Managing Python Dependencies Transcripts
Chapter: Setting Up Reproducible Environments & Application Deploys
Lecture: Capturing Project Dependencies
0:01 Now how do you create one of those requirements files?
0:04 One way to do it would be to just create a text file,
0:07 and type your dependencies into it.
0:09 And that might be a pretty good way to do it.
0:12 On the other hand, it becomes very difficult to actually
0:15 capture all of the dependencies,
0:17 including the secondary or transitive dependencies for you application.
0:22 Luckily, pip can help you with that.
0:25 So what I am going to do now is I am going to show you
0:28 the pip freeze command you can use to create requirements files very easily.
0:32 I am in my terminal here and I've got a virtual environment activated.
0:36 So to show you that this is a completely new virtual environment
0:40 where I haven't installed any third party dependencies,
0:43 I am going to run the pip list command.
0:46 You can see here that this just contains the internals for pip
0:51 and there are no third party packages here.
0:54 pip freeze is the magic incantation for creating these requirements files.
0:59 Now watch what happens when I run pip freeze on a virtual environment
1:02 without third party packages. That is right, nothing happens.
1:07 Because there is nothing for pip to freeze.
1:10 So now I am going to install a couple of third party packages
1:13 so we can actually start creating a requirements file.
1:17 Alright, I just installed the latest version of Requests and now,
1:24 when I run pip list again, you can see here that Requests shows up in this list,
1:30 now we could just take that and type it out into a separate requirements.txt file
1:36 but really this is what the pip freeze command is made for.
1:39 So when I run the pip freeze command now, I get a different result,
1:42 it actually captured the Requests library as a third party dependency,
1:47 so the output of the pip freeze command is
1:50 all we need to create our requirements.txt file.
1:53 We can actually just take that output and pipe it into a requirements.txt file,
1:59 and we don't even need to copy paste it
2:03 and go through a separate editor, let me show you how that works.
2:07 So this is the command I would run here, and once that finished,
2:11 it created a new requirements.txt file.
2:14 So when I take a look at this file you can see that it contains
2:17 exactly the output of the pip freeze command,
2:20 and that is a very quick way to capture the dependencies
2:23 that are installed in your virtual environment
2:26 or in any Python environment for that matter.
2:28 Now before we move on, I want to show you how pip freeze,
2:32 not only captures the top level dependencies,
2:36 but it actually is smart enough to go and capture all of the secondary
2:40 or so called transitive dependencies,
2:43 to include them in its output which we could then put into requirements.txt file.
2:48 So Requests doesn't actually have any third party dependencies,
2:51 so it doesn't really make a great example here,
2:53 so now I am going to install the Flask module, as another third party dependency
2:58 because Flask actually contains a bunch of secondary dependencies
3:02 that I can then use to demo how pip freeze deals with them.
3:10 Okay, so I just installed Flask here and you can already see
3:13 that it came with a bunch of third party dependencies,
3:18 and now these should actually show up if I run pip freeze again,
3:22 as secondary or transitive dependencies,
3:27 alright, so there we go, when I run pip freeze again, with Flask installed,
3:31 it's also listing the other dependencies or the secondary dependencies
3:37 that Flask brought with it, because really all I did here initially
3:40 was run pip install Flask and then Flask itself brought in
3:44 all of these other secondary dependencies.
3:47 Capturing these secondary dependencies is super important
3:50 to make an environment reproducible.
3:53 As you can see here, pip freeze does exactly that,
3:55 so if I regenerate my requirements file,
4:03 you can see that this captures all of the dependencies,
4:07 so with this requirements file, we're in a pretty good shape
4:10 to completely reproduce this exact environment
4:14 on another machine including the exact version specifiers
4:18 and including all of the dependencies and secondary dependencies
4:21 that our application might need.
4:25 Here is a quick recap on capturing dependencies
4:27 using the pip freeze command, basically you'll run the pip freeze command
4:31 and then take its output to create your requirements.txt file,
4:36 and then you would include the requirements file with your project
4:39 so that another developer can recreate the exact same environment
4:43 that you were using at the time when you created the pip freeze file.
4:47 Please note that the requirements file only specifies third party packages
4:53 and their version numbers, so this is not going to specify
4:56 exactly which version of the Python interpreter to use for example.
5:01 pip freeze is the most important ingredient for achieving repeatability,
5:06 so with pip freeze you can capture all dependencies of your programs
5:10 including secondary dependencies and their exact version numbers.
5:14 So it's really important to capture the secondary dependencies
5:18 also because if you only specify the first level or top level dependencies,
5:24 what could happen is there might be a silent update for a secondary dependency
5:28 and this could then cause trouble down the line
5:31 when someone tries to install your program at a later point in time.
5:35 To avoid surprises, it's a good idea to always provide a requirements file
5:40 that includes all of the secondary dependencies
5:42 and their exact version numbers with your program.