In a requirements-*.in file, at the top of the file, are lines with -c and -r flags followed by a requirements-*.in file. Uses relative paths (ignoring URLs).

Say have docs/requirements-pip-tools.in

-r ../requirements/requirements-prod.in
-c ../requirements/requirements-pins-base.in
-c ../requirements/requirements-pins-cffi.in

...

The intent is compiling this would produce docs/requirements-pip-tool.txt

But there is confusion as to which flag to use. It’s non-obvious.

constraint

Subset of requirements features. Intended to restrict package versions. Does not necessarily (might not) install the package!

Does not support:

  • editable mode (-e)

  • extras (e.g. coverage[toml])

Personal preference

  • always organize requirements files in folder(s)

  • don’t prefix requirements files with requirements-, just doing it here

  • DRY principle applies; split out constraints which are shared.

  • spoonbill@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 个月前

    Constraints are useful for restricting build dependencies of your dependencies, especially if they follow PEP-518.

    • logging_strict@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      29 天前

      Was working under the assumption that everyone considered constraints (-c) to be non-negotiable required feature.

      If only have requirements (-r), in a centralized pyproject.toml, then how to tackle multiple specific dependency hell issues without causing a huge amount of interconnected clutter?

        • logging_strict@programming.devOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          29 天前

          Within the context of resolving dependency conflicts, poetry decided pyproject.toml is a great place to put requirements.

          This is what people know.

          pyproject.toml or venv management should otherwise never come into the conversation.

          My personal opinion is: venv, pip, pyenv, pip-tools, and tox are sufficient to manage venvs.

          venvs are not required to manage requirement files. It’s a convenience so dev tools are accessible.

          Currently the options are: poetry or uv.

          With honorable mention to pip-compile-multi, which locks dependencies.

          poetry and uv manage venvs… Why?

          • Eager Eagle@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            29 天前

            are you really asking why use 1 tool instead of 5?

            venvs and dependency management are such interconnected concepts, I don’t even know how you could sustainably handle them separately.

            • logging_strict@programming.devOP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              29 天前

              UNIX philosophy. One tool that does one thing well

              Best to have a damn good reason when breaking this principle (e.g. vendoring) or be funded by Money McBags

              requirements files are requirements files, not venvs. They may install into venv, but they are not venvs themselves. The only thing a venv provides that is of interest to ur requirements files are: the relative folder path (e.g. ‘.venv’) and python interpreter path. Nothing more. When using tox, the py version is hardcoded, so only need to provide the relative folder path.

              The venv management tools we have are sufficient. the problem is not the venv, it’s managing the requirements files.

              Your 1 tool suacks just as much as my 5 tools when it comes to managing requirement files. None of them do the job.

              • Eager Eagle@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                29 天前

                The Python env has been trying this multiple tools approach for decades and consistently delivering a worse experience than languages that pack most things in one tool.

                Rust is a bliss to use, largely thanks to cargo that takes care of build, dependencies, locking, tests, publishing etc. You say do one thing and do it well. In my experience they often do one thing in a mediocre way, while forcing users to understand which and how to combine dozens of possible tools in a development environment that keeps changing. It’s messy, slow, error prone, and requires constant developer attention.

                • logging_strict@programming.devOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  27 天前

                  Most languages don’t support packages containing multiple languages (C/C++, Cython, and Python). So Python situation is much more complex.

                  distutils

                  setuptools is complex

                  pip is complex

                  requirements files are complex

                  space aliens wrote pytest (and pluggy)

                  publishing and dependencies are super centralized, depending on pypi.org way too much.

                  Comparing Rust vs Python is nonsense. Rust is a stricter compiler on top of C. It has to deal with legacy C libraries. It has it very very easy.

          • spoonbill@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            29 天前

            I was asking why you need to have a centralized pyproject.toml file, which is apparently why you need constraint files? Most people don’t have this workflow, so are not even aware of constraint files, much less see them as a must-have.

            • logging_strict@programming.devOP
              link
              fedilink
              arrow-up
              1
              ·
              27 天前

              I totally agree with you. So not the best champion of the poetry approach. Someone else would need to step forward, even as devils advocate, and champion poetry. Even if tongue in cheek. Anyone?

              Normally, there is no connection between constraint files and pyproject.toml

              Python appears to be forever stuck with plain text requirement|constraint files. So putting them into pyproject.toml is just adding an extra layer of complexity.

              • spoonbill@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                ·
                27 天前

                If most people prefer pyproject.toml over requirements.txt, even if it does not support everything you need, isn’t it more likely that you will have to change workflow rather than python remaining stuck with requirement.txt?

                • logging_strict@programming.devOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  26 天前

                  more likely

                  That almost sounds like you might consider to jump on polymarket, initiate the prediction, put money down on that prediction creating a position, but need a little nudge.

                  Are you willing to make that bet? The size of the bet reflects how strongly you feel. Are you going to make this interesting?

                  The other side of that bet would be:

                  Could become that guy who extends the theory, makes a better way of doing it, and creates and publishes the package and docs.

                  And the world+dog recognizes the package amongst the other tools in this genre, rather than i conforming to existing tools (uv or poetry or pip-compile-multi).

                  In your favor, there are three tools. So three people/teams on this planet have presented a solution. Can count that on one hand with fingers to spare!

                  On the other hand, lets keep in mind, this is a Python specific forum and everyone here are skilled super talented coders and probably full on freak’n geniuses (lifts hand, pinky to closest edge of mouth, everyone looks around at one another and copies, then looks back at you with an errie almost coordinated synchronized eye brow raise). And i oddly posted about this exact topic. Literally anyone and everyone who has commented could be that guy.

                  scratches head

                  looks up with one eye to check star positions

                  rubs chin

                  occasional alternating strong eye brow movements …

                  (with hand on chin) who is this guy, should i call his bluff by taking a position? Whats the likelihood he’s secretly a closet poetry user and just some poser?

                  If you won, could you be sad?

                  If you lost, not get upset or ego hurt instead be much happier with the published tool over the money?

                  What are the odds looking like on this particular prediction?

                  Looking forward to you posting the URL to the prediction on polymarket then promoting the market to maximize your returns. First in and clean house. Rinse wash and repeat with this blowhard wannabe (referring to myself).

                  • spoonbill@programming.dev
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    26 天前

                    Here is another prediction: the volume of that bet would be nowhere near where it needs to be to make the bet interesting.

                    Disagree? Create the bet yourself and prove me wrong.