reqs¶

Entrypoint for dependency fix and legacy unlock fix_v1

wreck.cli_dependencies.entrypoint_name: str = "reqs"¶: Command line entrypoint file name

wreck.cli_dependencies.help_venv_path: str¶: cli option --venv-relpath doc string

wreck.cli_dependencies.help_timeout: str¶: cli option --timeout doc string

wreck.cli_dependencies.help_is_dry_run: str¶: cli option --dry-run doc string

wreck.cli_dependencies.help_show_unresolvables: str¶: cli option --show-unresolvables doc string

wreck.cli_dependencies.help_show_fixed: str¶: cli option --show-fixed doc string

wreck.cli_dependencies.help_show_resolvable_shared: str¶: cli option --show-resolvable-shared doc string

wreck.cli_dependencies.EPILOG_FIX_V2: str¶: Exit codes explanation for command, fix

wreck.cli_dependencies.EPILOG_UNLOCK: str¶: Exit codes explanation for command, unlock

wreck.cli_dependencies.main()¶

reqs --help, prints help

reqs COMMAND --help, prints help for a command

Table 9 Commands¶
command	creates	desc
`fix`	.lock	Create lock and unlock fix both
`unlock`	.unlock	Create unlock dependency file. Legacy algo

wreck.cli_dependencies.present_results(fcn, venv_relpath, lock_msgs_for_venv, lock_unresolvables_for_venv, lock_applies_to_shared_for_venv, unlock_msgs_for_venv, unlock_applies_to_shared_for_venv, show_unresolvables, show_fixed, show_resolvable_shared)¶: Present results groups by venv.

wreck.cli_dependencies.requirements_fix_v2(*args: t.Any, **kwargs: t.Any) → t.Any¶

Lock dependencies creates (*.lock) files

Disadvantages of locking dependencies

FOSS is as-is, largely unpaid work, often lacks necessary skillset, often doesn’t care to do tedious tasks, is pressed for time, and live happens. These are the people supposed to be making packages for production use?! Having such expectations is ridiculous and conflicts with the human condition
package quickly becomes unusable when, not if, the author is no longer maintaining the package
Non-experts might not be using pipenv, only pip. Almost guaranteeing dependency hell. pip won’t have what it needs to resolve dependency version conflicts
pipenv says don’t automate updating dependency lock files thru CI/CD
Multiple calls to pip-compile always causes avoidable mistakes; choosing non-sync’ed dependency versions.

Advantage

Job security. Knowledgable eyeballs must regularly update dependency version locks
pipenv discourages attackers setting up alternative repository hosts pypi.org and swapping out an obscure package with their own.
The stars align in the cosmos, miraculously, all package authors regularly update their packages dependencies’ locks. Get that warm feeling inside knowing we are alive, loved, and appreciated. We shout, it's a miracle! and be right!

Usage

reqs fix

or

python src/wreck/cli_dependencies.py fix

Parameters:

path¶ (pathlib.Path) – The root directory [default: pyproject.toml directory]
venv_relpath¶ (pathlib.Path) – Filter by venv relative path
timeout¶ (int) – Default 15. Web connection time out in seconds
show_unresolvables¶ (bool) – Default True. Report unresolvable dependency conflicts
show_fixed¶ (bool) – Default True. Report fixed issues
show_resolvable_shared¶ (bool) – Default True. Report resolvable issues affecting .shared.{.unlock, .lock} files.

wreck.cli_dependencies.requirements_unlock(*args: t.Any, **kwargs: t.Any) → t.Any¶

Unlock dependencies creates (*.unlock) files

Package dependencies are only locked if the package is an app. A .in resolves -r and -c, which can be understood by pip

Usage

reqs unlock

or

python src/wreck/cli_dependencies.py unlock

Parameters:

path¶ (pathlib.Path) – The root directory [default: pyproject.toml directory]
venv_relpath¶ (pathlib.Path) – Filter by venv relative path