1 00:00:00,670 --> 00:00:02,020 Hello again. 2 00:00:02,020 --> 00:00:08,250 Let's take a look at these two files that pipenv created, Pipfile and Pipfile.lock. 3 00:00:08,250 --> 00:00:09,505 Let's start with the Pipfile. 4 00:00:10,770 --> 00:00:11,570 Open Pipfile. 5 00:00:13,320 --> 00:00:16,503 The format of this file is called TOML. 6 00:00:16,503 --> 00:00:20,820 TOML is an acronym for Tom's Obvious Minimal Language, and 7 00:00:20,820 --> 00:00:23,010 is pretty easy to read. 8 00:00:23,010 --> 00:00:23,620 Thanks, Tom. 9 00:00:24,770 --> 00:00:28,610 The file is separated into sections, designated by square brackets. 10 00:00:29,890 --> 00:00:34,070 We have the source section, which tells pipenv where to get files, 11 00:00:34,070 --> 00:00:37,870 the packages section for the required packages for the project. 12 00:00:37,870 --> 00:00:43,170 We see the two packages we've installed, requests without a specific version, 13 00:00:43,170 --> 00:00:46,730 and matplotlib with our pinned 2.2.2 version. 14 00:00:47,810 --> 00:00:53,190 Next is the dev-packages section for the development only packages. 15 00:00:53,190 --> 00:00:58,264 Finally, we have a requires section, which has things like a specific python_version. 16 00:00:59,280 --> 00:01:04,320 The intent of this Pipfile is to replace the requirements.txt file that we 17 00:01:04,320 --> 00:01:09,450 find when using pip, and is the dependency reference store or our project. 18 00:01:09,450 --> 00:01:12,570 Notice that there are no sub-dependencies in here. 19 00:01:12,570 --> 00:01:16,341 Pipenv will only include the packages that need to be imported. 20 00:01:16,341 --> 00:01:20,520 We installed matplotlib, which is here in the packages section. 21 00:01:20,520 --> 00:01:23,823 And matplotlib has lots of dependencies. 22 00:01:23,823 --> 00:01:25,443 Pipenv is very clean and 23 00:01:25,443 --> 00:01:31,130 manages all of the sub-dependency versioning for us, pretty nice. 24 00:01:31,130 --> 00:01:35,473 Let's look at Pipfile.lock. 25 00:01:40,115 --> 00:01:46,820 This file is generated by default with SHA-256 hashes of each downloaded package. 26 00:01:46,820 --> 00:01:51,000 This guarantees the installation will be what we want to install, 27 00:01:51,000 --> 00:01:53,980 even on compromised or untrusted networks. 28 00:01:53,980 --> 00:01:59,580 Security is always an important consideration, and pipenv has it built-in. 29 00:01:59,580 --> 00:02:04,464 This makes suer that the packages we want installed are the verified true packages, 30 00:02:04,464 --> 00:02:08,050 not some harmful one that may be maliciously posted. 31 00:02:08,050 --> 00:02:09,541 If we scroll through this file, 32 00:02:09,541 --> 00:02:13,462 we'll see that this is where all of our sub-dependencies are handled. 33 00:02:13,462 --> 00:02:18,240 This Pipfile.lock is not meant to ever be manually edited, and 34 00:02:18,240 --> 00:02:20,560 is intended to be used in production. 35 00:02:20,560 --> 00:02:23,670 How then do we make sure our production version is up to date? 36 00:02:24,680 --> 00:02:27,738 We run the pipenv lock command. 37 00:02:30,572 --> 00:02:32,640 I'm gonna run pipenv lock. 38 00:02:34,180 --> 00:02:40,460 Running pipenv lock updates or generates the Pipfile.lock, if it's missing. 39 00:02:40,460 --> 00:02:45,189 Then in a production environment, we can install all of the specific build 40 00:02:45,189 --> 00:02:51,780 information with pipenv, install, and we can ignore the Pipfile. 41 00:02:56,974 --> 00:03:00,767 When we run this, pipnv ignores the Pipfile, and 42 00:03:00,767 --> 00:03:04,130 uses the Pipfile.lock for installation. 43 00:03:04,130 --> 00:03:08,020 It creates the exact same environment that we have on our system. 44 00:03:08,020 --> 00:03:09,490 Your production environment will, 45 00:03:09,490 --> 00:03:12,780 therefore, be the same as your development environment. 46 00:03:12,780 --> 00:03:14,590 Another great feature. 47 00:03:14,590 --> 00:03:15,900 Let's take a quick break, and 48 00:03:15,900 --> 00:03:19,650 look at a couple of additional features of pipenv when we get back together