Closed jordan-gillard closed 4 months ago
I didn't spot this PR before merging #10, but in general am very much in favour of adding better dependency management π
I didn't spot this PR before merging #10, but in general am very much in favour of adding better dependency management π
@GalenReich Rad. I'll refactor this to account for the latest changes. Probably not until Wednesday tho π
@GalenReich lmk what you think.
Edit: I saw last night that other Bellingcat Python projects use Poetry. Would you prefer that? It's no big
Summary
This PR adds Pipenv for improved dependency management.
Rationale
1) Pipenv automatically creates and manages virtual environments. 2) The
Pipfile.lock
file locks dependencies to ensure consistent dependencies across environments, reducing "it works on my machine" issues. 3) Pipenv enhances project security by checking for known dependency vulnerabilities. 4) Pipfile is more readable and clear compared to requirements.txt, it also has a really neat[scripts]
section. 5) Pipenv distinctly separates development and production dependencies. This will make developers who want to work on this project & users who want to install from PyPI live's easier. 6) Last but not least it's endorsed by the Python Packaging Authority.I would like to make some enhancements to this project (like adding tests - #11), which would require installing
pytest
. I don't want to makepytest
a production dependency. Users who just want to use the script shouldn't have to install it. So I decided a good first step to enhancing EDGAR is to add a nicer dependency manager. Users can still userequirements.txt
for the original workflow. In the future developers can generaterequirements.txt
viapipenv requirements > requirements.txt
.Pipenv is great. Another alternative is Poetry. Please lmk if you would like further explanation/justification for this PR.