pipenv:为什么在安装包时自动创建锁定文件时运行 pipenv lock
[英]pipenv: why to run pipenv lock when lock file is automatically created wheneven i install a package
问题描述
Pipenv:
管道:
I found at https://realpython.com/pipenv-guide/ that to tranfer the project to development i have to run我在https://realpython.com/pipenv-guide/发现要将项目转移到开发我必须运行
pipenv lock
(to update/create the Pipfile.lock file) (更新/创建 Pipfile.lock 文件)
As per my understanding whenever we install any package using根据我的理解,每当我们使用
pipenv install django
Pipfile.lock is automatically generated/updated. Pipfile.lock 是自动生成/更新的。
So whats the need to do那么需要做什么
pipenv lock
isnt the Pipfile.lock always the updated.不是 Pipfile.lock 总是更新的。
of course in case i want to create .lock file at any time (by chance if its delete) i may do pipenv lock当然,如果我想随时创建 .lock 文件(如果它被删除的话)我可以做pipenv lock
Also if by chance the pipfile is deleted can i recreate it again.此外,如果 pipfile 被删除,我可以重新创建它。
3 个解决方案
解决方案1
0 2018-10-08 09:06:53
It ensures that the dependencies are defined before you start/continue installation - 它确保在开始/继续安装之前定义了依赖项-
From https://pipenv.readthedocs.io/en/latest/basics/#pipenv-lock 从https://pipenv.readthedocs.io/en/latest/basics/#pipenv-lock
$ pipenv lock is used to create a Pipfile.lock, which declares all dependencies (and sub-dependencies) of your project, their latest available versions, and the current hashes for the downloaded files.
解决方案2
0 2019-05-10 13:24:10
You're right that the Pipfile.lock has already been created when installing the virtual environment or some packages. 没错,在安装虚拟环境或某些软件包时,已经创建了Pipfile.lock 。 As far as I understand, the goal would be to update all your dependencies before entering production. 据我了解,目标是在进入生产之前更新所有依赖项。
But I think against the documentation you should not update the Pipfile.lock at this stage, unless you're very confident in your CI pipeline and your test framework, because it could potentially deploy in production some untested dependency version Remember that pipenv lock will not install on your development machine the update dependencies, and if you rerun your tests without pipenv sync you will not test the updated dependencies. 但我认为对的文档,你不应该更新Pipfile.lock在这个阶段,除非你在你的CI管道和测试框架非常有信心,因为这可能会在生产中部署一些未经检验的依赖版本请记住, pipenv lock不会在开发计算机上安装更新依赖项,如果在没有pipenv sync情况下重新运行测试,则不会测试更新后的依赖项。 I prefer locking once and for all the dependencies at a early stage, then keep it until deployment, then after the deployment update the dependencies and begin the next version. 我更喜欢在早期阶段一劳永逸地锁定所有依赖性,然后将其锁定直到部署,然后在部署之后更新依赖性并开始下一个版本。
That's also why I am very careful with pip install <package> , because it will also automatically update all your dependencies, while I would prefer that pipenv tries to keep all the other dependency versions unchanged, unless specifically specified or clash between dependency versions. 这也是为什么我对pip install <package>会非常小心的原因,因为它还会自动更新您的所有依赖关系,而我更希望pipenv尝试保持所有其他依赖关系版本不变,除非特别指定或在依赖关系版本之间发生冲突。
解决方案3
0 2021-06-23 01:16:41
let me explain this more clearly say you are working on a project where you are using pandas version 2.9.5 and this is the latest version of pandas in the pipfile - you will see entry让我更清楚地解释一下,假设您正在使用 Pandas 版本 2.9.5 的项目,这是 pipfile 中最新版本的 Pandas - 您将看到条目
pandas = "*"熊猫 = "*"
here the * means latest version of pandas but in pipfile.lock it will not be represented by * but it will be a deterministic 2.9.5 (pipfile.lock is deterministic file)这里 * 表示最新版本的熊猫,但在 pipfile.lock 中它不会由 * 表示,但它将是一个确定性的 2.9.5(pipfile.lock 是确定性文件)
today 2.9.5 is the latest version but tomorrow we may get 2.10 which may not be compatible with your project.今天 2.9.5 是最新版本,但明天我们可能会得到 2.10,它可能与您的项目不兼容。
you do not move pipfile from testing environment to production - you always move pipfile.LOCK to the production environment, this makes sure that the version are locked at the particular mentioned version and not at * (latest version).你不会将 pipfile 从测试环境移动到生产环境 - 你总是将 pipfile.LOCK 移动到生产环境,这确保版本被锁定在特定提到的版本而不是 * (最新版本)。 I hope I am clear.我希望我很清楚。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.