Skip to main content

What do lockfiles pin, *actually*? Let's dig in and get our hands dirty!

180 minutes


Reproducible dependency management across multiple environments is crucial yet often misunderstood. This hands-on workshop demystifies virtual environments, lockfiles, and how to avoid conflicts when a project needs different dependencies for tasks like testing, documentation, and production.

You’ll learn to maintain separate lockfiles per environment using pip’s constraint files. Through live coding exercises, you’ll set up a full-fledged GitHub project with GitHub Actions CI/CD pipelines that utilize tox/nox to run tests, build docs, and update lockfiles automatically.

By the end, you’ll have practiced implementing robust, reproducible environments tailored to each project context, ensuring seamless collaboration and deployment.

Come and join a member of the PyPA and a seasoned contributor to the packaging ecosystem, including pip-tools, walk you through the intricacies of environment reproducibility.

The speaker

Sviatoslav Sydorenko (Святослав Сидоренко)

Sviatoslav Sydorenko (Святослав Сидоренко)

🖥️ Hey, I’m Sviat — a serial maintainer of and contributor to open source software. 👨‍💻 🌄 By day, I’m a Principal Software Engineer at Ansible Core Team. 🌅 🌇 By night, I’m involved in maintaining CherryPy and doing CI/CD for aio-libs/aiohttp along with various related contributions mostly to Python projects and its ecosystem. I’m also a PyPA member, author of the blessed pypi-publish GitHub Action and one of the maintainers of the Python Packaging User Guide. 🌆

My ongoing interest is GitHub Apps, Actions, bots and related things using their shiny new APIs. I’m at the beginning of crafting a framework for that currently.

I’m proficient with Python Packaging and setting up CI/CD in open source projects at scale.

This is me.