Manage dependencies using Pipfile
Pipfile is the dedicated file used by the Pipenv virtual environment to manage project dependencies. This file is essential for using Pipenv. When you create a Pipenv environment either for a new or an existing project, the Pipfile is generated automatically. The file is added to the current project, you can see it in the Project tool window. Similarly, when you open a project with a Pipfile file in Aqua for the very first time, the Pipenv virtual environment is configured automatically.
Consider a task of creating a list of dependencies from scratch.
Manage project dependencies by using Pipfile
When Aqua creates a Pipfile for a new pipenv virtual environment, the file looks as follows:
The
python_version
parameter is the version of the base interpreter you specified when creating a new Pipenv virtual environment. Thepackages
section is the place where you can list the packages required for your project.Add a new package dependency by modifying the
packages
section.[packages] django = "*"Any time you modify the Pipfile file, Aqua suggests one of the following actions:
pipenv lock
— records the new requirements to the Pipfile.lock file.pipenv update
— records the new requirements to the Pipfile.lock file and installs the missing dependencies on the Python interpreter.
Click pipenv update to install the Django package.
Navigate to SDKs in the Platform Settings, then select the Pipenv SDK. Ensure that Django is in the list of the installed packages.
Ctrl+Alt+Shift+S, select
Aqua tracks if any of the requirements listed in Pipfile are not met and suggests that you apply the affected dependencies.
Apply dependencies
Consider a case when you've checked out or updated the project source files and see the following message:
It means that your virtual environment doesn't meet the requirements listed in the current version of Pipfile.
Click Install requirements from Pipfile.lock to install the missing packages.
You might have noticed that along with Pipfile, the Pipfile.lock file takes the key important role in managing pipenv project requirements. Each time you execute either pipenv lock
or pipenv update
, the current snapshot of the virtual environment is taken. Examine the following fragment:
The file has recorded the exact versions of the packages that were installed for the project. It also has generated the hash codes to facilitate secure deployment of your application. When you're downloading dependencies from an untrusted source, the hash codes are used to ensure that the project files are trusted.