python
A dependencies.io component that provides updates for Python projects that use "requirements.txt" files or Pipfiles for tracking project dependencies.
Usage
version: 2
dependencies:
- type: python
path: requirements.txt
# All settings are optional
settings:
# specify an exact version of python to use, if you need something other than the latest 3.7
python_version: "3.5.6"
pipfile_sections:
- packages
pipfilelock_sections:
- default
pip_args:
- "--extra-index-url"
- "{our_private_index_url}"
# If versions matching your spec are not found, it errors by default.
# You might enable this setting if you have private packages that you
# aren't trying to track yet, and want to convert those errors to warnings.
warn_on_missing_versions: false
Pipfile Support
In addition to the standard settings for actors and collectors, this module has some specific configuration available when using a Pipfile and Pipfile.lock as the dependency source.
Pipfiles are expected to have all the requirements of a project for development, production, testing, etc. listed in a single file, unlike the requirements.txt convention where production and development requirements are often split into different files. Thus, it is often desirable to have the ability to configure which sections of the file should be considered for management by dependencies.io. The default will be to include both of the standard sections of the Pipfile and Pipfile.lock. These settings can be configured to eliminate a section or to possibly add a custom section name. It is possible to change the settings for either Pipfile or Pipfile.lock independently, but in all likelihood they will be changed in tandem.
An example dependencies.yml excluding the development packages in Pipfile and Pipfile.lock would include the settings:
version: 2
dependencies:
- type: python
path: Pipfile
settings:
pipfile_sections:
- packages
pipfilelock_sections:
- default
There are also additional settings available for further customizing how updates are made.
Resources
Support
Any questions or issues with this specific actor should be discussed in GitHub issues. If there is private information which needs to be shared then you can instead use the private support channels in dependencies.io.