Developing modern web applications often requires relying on a potentially very large suite of 3rd party components. Dependency management for such applications is a notorously agrivating experience.
PyPI among various social coding sites are the preferred way to distribute your project to a wider audience and for that they work great. However when it's time to deploy your application to servers, depending on those would be a a huge mistake. We've all done it, and sometimes the ramifications can be pretty painful. Without knowing the uptime of PyPI or github, for example--it's not enough. Not only that but the project could disappear, be moved or be changed in some way that causes incompatability to your application.
Therefore it's a good idea to host your own packages somewhere. Like your own custom installation of PyPI that has just the packages you need, at the versions you need them, hosted in a place that won't change unless you say. Doesn't that sound complex?
Chishop is a simplistic PyPI server written in Django just for this purpose. Requisite is some opinionated glue code that utilizes pip and setuptools/distribute to acquire, build and upload your packages to Chishop.
Here's how it works:
1. Install Chishop somewhere
It's a Django project so this one is pretty simple. However you can follow a guide I have written to easily deploy to ep.io.
Ensure you add your Chishop credentials to your
~/.pypirc file as these will be used
2. Install Requisite
$ sudo pip install requisite
3. Create a frozen pip requirements file
You are already using using pip and
requirements.txt right? Good. First generate a
frozen pip requirements file:
$ cd my_project $ pip freeze -r requirements.txt frozen-requirements.txt
4. Upload to your Chishop repository
$ req requisite -r frozen-requirements.txt --repository=my_chishop --clean-cache
That's it. In your deploys you can use this new repository by specifying an
--index-url see here
at the top of your
frozen-requirements.txt file. pip will then use that server to download
dependencies. In fact, it will actually create one of these for you and dumped into your
current directory named
req-requirements.txt with all editable packages solidified.
###A word to the wise Do note that when using this method of dependency management, it's advisable that you take reasonable security precautions. If you happen to be using Chishop and Requisite on ep.io, your data will be on the public internet. Be sure to abstain from including sensitive data in your python packages. Chishop could also use some help implementing a more secure mode of operation. Even then, be wary.