Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
git - Should Pipfile.lock be committed to version control? #598
When two developers are working on a projet with different operating systems, the
For Composer, most people recommend to commit
@dougireton This depends on your dependencies. Using a lockfile from a different OS is fine if all your packages are modern and well-behaved (either platform-agnostic or have good cross-platform support). Otherwise Pipenv can do things wrong, like installing dependencies that don’t work, or not installing all needed dependencies.
I'm happy to take this advice as correct but I would like to understand why it is given.
the docs say:
but I couldn't find any more reasoning in the docs, can you point me to it?
Pipfile.lock is auto-generated and contents will differ depending on platform. If I'm developing on macOS and deploying to Debian ...already it sounds to me like I don't want the lock file in version control.
Then the comment above says:
Again it sounds like I would not want the lock file in version control.
Here is someone asking similar question #954
Reading through the responses on that issue I have a clearer idea of why I would want it. I think the docs need more elaboration.
The related question is how explicitly should versions be specified in the Pipfile?
If I do
But if the other dev is on a different platform the lock file contents will change(?) but it's not necessarily due to different package versions and we wouldn't want to commit it. Hmm.
And I would only add version specifier to
Also I noticed in the example Dockerfile you use
(loving pipenv so far though!)
referenced this issue
Mar 13, 2018
I just found some more opinion from the pipenv tool itself:
@uranusjr could you please explain why?
what has changed in March 2018 that changed the answer from "generally yes" to "always yes"?
What about the issue you explain earlier, is it fixed?
Nothing is different. You should commit it to version control. If there are os-specific markers they should be included automatically. Because
For application using pipenv, yes you track the lock files.
My librairies however I write using pipenv (and use PBR to reflect to setup.py and an automatic generation of requirements.txt so PBR is happy once the package is deployed), I do not track the lock file. Pretty simple