aka repeatable builds made better
Robert Collins
[email protected]
@rbtcollins (Twitter)
Note: what do you do after you test it? You deploy it... and you want to know that that will work.
- Linux
- Docker
- Pip
- Updates break things
Note: Linux - ancient; docker - just distro, no better; pip - latest but... its the latest
- Loose coupling
- Mistakes
- Major versions
Don't use other projects at all
Note: Not very useful: high friction, parallel toolchain.
Note: Fragile: need to gate changes, no guarantee that what comes in is backwards comaptible.
lxml>=3.4,<3.4
lxmlproc<=0.2
Note: Bad: your releases are now transitively controlling common plumbing but when one server releases, its now incompatible with your other.
all your dependencies in e.g. my_tree/_vendor/ Note: Breaks exactly the same when you have multiple projects. Also gosh - don't even think about the impact when you pass objects from vendors libraries to standalone ones.
lxml==3.4.0
lxmlproc==0.2
Note: Pins the dependencies precisely. Doesn't depend on mirror fragility. But installs the world every time: describes DEPLOYMENT.
easy_install
Note: Same issue with multiple projects
lxml==3.4.0
lxmlproc==0.2
pip install -c my-constraints.txt my-project
Note: Describes a consistent universe of packages.
- You have multiple projects
- You have some optional dependencies
- Single project
- Fixed set of dependencies
- Special cases
Your project is not a special case
(Unless your name is Donald Stufft, or Jason R. Coombs)
Note: At least until pip's recursive resolver is landed
Note: Because you do want to keep up to date with security fixes etc
Could use generate-constraints from https://git.openstack.org/openstack/requirements
Record known-bad, not presumed-broken. Note: Otherwise you'll wedge yourself during releases
- Unconstrained
- Can install any version
Pip has a lot of legacy and corner case code Note: come see my talk on sunday morning!
export USE_CONSTRAINTS=True
Note: will Just Work.
[tox]
minversion = 1.8
...
[testenv]
install_command =
constraints: pip install -U --force-reinstall \
-c{env:UPPER_CONSTRAINTS_FILE:\
{toxinidir}/upper-constraints.txt}\
{opts} {packages}
pip install -U --force-reinstall {opts} {packages}
tox -e py27-constraints
http://git.openstack.org/cgit/openstack/requirements/tree/upper-constraints.txt Note: Current thing designed for CI
- Robert Collins
- @rbtcollins
- lifeless on freenode
- [email protected]