Add an intuitive way to use Pipenv without a home directory to facilitate use in deployment scenarios
See original GitHub issueThe problem
I attempted to automate deployment of some Python code that uses Pipenv to isolate itself and lock its dependencies. The automation is in the form of a Chef cookbook. I ran into frustration while executing the command pipenv install --deploy
due to the fact that Pipenv makes liberal use of the current value of HOME
and assumes that whatever is in HOME
is readable and writeable by the executing user. However, my Chef cookbook executes commands as an unprivileged user, in a very clean environment where typical environment variables such as HOME
are not set (unless hacks are used). The usage of an unprivileged user and clean environment are engineering standards set by the organization I work for.
The temporary workaround
I was able to get the deployment process to work in a way that avoids touching the home directory, by using environment variables such as PIPENV_VENV_IN_PROJECT
and PIPENV_CACHE_DIR
. It could also conceivably work to spoof the HOME
variable with some non-home directory.
The solution I’d like
Assumptions about the current user’s home directory and environment variables should be documented explicitly, with the mindset that Pipenv is a tool that will be used in automation frameworks where these things are not guaranteed.
It would be ideal to avoid environment variable trickery and create a clean, streamlined deployment process. Pipenv could allow running in a mode that abandons all assumptions about the current user’s home directory. This could be in the form of a command-line flag, such as --no-home-directory
(just for example).
Alternatives I’ve considered
An alternative solution is to change the way that we approach deployments at my organization, or to make a special case for this application. I have spoken with other people in my organization about setting the home directory to be readable and writeable for this particular cookbook, to avoid kludges and workarounds while still considering security.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:8 (5 by maintainers)
Top GitHub Comments
Hi @uranusjr,
My apologies - I reviewed my code and actually I did not have to modify
PIP_CACHE_DIR
. I do not execute any low-level Pip commands inside the virtualenv created by Pipenv. All I do ispipenv install --deploy
. I will edit the original post to reflect this. I can attempt to contribute a write-up, if you can point me to some instructions.Thank you!
I think we have this now in the docs: https://pipenv.pypa.io/en/latest/basics/#pipenv-and-docker-containers
I also have a PR out that needs more work that would allow better usage of the
--system
flag.I am closing this specific issue out as stale – please continue to report new issues and feature requests and we can keep the conversations focused on how things are working today and what we can improve for tomorrow.