mais-apis-python
asdf
mais-apis-python | asdf | |
---|---|---|
2 | 344 | |
0 | 20,653 | |
- | 2.1% | |
5.1 | 7.6 | |
almost 3 years ago | 5 days ago | |
Python | Shell | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mais-apis-python
-
Use `Python -m Pip`
It has only recently sunk in for me that, with the latest versions, Pip is not a tool for maintaining an environment and list of dependencies (where you'd have a lockfile, for example). Instead, it is an interface to…
1. Download packages from PyPi (or a different repository that provides the same interface)
2. Read the pyproject.toml file to find the build backend to use, and then install that.
3. Call the build backend to actually do the installation. This can be Poetry, Setuptools, Flit, or something else.
Pipenv is another such interface.
PEP 517 (https://peps.python.org/pep-0517/) created pyproject.toml and defined the API that build backends follow. That API includes a way for the build backend to tell Pip (or Pipenv, etc.) what dependencies to install. For systems that have a lockfile (like Pipenv), that could be a list of packages with explicit versions.
PIP 660 extended PEP 517, defining a standard way to have "editable installs". In other words, a way to support `pip install -e package`, or even `pip install -e .`.
The above is all my understanding, which is not at all authoritative!
It's worth checking out the list of packaging-related PEPs: https://peps.python.org/topic/packaging/ It's worth reading PEPs 518 and 621.
As an example, here's a Python package that uses Poetry: https://github.com/globus/globus-timer-cli It works perfectly fine with Pip, because Pip sees (via `pyproject.toml`) that it needs to pull in Poetry, and call it to do the actual install.
Here's an older repo of mine, where I've just started to learn about the transition: https://github.com/stanford-rc/mais-apis-python/blob/main/py... In this case, I could delete `pyproject.toml` entirely, Pip would see the `setup.py` file, and understand to use Setuptools. This was me when I was just starting to learn about the transition.
Finally, here's a newer repo of mine, where I've ditched setup.py (and _almost_ ditched setup.cfg) entirely: https://github.com/stanford-rc/globus-group-manager I'm still using Setuptools, but all of the metadata and requirements are included in the `pyproject.toml` file.
It's definitely been a rocky transition, but it's really looking (to me, at least) like we're at (or near) the point where I can just use `pip install …` and it'll work, regardless of the build backend in use!
-
We use Dependabot to secure GitHub
I very much appreciate Dependabot! I like how it can pick up dependencies in interesting places.
For example, the Globus @ Stanford web site (https://globus.stanford.edu) uses GitHub Pages (repo at https://github.com/stanford-rc/globus.stanford.edu). I have a Gemfile in the repo: When I want to test changes locally, I use Bundler to install everything I need, and to launch Jekyll. Even though the Gemfile isn't used 'in production', Dependabot still warns me, so that I don't run older, vulnerable software on my laptop.
At the same time, I can't be sure if Dependabot is picking up dependencies for my Python project.
In my latest project (https://github.com/stanford-rc/globus-group-manager), I'm using pyproject.toml to hold all of the Python dependencies for the project, something that Setuptools is now supporting experimentally (woot!). I've configured Dependabot, and it has picked up my repo's `pyproject.toml` file, but I can't tell if it has actually cataloged my Python dependencies.
Looking around the web also does not give me a clear answer. For example, https://github.com/dependabot/feedback/issues/57 is titled "pyproject.toml support", but it refers specifically to Poetry (and indeed, Poetry v1 is listed as supported at https://docs.github.com/en/code-security/dependabot/dependab...). But Setuptools is not.
https://github.community/t//2576 asks about Setuptools support, and has been pretty dormant. I thought setup.cfg was supported after https://github.com/dependabot/dependabot-core/pull/3423, but another project of mine (https://github.com/stanford-rc/mais-apis-python/network/depe...) doesn't show anything for setup.cfg.
asdf
- Instalando de maneira rápida e eficiente suas ferramentas no WSL. Pt-3
- Install Ruby and Rails on Fedora 40
-
Install Asdf: One Runtime Manager to Rule All Dev Environments
The main issue most people have with asdf is that it’s annoyingly slow. Not unusably so, but just enough that it’s irritating.
I identified [0] the source for much of it (sub-shells and pipes) and began a PR [1], but became bogged down with BATS testing, and then found mise / rtx, so kind of lost interest. Sorry. You can always implement these if you’d like.
[0]: https://github.com/asdf-vm/asdf/issues/290#issuecomment-1383...
[1]: https://github.com/asdf-vm/asdf/pull/1441
- Show HN: I made a multiple runtime version manager that can be used on Windows
-
Volta – Fastest Node version manager in Rust
Or if you need to manage more than just node, asdf has been around for over a decade and works great. You can use a .tool-versions to change runtimes for each project you have, in addition to managing your global runtime versions
https://asdf-vm.com/
-
Pyenv – lets you easily switch between multiple versions of Python
Why not just use a tool like asdf (https://asdf-vm.com/) or mise (https://mise.jdx.dev/)?
These tools have the advantage of not being multi-taskers and can manage version for all your tools. You wouldn’t need pyenv and npm and rvm and…
We’ve even started committing the .mise.toml files for projects to our repos. That way, since we work on multiple projects that may need multiple versions of the same tool, it’s handled and documented.
-
A Journey to Find an Ultimate Development Environment
The purpose of a version manager is to help you navigate or install any tools for development easily. Version Manager can be one tool for each dependency (e.g. NVM, g) or One tool for all dependencies (e.g. asdf, mise).
-
How to Install Your Python Version on Ubuntu
(asdf)[https://asdf-vm.com/] fully supports Python and almost any other language. I've been using it for Ruby, Python, Elixir, and other languages for years and never looked back.
-
Beginners Intro to Trunk Based Development
Secondly, our development environments must not drift, because then code may behave differently and a change could pass on our machine but fail in production. There are many tools for locking down environments, e.g nix, pkgx, asdf, containers, etc., and they all share the common goal of being able to lock down dependencies for an environment accurately and deterministically. And that needs to be enforced in our local workflow so we don't have to rely on CI environments for correctness. All developers must have environments that are effectively identical to what runs in CI (which itself should be representative of the production environment).
-
Practical Guide to Trunk Based Development
There are many ways this can be done (e.g nix, pkgx, asdf, containers, etc.), and we won’t get into which specific tools to use, because we'll instead cover the essential essence of preventing environment drift:
What are some alternatives?
globus-timer-cli - CLI for interacting with the Timer API
SDKMan - The SDKMAN! Command Line Interface
renovate - Universal dependency automation tool.
pyenv - Simple Python version management
sigstore-python - A Sigstore client for Python
rbenv - Manage your app's Ruby environment
globus-group-manager - Stanford Globus Group Manager: Integrate Stanford Workgroups and Globus Groups
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
feedback - The old feedback repository for Dependabot. Click below for the new repository.
volta - Volta: JS Toolchains as Code. ⚡
HomeBrew - 🍺 The missing package manager for macOS (or Linux)