Dependency Management, Packaging, and Distribution
There are a number of tasks necessary to develop and distribute a Python package, and a number of tools to assist with these processes. The Python Packaging User Guide lists the following, among others:
|Publishing to pypi.org
DSP-TOOLS uses poetry for all of these tasks. This allows us to use one single tool for all processes, and to keep the number of configuration files at a minimum.
There are many configuration and metadata files that can be found on the top level of a Python repository. The ones used in the DSP-TOOLS repository are:
|Markdown-formatted info for developers
|Modern configuration/metadata file replacing the deprecated files listed below
|List of files not under version control (won't be uploaded to GitHub)
|Markdown-formatted release notes (must not be edited by hand)
|Text file with the license how to use the source code of DSP-TOOLS
|Pinned versions of all (sub-)dependencies, allows a deterministic installation
mkdocs, used to build the documentation webpages
In earlier times, there were some more configuration files, but thanks to poetry, they are not necessary anymore:
|files to include into distribution
|project metadata, dependencies
|configuration for setuptools
|additional dependencies for development
|commands that can be executed with
The classic way to manage the dependencies was to write the required packages by hand into a
But this is cumbersome and error-prone, so there was a time when pipenv was the
way to go: Pipenv introduced the important distinction between (a) dependencies necessary to run the application,
(b) dependencies necessary for development, and (c) sub-dependencies, i.e. dependencies of your dependencies. Another
useful concept of pipenv is the distinction between a human-friendly list of (mostly unpinned) direct dependencies and
a machine-friendly definition of exact (pinned) versions of all dependencies.
But since pipenv has no packaging functionality, it was necessary to sync the dependency definitions from
setup.py, too, is problematic, especially
setup.py sdist bdist_wheel.
Python projects should define their dependencies and metadata in the modern
pyproject.toml file. So it is
necessary to dynamically manage the dependencies in
pyproject.toml. And poetry seems to be the only tool capable
of doing this.
All project metadata, together with the dependencies and the configuration of the packaging tool poetry, is defined in
pyproject.toml. The authoritative resource on how to create this file is
pyproject.toml tells frontend build tools what backend build tool to use. The backend
doesn't need to be installed. It will be installed by the frontend in a temporary, isolated environment for use during
the build process. DSP-TOOLS uses poetry as both frontend and backend.
What happens when a distribution package of DSP-TOOLS is created? Poetry creates two files in the
dist folder: a
tar.gz compressed archive (the sdist or source distribution) and a
.whl file (a wheel). Both contain the contents of
src folder plus some metadata - they are equivalent. They are then uploaded to the
Python Package Index (PyPI).
When a user installs DSP-TOOLS with
pip install dsp-tools, pip takes the sdist or the wheel, unpacks it, and copies
it into the
site-packages folder of the user's Python installation. As a result, the user has the same packages in
site-packages folder as the
src folder of the dsp-tools repository. In our case, this is the
site-packages is on
sys.path, the user can then import the package
dsp_tools in his script.
Advantages of the src Layout
Putting all packages into a
src folder has an important consequence: It forces the developer to work with an
editable installation of his package. Why? Without an editable installation, it is impossible to write correct import
from src.package import module will not work, because the user has
package installed, not
relative imports like
import module will not work either, because when the tests code (situated in a separate
test folder) imports the actual code, the relative imports in the actual code fail. This is because relative imports
depend on the location of the file that is run, not on the file that contains the import statement.
The solution is to always have an editable installation of the package under development. Poetry does this
automatically when you execute
poetry install. This makes the package
dsp_tools importable - just like on a
user's machine. And exactly this is the big advantage: With the src layout and an editable installation, the setup on
the developer's machine is more similar to the user's setup.
The advantages of the src layout are:
- import parity
- The tests run against the package as it will be installed by the user - not against the situation in the developer's repository.
- It is obvious to both humans and tools if a folder is a package to be distributed, or not.
- The editable installation is only able to import modules that will also be importable in a regular installation.
- For the developer, the working directory is the root of the repository, so the root will implicitly be included in
sys.path. Users will never have the same current working directory than the developer. So, removing the packages from the root by putting them into
srcprevents some practices that will not work on the user's machine.
For more in-depth explanations, please visit the following pages:
Publishing and Distribution
Publishing is automated with GitHub Actions and should not be done manually. If you still need to do it, follow the steps below.
Generate the distribution package:
You can install the package locally from the dist:
pip install dist/some_name.whl