Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Pipenv creates a couple of files that manage our development and production dependencies, Pipfile and Pipfile.lock.
This video doesn't have any notes.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
Hello again.
0:00
Let's take a look at these two files that
pipenv created, Pipfile and Pipfile.lock.
0:02
Let's start with the Pipfile.
0:08
Open Pipfile.
0:10
The format of this file is called TOML.
0:13
TOML is an acronym for
Tom's Obvious Minimal Language, and
0:16
is pretty easy to read.
0:20
Thanks, Tom.
0:23
The file is separated into sections,
designated by square brackets.
0:24
We have the source section,
which tells pipenv where to get files,
0:29
the packages section for
the required packages for the project.
0:34
We see the two packages we've installed,
requests without a specific version,
0:37
and matplotlib with our
pinned 2.2.2 version.
0:43
Next is the dev-packages section for
the development only packages.
0:47
Finally, we have a requires section, which
has things like a specific python_version.
0:53
The intent of this Pipfile is to replace
the requirements.txt file that we
0:59
find when using pip, and is the dependency
reference store or our project.
1:04
Notice that there are no
sub-dependencies in here.
1:09
Pipenv will only include the packages
that need to be imported.
1:12
We installed matplotlib,
which is here in the packages section.
1:16
And matplotlib has lots of dependencies.
1:20
Pipenv is very clean and
1:23
manages all of the sub-dependency
versioning for us, pretty nice.
1:25
Let's look at Pipfile.lock.
1:31
This file is generated by default with
SHA-256 hashes of each downloaded package.
1:40
This guarantees the installation
will be what we want to install,
1:46
even on compromised or untrusted networks.
1:51
Security is always an important
consideration, and pipenv has it built-in.
1:53
This makes suer that the packages we want
installed are the verified true packages,
1:59
not some harmful one that
may be maliciously posted.
2:04
If we scroll through this file,
2:08
we'll see that this is where all of
our sub-dependencies are handled.
2:09
This Pipfile.lock is not meant
to ever be manually edited, and
2:13
is intended to be used in production.
2:18
How then do we make sure our
production version is up to date?
2:20
We run the pipenv lock command.
2:24
I'm gonna run pipenv lock.
2:30
Running pipenv lock updates or generates
the Pipfile.lock, if it's missing.
2:34
Then in a production environment,
we can install all of the specific build
2:40
information with pipenv, install,
and we can ignore the Pipfile.
2:45
When we run this,
pipnv ignores the Pipfile, and
2:56
uses the Pipfile.lock for installation.
3:00
It creates the exact same environment
that we have on our system.
3:04
Your production environment will,
3:08
therefore, be the same as
your development environment.
3:09
Another great feature.
3:12
Let's take a quick break, and
3:14
look at a couple of additional features
of pipenv when we get back together
3:15
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up