A tox plugin for pinning dependencies.
Project description
tox-pin-deps
Run tox
environments with strictly pinned dependencies using simple,
well-maintained tools (you're probably using already) with no project or code changes.
This plugin
uses jazzband/pip-tools' pip-compile
to freeze test and project dependencies, save a lock file per-testenv, and have
the locked deps installed, in the usual way via pip
, on subsequent invocations.
Usage
- Install
tox-pin-deps
in the same environment astox
. - Run
tox --pip-compile
to pin deps for the defaultenvlist
. - Commit files under
{toxinidir}/requirements/*.txt
to version control. - Subsequent runs of
tox
will install from the lock file.
- Run
tox --pip-compile
at any time to re-lock dependencies based on:deps
named intox.ini
for the environment- Project ("dist") dependencies named in
pyproject.toml
,setup.cfg
, orsetup.py
.- Unless
skip_install
orskipsdist
is true
- Unless
- Run
tox --ignore-pins
to use the dependencies named indeps
without any special behavior. - Set
pip_compile_opts = --generate-hashes
in thetestenv
config to enable hash-checking mode. - To always use this plugin, specify
requires = tox-pin-deps
in the[tox]
section oftox.ini
Motivation
This project is designed to enable reproducible test (and runtime) environments without changing project structure or requiring the use of non-standard tools.
- Use the
deps
andinstall_requires
/[project.dependencies]
that the project already specifies - Only need
pip-compile
at lock time, not at runtime - Uses standard, well-supported tooling:
pip
andvirtualenv
Why not...?
tox-constraints
- Requires the user to bring their own
constraints.txt
constraints.txt
is a newer concept in the python packaging, which may be unfamiliar.constraints.txt
with hash checking has had serveral issues since the 2020 pip resolver which make it unsuitable for this use.
poetry
/ tox-poetry
poetry
is a newer tool that most python programmers haven't worked with.poetry
is a runtime dependency for developing/testing projects.- Requirements are specified in non-standard
[tool.poetry]
section ofpyproject.toml
. - If a project isn't already using
poetry
, adopting it for the sole purpose of controlling and pinning dependencies constitutes a significant change to development and packaging workflows.
pipenv
/ tox-pipenv
pipenv
is slow, non-standard, and does NOT work for dist projectspipenv
is older, but still a tool that most python programmers haven't worked with.pipenv
is a runtime dependency for developing/testing projects.- Requirements are specified in a non-standard
Pipfile
andPipfile.lock
. - If a project isn't already using
pipenv
, adopting it for the sole purpose of controlling and pinning dependencies constitutes a significant change to development and packaging workflows. tox-pipenv
has behavioral edge cases that make it uncomfortable to work with.
pip-compile
(directly)
- Need scripts to handle updating / re-locking deps for multiple python versions
- Missing tox
deps
integration for locking test environments
pip-compile-multi
tox-pin-deps
does essentially the same thing as pip-compile-multi
, except using the
environment deps
section as the layer on top of the project's setup.py
or pyproject.toml
, instead of a separate text file.
If a project didn't want to use tox
for managing test environments,
then pip-compile-multi
is a great choice for achieving similar ends.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for tox_pin_deps-0.1a3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ad87172a4edf0c22a47acf02964058e8907df91810559655d797d7b44c27876b |
|
MD5 | 5fa6bc756a7c944121bcdc715968e598 |
|
BLAKE2b-256 | 8f163d6a0d112c4f6a45f4c5a36c4ef5f57c7723e5b803aef81260480dab9d00 |