algo icon indicating copy to clipboard operation
algo copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

adding pipenv support

Open elreydetoda opened this issue 4 years ago • 4 comments

Description

added pipenv support by adding Pipfile and Pipfile.lock files. more details in #1868

Motivation and Context

I detail more information in the description of my issue, but pipenv will be nice from a development perspective and potentially people who want to use pipenv instead of the normal "Install Algo's remaining dependencies" section. Instead the steps can just be

pipenv install    # this will handle creating the virtualenv and installing the dependencies
pipenv shell      # this will take the user inside the virtualenv

from a dev position you can pin your ansible-lint ( or whatever you use for development/linting ) and ensure that everyone who wants to do development has the exact same version that is run in CI.

close #1868

How Has This Been Tested?

I have run the --version command for both ansible and ansible-lint.

I had pipenv installed with pip3 install pipenv ( but any pipenv install should work ) and was working with python3.8. This should work with any python version though, since I didn't pin the python version in the Pipfile.

This is just a handler for venvs and dependency management, so you don't have to use it but it is there if you want to.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • [x] I have read the CONTRIBUTING document.
  • [x] My code follows the code style of this project.
  • [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.
  • :arrow_up: I don't know what I should update for this change?
  • [ ] I have added tests to cover my changes.
  • :arrow_up: I don't know what I should update for this change?
  • [x] All new and existing tests passed.

elreydetoda avatar Dec 28 '20 19:12 elreydetoda

+1 to this.

We can generate a matching requirements.txt from the Pipefile for folks that want to continue using that but in general, I've found that pipenv has been better at working out the constraints & dependencies.

jauderho avatar Sep 01 '21 20:09 jauderho

It's been a bit since I have installed the deps for that branch, but I should easily be able to update this PR if someone from the project wants to accept it :slightly_smiling_face:

elreydetoda avatar Sep 01 '21 20:09 elreydetoda

I'd say to wait after #14272 is merged

jauderho avatar Sep 01 '21 21:09 jauderho

tl;dr: this has the exact same dependencies that the requirements.txt has in master currently.

So, this Pipfile & Pipfile.lock should be pinning to the exact dependencies inside the current requirements.txt.

I added an intermediary commit in there, so I could add "*" for all the dependencies. This will make upgrades in the future easier, but in the last commit you can see I reverted the hashes from the initial commit and updated the hash line specifically so Pipenv doesn't try to update the lock file again.

$ gd HEAD..5210bf4 | cat
diff --git a/Pipfile b/Pipfile
index 3926440..8002695 100644
--- a/Pipfile
+++ b/Pipfile
@@ -4,10 +4,10 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-ansible-core = "*"
-ansible = "*"
+ansible-core = "==2.11.3"
+ansible = "==4.4.0"
 netaddr = "*"
-Jinja2 = "*"
+Jinja2 = "~=3.0.1"
 
 [dev-packages]
 
diff --git a/Pipfile.lock b/Pipfile.lock
index d5b4e73..bed9528 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "0c3c627d43a80cad0a384a195031ecdf469cea355e4b4e878b0a5f089e925d25"
+            "sha256": "1277a5279f6bb88863ea7a08d9bf546dca26dab2c405640d45fc5b5f958f9ec8"
         },
         "pipfile-spec": 6,
         "requires": {

Speaking of updates, the way you should be able to update dependencies with pipenv is pipenv update command.

I say should, because ( like @glennschler had an issue with here ) sometimes ansible wants a fresh install. So, in that can I have had to run pipenv --rm && pipenv install --skip-lock && pipenv lock. This will essentially install all packages "fresh" and then pin the dependencies after the install.

Also, the way that @jauderho was mentioning about generating the requirements file you can run this:

$ pipenv lock -r    
#
# These requirements were autogenerated by pipenv
# To regenerate from the project's Pipfile, run:
#
#    pipenv lock --requirements
#

-i https://pypi.org/simple
ansible-core==2.11.6
ansible==4.8.0
cffi==1.15.0
cryptography==35.0.0; python_version >= '3.6'
jinja2==3.0.2
markupsafe==2.0.1; python_version >= '3.6'
netaddr==0.8.0
packaging==21.2; python_version >= '3.6'
pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
pyyaml==6.0; python_version >= '3.6'
resolvelib==0.5.4

elreydetoda avatar Nov 03 '21 03:11 elreydetoda