Discovery: What tools are available to automatically trace dependencies

Description

Could we use snakefood?

Jeremy has done some of this before.

A/C:

  • Before you start check in with cale about the oep 2 checker.

  • Enumerate available tools

  • Recommend tools for use on this project

    • wiki page

    • list tools and pro/cons on wiki page

  • present to team

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Activity

Show:
Jeremy Bowman
June 5, 2017, 8:52 PM

- Random list of tools and services along these lines:

  • Gemnasium - DevOps's current requirements tracking tool of choice

  • VersionEye - Another requirements tracking service we've experimented with, open source and has some compelling features

  • requires.io - Yet another requirements tracker that I used at a previous job

  • pyup.io - Auto-generates PRs for updated dependencies

  • pip-tools - pip-compile generates fully pinned requirements files from top-level dependencies, and annotates which packages required each entry

  • pipdeptree - Local tool for tracing through the hierarchy of package dependencies

  • snakefood - Local tool for dependency tracking at the level of modules rather than packages

  • pipreqs - Create a requirements file from the imports actually used

  • pycycle - Finds circular imports

  • undebt - Not really a dependency tracker, but could be used to automate refactoring deprecated code patterns when upgrading libraries

Also note that there are Trove classifiers which packages should be using to declare which exact Python, Django, etc. versions they support with each release; these aren't always used or kept up to date, but are very useful when they are. pip show -v lists these classifiers for a particular package, and Warehouse even allows searching by these classifiers.

Brian Mesick
June 7, 2017, 4:57 PM

I expanded a bit on these and did some investigation into how they might help the upgrade project here: https://openedx.atlassian.net/wiki/display/PLAT/Potential+Tooling+for+Upgrade

Done

Assignee

Brian Mesick

Reporter

Brian Beggs

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Story Points

5

Epic Link

Sprint

None

Priority

Unset
Configure