[Python Package Dependency Management]¶
- Status: proposed
- Deciders: TBD
- Date: 2019-06-18
Context and Problem Statement¶
We as a team have been struggling with dependency management for a while now. Our current approach (‘manual’ requirements + pip constraints files) is cumbersome and error prone especially in case of dependency package version upgrades. Generally better tool support was seen as a solution to the issue.
Decision Drivers¶
- The Process of upgrading a Python package dependency is an error prone, cumbersome and manual process
- There were multiple occasions of failed dependency upgrades leading to failed CI builds and downstream incompatibilities
Decision Outcome¶
pip-tools
was chosen after a discussion between @hackaugusto, @konradkonrad, @palango and
@ulope as it currently seems to be the least disruptive and most well-used tool available.
Medium term poetry
might become the preferred solution but didn’t appear mature enough currently.
Pros and Cons of the Options¶
pip-tools
¶
Currently the most mature tool.
- Pros
- Small scope, only manages dependencies
- (Relatively) easy to understand operation model
- Stable with a long history of being maintained
- Better dependency solver than pip (which doesn’t have one)
- Cons
- No built-in support for dependencies between various requirement types (e.g. prod, dev). Requiring a custom wrapper tool.
- CLI isn’t very intuitive
poetry
¶
Looks to be a good candidate to switch to in the medium future.
- Pros
- Very polished cli
- Handles the complete package life-cycle including optional venv management
- Proper dependency solver
- Cons
- Still very new with some bugs and some usage types not supported (yet)
- Very much a departure from the established ‘way of doing things’
- Dependency resolution can currently be very slow
pipenv
¶
Similar in concept to poetry, yet seems to be not a stable tool to build upon.
- Pros
- ?
- Cons
- Also a very new tools
- Many reports of arbitrary breakage with minor upgrades
- Dependency resolution appears not to be stable