Aqua Help

Manage dependencies using Pipfile

Pipfile is the dedicated file used by the Pipenv virtual environment to manage project dependencies. This file is essential for using Pipenv. When you create a Pipenv environment either for a new or an existing project, the Pipfile is generated automatically. The file is added to the current project, you can see it in the Project tool window. Similarly, when you open a project with a Pipfile file in Aqua for the very first time, the Pipenv virtual environment is configured automatically.

Consider a task of creating a list of dependencies from scratch.

Manage project dependencies by using Pipfile

  1. When Aqua creates a Pipfile for a new pipenv virtual environment, the file looks as follows:

    autogenerated Pipfile

    The python_version parameter is the version of the base interpreter you specified when creating a new Pipenv virtual environment. The packages section is the place where you can list the packages required for your project.

  2. Add a new package dependency by modifying the packages section.

    [packages] django = "*"
  3. Any time you modify the Pipfile file, Aqua suggests one of the following actions:

    Run the pipenv update or pipenv lock commands
    • pipenv lock — records the new requirements to the Pipfile.lock file.

    • pipenv update — records the new requirements to the Pipfile.lock file and installs the missing dependencies on the Python interpreter.

    Click pipenv update to install the Django package.

  4. Navigate to File | Project Structure Ctrl+Alt+Shift+S, select SDKs in the Platform Settings, then select the Pipenv SDK. Ensure that Django is in the list of the installed packages.

    Django package is added

Aqua tracks if any of the requirements listed in Pipfile are not met and suggests that you apply the affected dependencies.

Apply dependencies

  1. Consider a case when you've checked out or updated the project source files and see the following message:

    Packages that are listed in the Pipfile are missing

    It means that your virtual environment doesn't meet the requirements listed in the current version of Pipfile.

  2. Click Install requirements from Pipfile.lock to install the missing packages.

You might have noticed that along with Pipfile, the Pipfile.lock file takes the key important role in managing pipenv project requirements. Each time you execute either pipenv lock or pipenv update, the current snapshot of the virtual environment is taken. Examine the following fragment:

a fragment of the Pipfile.lock

The file has recorded the exact versions of the packages that were installed for the project. It also has generated the hash codes to facilitate secure deployment of your application. When you're downloading dependencies from an untrusted source, the hash codes are used to ensure that the project files are trusted.

Last modified: 08 April 2024