What do lockfiles pin, *actually*? Let's dig in and get our hands dirty!

Abstract

Reproducible dependency management across multiple environments is crucial yet often misunderstood. This hands-on workshop demystifies virtual environments, lockfiles, and how to avoid conflicts when a project needs different dependencies for tasks like testing, documentation, and production.

You’ll learn to maintain separate lockfiles per environment using pip’s constraint files. Through live coding exercises, you’ll set up a full-fledged GitHub project with GitHub Actions CI/CD pipelines that utilize tox/nox to run tests, build docs, and update lockfiles automatically.

By the end, you’ll have practiced implementing robust, reproducible environments tailored to each project context, ensuring seamless collaboration and deployment.

Come and join a member of the PyPA and a seasoned contributor to the packaging ecosystem, including pip-tools, walk you through the intricacies of environment reproducibility.

Bring with you#

• your laptop
• some editor/IDE
• a few Python versions, something from the range of 3.7-3.13
• pyenv/podman/docker should do as long as you’re comfortable
• GitHub account (don’t forget your second factor!)
• be able to author and push Git commits
• if your laptop is corporate/limited, web-based environments like Gitpod or GitHub Codespaces should be enough
• on Windows, you’ll probably have easier time with WSL 2

Post-workshop materials#

A complete implementation of the demonstrated DIY lock files-based environment management is available at https://github.com/webknjaz/ep2024-multilock-toy-template.

Resources