Managing Python Dependencies Transcripts
Chapter: Setting Up Reproducible Environments & Application Deploys
Lecture: Capturing Project Dependencies

Login or purchase this course to watch this video and the rest of the course contents.
0:01 Now how do you create one of those requirements files? One way to do it would be to just create a text file, and type your dependencies into it.
0:10 And that might be a pretty good way to do it. On the other hand, it becomes very difficult to actually capture all of the dependencies,
0:18 including the secondary or transitive dependencies for you application. Luckily, pip can help you with that.
0:26 So what I am going to do now is I am going to show you the pip freeze command you can use to create requirements files very easily.
0:33 I am in my terminal here and I've got a virtual environment activated. So to show you that this is a completely new virtual environment
0:41 where I haven't installed any third party dependencies, I am going to run the pip list command.
0:47 You can see here that this just contains the internals for pip and there are no third party packages here.
0:55 pip freeze is the magic incantation for creating these requirements files. Now watch what happens when I run pip freeze on a virtual environment
1:03 without third party packages. That is right, nothing happens. Because there is nothing for pip to freeze.
1:11 So now I am going to install a couple of third party packages so we can actually start creating a requirements file.
1:18 Alright, I just installed the latest version of Requests and now, when I run pip list again, you can see here that Requests shows up in this list,
1:31 now we could just take that and type it out into a separate requirements.txt file but really this is what the pip freeze command is made for.
1:40 So when I run the pip freeze command now, I get a different result, it actually captured the Requests library as a third party dependency,
1:48 so the output of the pip freeze command is all we need to create our requirements.txt file.
1:54 We can actually just take that output and pipe it into a requirements.txt file, and we don't even need to copy paste it
2:04 and go through a separate editor, let me show you how that works. So this is the command I would run here, and once that finished,
2:12 it created a new requirements.txt file. So when I take a look at this file you can see that it contains exactly the output of the pip freeze command,
2:21 and that is a very quick way to capture the dependencies that are installed in your virtual environment or in any Python environment for that matter.
2:29 Now before we move on, I want to show you how pip freeze, not only captures the top level dependencies,
2:37 but it actually is smart enough to go and capture all of the secondary or so called transitive dependencies,
2:44 to include them in its output which we could then put into requirements.txt file. So Requests doesn't actually have any third party dependencies,
2:52 so it doesn't really make a great example here, so now I am going to install the Flask module, as another third party dependency
2:59 because Flask actually contains a bunch of secondary dependencies that I can then use to demo how pip freeze deals with them.
3:11 Okay, so I just installed Flask here and you can already see that it came with a bunch of third party dependencies,
3:19 and now these should actually show up if I run pip freeze again, as secondary or transitive dependencies,
3:28 alright, so there we go, when I run pip freeze again, with Flask installed, it's also listing the other dependencies or the secondary dependencies
3:38 that Flask brought with it, because really all I did here initially was run pip install Flask and then Flask itself brought in
3:45 all of these other secondary dependencies. Capturing these secondary dependencies is super important to make an environment reproducible.
3:54 As you can see here, pip freeze does exactly that, so if I regenerate my requirements file, you can see that this captures all of the dependencies,
4:08 so with this requirements file, we're in a pretty good shape to completely reproduce this exact environment
4:15 on another machine including the exact version specifiers and including all of the dependencies and secondary dependencies
4:22 that our application might need. Here is a quick recap on capturing dependencies
4:28 using the pip freeze command, basically you'll run the pip freeze command and then take its output to create your requirements.txt file,
4:37 and then you would include the requirements file with your project so that another developer can recreate the exact same environment
4:44 that you were using at the time when you created the pip freeze file. Please note that the requirements file only specifies third party packages
4:54 and their version numbers, so this is not going to specify exactly which version of the Python interpreter to use for example.
5:02 pip freeze is the most important ingredient for achieving repeatability, so with pip freeze you can capture all dependencies of your programs
5:11 including secondary dependencies and their exact version numbers. So it's really important to capture the secondary dependencies
5:19 also because if you only specify the first level or top level dependencies,
5:25 what could happen is there might be a silent update for a secondary dependency and this could then cause trouble down the line
5:32 when someone tries to install your program at a later point in time. To avoid surprises, it's a good idea to always provide a requirements file
5:41 that includes all of the secondary dependencies and their exact version numbers with your program.


Talk Python's Mastodon Michael Kennedy's Mastodon