This post discusses how to manage Python dependencies in a boring way, focusing on the use of requirements files, virtual environments, and pip tools. The author recommends sticking to the default Python packaging tools for reliable and well-understood dependency management. The post covers topics such as defining and producing distributable artifacts, using distributable artifacts to reproduce code elsewhere, and working with multiple independent projects with potentially conflicting dependencies. It also explains the importance of reproducibility, hashing packages for verification, and using wheel packages to prevent code execution during installation.
Table of contents
A quick introduction to Python packagingRequirementsMore requirementsSeeing the trees in the forestHashing it outInvocationsPutting it all togetherStaying up-to-dateAnd that’s a wrapSort: