I'll share my thoughts on this.
First, the abstract dependencies of your project are to be listed in setup.py's install_requires. They should not be pinned if possible and reading dependencies in setup.py from somewhere else is not recommended.
Thus, if you install a package created with python setup.py sdist, that project's Pipfile.lock will not be used. Instead the user of the package is reponsible for locking the dependencies and installing the package into a virtualenv.
To use our Pipfile.lock we need a different approach to deployment. I've collected a few.
1) git clone the repository on target machine or rsync -r it to target machine. Run pipenv install --deploy in cloned project directory. There are several ways of using the virtualenv:
- Launch the app with
pipenv run <appname> from the cloned project directory. Make sure you are the same user who created the virtualenv.
- Retrieve the virtualenv location by running
pipenv --venv from the cloned project directory as the same user who created the virtualenv and use it directly for running your app.
- Set
PIPENV_VENV_IN_PROJECT=1 environment variable before running pipenv install --deploy to get a consistent virtualenv location that you can then use directly for running your app.
- Before running pipenv, manually create a virtualenv then run pipenv from there. Pipenv will automatically use that virtualenv instead of creating a new one. See https://stackoverflow.com/a/49388414/7662112 for a complete workflow.
2) Use pipenv install --system --deploy to set up the virtualenv from your Pipfile.lock in docker. Then just use the docker image for deployment.
3) Dump Pipfile.lock into a requirements.txt with pipenv lock --requirements > requirements.txt and build a deb package using dh-virtualenv.
