Document the "upgrade my dependancies" workflow
See original GitHub issueAs far as I can tell, the documentation doesn’t seem to lay out a proscribed workflow for upgrading dependencies. I think this is a fairly common use-case, something like this:
As a user of pipenv, I’ve got a project with a
Pipfile
and aPipfile.lock
. It’s been some time, and I’d like to know what’s changed upstream, and to upgrade my dependencies (and test them as they go).
I’m happy to contribute this documentation myself, and I think I’ve figured out a good workflow. But I’m opening this issue to make sure I’m on the write track before I write something.
Here’s what I think the upgrade workflow should look like:
- Find out what’s changed upstream:
pipenv run pip list --outdated
- Upgrade packages, two options:
a. Want to upgrade everything? Just do
pipenv install
. b. Want to upgrade packages one-at-a-time?pipenv install --selective-upgrade <pkg>
for each outdated package. - Run your tests, fix issues. If there are problems, pin versions in
Pipfile
. - Commit your upgraded
Pipfile.lock
(and perhapsPipfile
).
Does this sound right?
Something I don’t understand about --selective-upgrade
– why does it modify Pipfile
to add keep_outdated
?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:7
- Comments:38 (24 by maintainers)
Top Results From Across the Web
How to Update Dependencies Safely and Automatically with ...
Here are some reasons why you should keep your dependencies updated: ... In the .github/workflows directory, add a .yml or .yaml file and ......
Read more >Workflow Dependencies - Alteryx Help
Use the Workflow Dependencies window to manage input and output paths and data specifications in a workflow from a single location.
Read more >GitHub Workflows: Update dependencies automatically
You just install it, call ncu -u , and you'll see what are the changes available (with colors), and it will update your...
Read more >How to install or update dependencies
To install or update this dependency, you must be a Workflow Builder admin, and follow these steps: Select your user name, and then...
Read more >Upgrade packages | Code Cookbook - Michael Currin
Run the workflow a schedule or on a manual trigger and GH Actions will do the upgrade for you on a branch with...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Recommended Workflow
$ pipenv update --outdated
$ pipenv update
. b. Want to upgrade packages one-at-a-time?$ pipenv update <pkg>
for each outdated package.Run your tests, fix issues. If there are problems, pin versions in
Pipfile
.Hi there!
Just upgraded to 10.1.0 and found out that
update
vanished. In the past, I would runpipenv update --dry-run
to find out what packaged needed updating and thenpipenv update
to actually update them. I didn’t quite gather from this issue whyupdate
got removed and what the recommended workflow is right now, but if I understand the last posts correctly, the alternative currently is to runpipenv run pip list --outdated
rm Pipfile.lock && pipenv install
or ispipenv install --skip-lock
the way to go?Unfortunately, this isn’t equivalent to
pipenv update --dry-run
, becausepip list --outdated
doesn’t consider the restrictions on package versions in the Pipfile, so, for example, it reports Django 2.0.2 as being available, whereas I pinned it to the latest LTS in the Pipfile.Can we maybe get a
--dry-run
mode forpipenv install --skip-lock
that would ignore the lockfile and tell what packages it is going to update?!Also, I’m wondering why one option is called
--skip-lock
and the opposite of it (the default?!) is called--ignore-pipfile
… I would put them next to each other in the docs and I guess one could reconsider the naming, e.g. could--ignore-pipfile
&&--ignore-lock
or--skip-lock
&&--skip-pipfile
or--ignore-pipfile
and--update
(or--upgrade
) have been better names?Thanks!