Open rhmdnd opened 2 years ago
I propose a third alternative which would work well for the use case of the utility scripts: https://github.com/pypa/pipenv
Pipfile.lock
would be equivalent to pinning versions in requirements.txt, except less hassle to maintaintox
.The biggest argument against this, of course, is:
tox
as well).That's a good point. I updated the issue to be more generic about dependency management.
I'm in favor of either approach. In my opinion, I feel like offering something to handle dependencies, even if it does add another tool to the project, makes it easier to use all the utility scripts.
Description of problem:
The
utils/
directory has a bunch of useful python scripts for working with CaC content. Some of the scripts rely on libraries outside the python standard library. To make it easier to use, should we consider adopting a requirements.txt file utility dependencies?SCAP Security Guide Version:
Operating System Version:
Steps to Reproduce:
Actual Results:
Import failures depending on the scripts you're trying to use.
Expected Results:
Tools work as expected after installing requirements.
Additional Information/Debugging Steps:
We could update the documentation to reference
requirements.txt
during install process, or usetox
to build a virtual environment with all the necessary dependencies for the utility scripts we rely on in CaC.