Project Dependencies¶
This document describes how to add/upgrade dependencies in the project. We use pip to manage dependencies and hashin to lock versions. We use npm to manage frontend dependencies.
Python¶
Adding Python Dependencies¶
We use hashin <https://pypi.org/project/hashin>
_ to manage package installs. It helps you manage your requirements.txt
file by adding hashes to ensure that the installed package versions match your expectations.
hashin is automatically installed in local developer environments.
If you add just the package name the script will automatically get the latest version for you.
hashin -r {requirements} {dependency}=={version}
This will add hashes and sort the requirements for you adding comments to show any package dependencies.
When it’s run check the diff and make edits to fix any issues before submitting a PR with the additions.
Managing Python Dependencies¶
We have 2 requirements files for python dependencies:
prod.txt
dev.txt
Prod dependencies are used by our django app in runtime. They are strictly required to be installed in the production environment.
make update_deps_prod
Dev dependencies are used by our django app in development or by tools we use for linting, testing, etc.
make update_deps
We use dependabot to automatically create pull requests for updating dependencies. This is configured in the .github/dependabot.yml
file targeting files in our requirements directory.
Managing transitive dependencies¶
In local development and in CI we install packages using pip, reading from one or more requirements files and always passing the --no-deps
flag.
This prevents pip from installing transitive dependencies.
We do this because it gives us control over the full dependency chain - we know exactly which version of what package is installed so we can fully reproduce & trust environments.
Frontend¶
Adding Frontend Dependencies¶
We use npm to manage frontend dependencies. To add a new dependency, use the following command:
npm install [package]@[version] --save --save-dev
NPM is a fully featured package manager and so you can use the standard CLI.
Updating/Installing dependencies¶
To update/install all dependencies, run the following command:
make update_deps
This will install all python and frontend dependencies. It also ensures olympia is installed locally. By default this command will run in a docker container, but you can run it on a host by targetting the Makefile-docker
make -f Makefile-docker update_deps
This is used in github actions for example that do not need a full container to run.
Note: If you are adding a new dependency, make sure to update static assets imported from the new versions.
make update_assets