Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Update FAQ page with generation Python requirements guide #620

Merged
merged 2 commits into from
Sep 30, 2024
Merged

docs: Update FAQ page with generation Python requirements guide #620

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fe44ffd
docs: Update FAQ page with generation Python requirements guide
t-naumenko Sep 27, 2024
2c81912
chore: change due to review comments
t-naumenko Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions doc/docs/dev-guide/faq.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,3 +182,57 @@ $ git commit -s -m "This is my commit message"
```

That’s it. Git adds your sign-off message in the commit message, and you contribution (commit) is now DCO compliant.

---

## How to generate Python requirements file with hashes?

To generate a Python requirements.txt file with hashes, which ensures that the same versions of packages are installed across different environments, you can use the `pip-compile` tool from the `pip-tools` package. Here's a step-by-step guide on how to achieve this:
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved

### Steps:

1. **Install pip-tools:**
First install pip-tools to manage you requirements.txt and add hashes.
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved
``` bash
pip install pip-tools
```

2. **Create requirements.in file:**
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved
Add your packages to a requirements.txt file. This file will be used as input to generate the final requirements.txt file with hashes.
In case you need to use exact version of a package you can specify it in this file.
Example requirements.in:
``` in
mkdocs==1.6.1
pymdown-extensions==10.9
```

3. **Compile the requirements.txt with hashes:**
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved
Use pip-compile with `--generate-hashes` flag to create a requirements.txt file includes secure hashes.
``` bash
pip-compile --generate-hashes
```

!!! note

If you want to use custom names of input and output requirements file, specify them in command line like this:

``` bash
pip-compile --output-file=custom-requirements.txt --generate-hashes custom-requirements.in
```

- Without `--output-file`: It will always create requirements.txt file.
- With `--output-file`: It will specify any custom output file name.

4. **Result:**
t-naumenko marked this conversation as resolved.
Show resolved Hide resolved
It will generate a requirements.txt (or custom-requirements.txt) file with hashes for each package, ensuring the integrity and security of the installed packages.
Example output in requirements.txt:
``` txt
mkdocs==1.6.1 \
--hash=sha256:... \
--hash=sha256:...
...
pymdown-extensions==10.9 \
--hash=sha256:... \
--hash=sha256:...
...
```
1 change: 1 addition & 0 deletions doc/mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ theme:
markdown_extensions:
- admonition
- attr_list
- sane_lists
- pymdownx.details
- pymdownx.superfences
- pymdownx.tasklist:
Expand Down
Loading