0

For context, I don't know much about Python, let alone idiomatic Python. I'm working on a brownfield project. Everything I say about docker may be irrelevant to the question I'm asking, but I can't tell: Our code runs in a Docker container. Instead of using virtual environments, we hardcode the Python version and run this in the Dockerfile:

ADD requirements.txt /
RUN pip install -r /requirements.txt \
&& rm -rf /requirements.txt

At the moment, we have two ways of adding requirements to the requirements.txt:

  1. By running this command (using twilio as an example):

    docker-compose run --rm django bash -c "pip install twilio && pip freeze > requirements.txt"

  2. By going to pypi.org, finding a dependency's name and current version, and manually adding that line to the hosts requirements.txt.

Both seem to work, but my gut tells me there are latent downsides to one/both of these. What are the pros and cons of each choice and which one is considered idiomatic? If neither of these are considered idiomatic, what's the right way to add to the requirements.txt?

I've been googling, but a lot of the results are questionable because they are really old. e.g., pip 20.3.2020 added resolver functionality, and I don't know what ripples that had on best practices.

Daniel Kaplan
  • 62,768
  • 50
  • 234
  • 356

1 Answers1

1

The requirements.txt file indicates all the dependencies that must be installed for your application to run correctly.

Running pip freeze will dump all the actually installed libraries (development, other projects, deprecated, etc) into a freshly created requirements.txt file.

Adding manually the dependencies is a more controlled manner to list your dependencies.

I recommend you adding manually the dependencies to the file while building the project. If you found some are not necessary, remove them. With the pip freeze, maybe other secondary libraries will remain.

Sergio Lema
  • 1,491
  • 1
  • 14
  • 25