Add pip requirements file

awwad / uptane

Uptane, security framework for automotive updates

https://uptane.github.io/

MIT License

10 stars 42 forks source link

Add pip requirements file #31

Closed vladimir-v-diaz closed 7 years ago

vladimir-v-diaz commented 7 years ago

Add a requirements.txt file for pip that pins specific versions of dependencies. The README is updated to include the pip command that uses dev-requirements.txt

awwad commented 7 years ago

Definitely a good move!

I'd change this slightly: since the requirements are currently in setup.py, we should:

remove the requirements from setup.py or, perhaps better, read them into setup.py
(defensively) order the items in dev-requirements.txt so that the requirements come before the project itself (so that if there are any requirements in setup.py, those installs don't happen first and obviate the version requirements in the rest of the dev-requirements.txt file)

vladimir-v-diaz commented 7 years ago

Shouldn't the dependencies still be listed in setup.py? For example, someone might only have access to the source distribution and not the GitHub repository. It is my understanding that dev-requirements.txt is usually meant for developers working on the codebase to ensure everyone is using the same set of installed dependencies. requirements.txt files also come in handy with CI tools like Travis.

awwad commented 7 years ago

We could leave them in there, but if they're in there and the "-e ." line is early in dev-requirements.txt, then that means that the versions specified in setup.py will be the ones actually installed. When pip sees the new version constraints a few moments later, it will probably ignore them.

You could just move the "-e ." line to the end of the dev-requirements.txt file.

vladimir-v-diaz commented 7 years ago

Okay, I reordered the dependencies listed in dev-requirements.txt