py3-none-any.whl (12.0 kB view details)

Uploaded Python 3

File details

Details for the file iso_freeze-0.0.14.tar.gz.

File metadata

  • Download URL: iso_freeze-0.0.14.tar.gz
  • Upload date:
  • Size: 12.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for iso_freeze-0.0.14.tar.gz
Algorithm Hash digest
SHA256 d6f8174fe945b97056cffce6ec172fa3223c60ff7f1d10213d75b6429c021882
MD5 1609bbc15963c2a5eb01eb3681cc535e
BLAKE2b-256 bfe5e610340c4091d81bd4b9a1b139e2ba5b8e71f911d5850085f790b748cf67

See more details on using hashes here.

File details

Details for the file iso_freeze-0.0.14-py3-none-any.whl.

File metadata

  • Download URL: iso_freeze-0.0.14-py3-none-any.whl
  • Upload date:
  • Size: 12.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for iso_freeze-0.0.14-py3-none-any.whl
Algorithm Hash digest
SHA256 0a0c10321df67c5bea497d77faa2765ac10edd63403c660885a4ddb836150848
MD5 ae8fdd90a110984dcf8c32388a632cda
BLAKE2b-256 6465ee2d3d36d205d38f4c98f86284bda1ff56118577d095eedb2e465e02d0de

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page