Pipfile & Pipfile.lock3:20 with Ken Alger
Pipenv creates a couple of files that manage our development and production dependencies, Pipfile and Pipfile.lock.
Hello again. 0:00 Let's take a look at these two files that pipenv created, Pipfile and Pipfile.lock. 0:02 Let's start with the Pipfile. 0:08 Open Pipfile. 0:10 The format of this file is called TOML. 0:13 TOML is an acronym for Tom's Obvious Minimal Language, and 0:16 is pretty easy to read. 0:20 Thanks, Tom. 0:23 The file is separated into sections, designated by square brackets. 0:24 We have the source section, which tells pipenv where to get files, 0:29 the packages section for the required packages for the project. 0:34 We see the two packages we've installed, requests without a specific version, 0:37 and matplotlib with our pinned 2.2.2 version. 0:43 Next is the dev-packages section for the development only packages. 0:47 Finally, we have a requires section, which has things like a specific python_version. 0:53 The intent of this Pipfile is to replace the requirements.txt file that we 0:59 find when using pip, and is the dependency reference store or our project. 1:04 Notice that there are no sub-dependencies in here. 1:09 Pipenv will only include the packages that need to be imported. 1:12 We installed matplotlib, which is here in the packages section. 1:16 And matplotlib has lots of dependencies. 1:20 Pipenv is very clean and 1:23 manages all of the sub-dependency versioning for us, pretty nice. 1:25 Let's look at Pipfile.lock. 1:31 This file is generated by default with SHA-256 hashes of each downloaded package. 1:40 This guarantees the installation will be what we want to install, 1:46 even on compromised or untrusted networks. 1:51 Security is always an important consideration, and pipenv has it built-in. 1:53 This makes suer that the packages we want installed are the verified true packages, 1:59 not some harmful one that may be maliciously posted. 2:04 If we scroll through this file, 2:08 we'll see that this is where all of our sub-dependencies are handled. 2:09 This Pipfile.lock is not meant to ever be manually edited, and 2:13 is intended to be used in production. 2:18 How then do we make sure our production version is up to date? 2:20 We run the pipenv lock command. 2:24 I'm gonna run pipenv lock. 2:30 Running pipenv lock updates or generates the Pipfile.lock, if it's missing. 2:34 Then in a production environment, we can install all of the specific build 2:40 information with pipenv, install, and we can ignore the Pipfile. 2:45 When we run this, pipnv ignores the Pipfile, and 2:56 uses the Pipfile.lock for installation. 3:00 It creates the exact same environment that we have on our system. 3:04 Your production environment will, 3:08 therefore, be the same as your development environment. 3:09 Another great feature. 3:12 Let's take a quick break, and 3:14 look at a couple of additional features of pipenv when we get back together 3:15
You need to sign up for Treehouse in order to download course files.Sign up