giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
read.markets/requirements.lock
Giorgio Gilestro 2b9cd875b4 deps: add requirements.lock for reproducible builds 
pyproject.toml uses range pins (>=) for all dependencies; without a
lockfile, a fresh `pip install .` on a different day could pull
materially different versions of fastapi, sqlalchemy, httpx, etc.
For a production-shaped service that's a reproducibility risk —
especially since we don't run a CI pipeline that would catch
"works on yesterday's container, fails on today's."

requirements.lock pins every transitive dep (60 packages) to the
exact versions running in the test container today. Dockerfile is
updated so both stages install from the lockfile first, then install
the project itself with --no-deps:

  pip install -r requirements.lock
  pip install --no-deps .

That way pyproject.toml's range pins document our compatible
upper-and-lower bounds, but the lockfile is what actually gets
installed on every build.

To bump deps later: bump pyproject.toml ranges, rebuild a fresh
venv, `pip freeze` it, save back to requirements.lock.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 00:07:38 +02:00

60 lines
1 KiB
Text
Raw Blame History

aiomysql==0.3.2
aiosmtplib==5.1.0
aiosqlite==0.22.1
alembic==1.18.4
annotated-doc==0.0.4
annotated-types==0.7.0
anyio==4.13.0
APScheduler==3.11.2
argon2-cffi==25.1.0
argon2-cffi-bindings==25.1.0
certifi==2026.5.20
cffi==2.0.0
charset-normalizer==3.4.7
click==8.4.1
cryptography==48.0.0
dnspython==2.8.0
email-validator==2.3.0
fastapi==0.136.3
greenlet==3.5.1
h11==0.16.0
hiredis==3.3.1
httpcore==1.0.9
httptools==0.8.0
httpx==0.28.1
idna==3.16
iniconfig==2.3.0
itsdangerous==2.2.0
Jinja2==3.1.6
Mako==1.3.12
MarkupSafe==3.0.3
packaging==26.2
pluggy==1.6.0
pycparser==3.0
pydantic==2.13.4
pydantic-settings==2.14.1
pydantic_core==2.46.4
Pygments==2.20.0
PyMySQL==1.2.0
pytest==9.0.3
pytest-asyncio==1.4.0
pytest-httpx==0.36.2
python-dotenv==1.2.2
python-multipart==0.0.29
PyYAML==6.0.3
redis==7.4.0
requests==2.34.2
ruff==0.15.14
SQLAlchemy==2.0.50
starlette==1.1.0
stripe==15.1.0
structlog==25.5.0
tenacity==9.1.4
typing-inspection==0.4.2
typing_extensions==4.15.0
tzlocal==5.3.1
urllib3==2.7.0
uvicorn==0.48.0
uvloop==0.22.1
watchfiles==1.2.0
websockets==16.0
Reference in a new issue View git blame Copy permalink