Pipenv: Documentation: `--ignore-pipfile` should be more clear; mention `pipenv sync`
The --ignore-pipfile flag reads:
Ignore Pipfile when installing, using the Pipfile.lock.
That would suggest it always installs dependencies as per the Pipfile.lock file which doesn't exactly seem to be the case.
pipenv sync was added and only in the advanced documentation it mentions:
pipenv install --ignore-pipfile is nearly equivalent to pipenv sync, but pipenv sync will never attempt to re-lock your dependencies as it is considered an atomic operation. pipenv install by default does attempt to re-lock unless using the --deploy flag.
That distinction seems to be key and shouldn't be hidden in the advanced section.
An intuitive command for installing dependencies is pipenv install which was used before. It would make sense that if the documentation for pipenv install would itself point to pipenv sync as both are installing dependencies. And it's not obvious one should maybe look for pipenv sync.
de-code
All 6 comments
Hi, could you please clarify pipenv install, pipenv install --deploy, pipenv install --ignore-pipfile, a combination of both, and pipenv sync? Seems like a lot of variations to me…
alexpirine
on 26 Dec 2018
Without forgetting that pipenv install --system seems to be appropriate for building docker images…
alexpirine
on 26 Dec 2018
The docs are totally unclear
It seems like the default when doing pipenv install should be to install the versions pinned in the lockfile, but if it did that then why does pipenv install --ignore-pipfile exist?
Re-reading the docs it seems that pipenv sync does what I want:
"you can install packages exactly as specified in
Pipfile.lockusing thesynccommand"
(whereas presumablypipenv installwould install latest versions and update the lock)
But then what does pipenv install --ignore-pipfile do differently?
The docs say:
pipenv install --ignore-pipfileis nearly equivalent topipenv sync, butpipenv syncwill never attempt to re-lock your dependencies as it is considered an atomic operation.pipenv installby default does attempt to re-lock unless using the--deployflag.
It is not clear what this actually means in practice. I _think_ it means that if you have installed/updated packages outside of pipenv, leaving your Pipfile.lock out of date, pipenv install --ignore-pipfile will update the lock file before installing from the lock. If it doesn't mean that then I have no idea.
anentropic
on 4 Jun 2019
This is extremely confusing.
What I think it should be (and already is ... _for the most part_):
installshould just install dependencies pinned on thepipfile.lock. If nopipfile.lockexists, install latest and create apipfile.lock. In any other instance, do not touch thepipfile.lock.lockshould be used when we are sure we want the versions currently installed. All other commands should warn us to run it, if we mess up, we have it versioned (in GIT) already anyway.syncin its current state, makes no sense, in my mind its the same aslockbut currently thats not the case.install --ignore-pipfilemakes no sense.updateshould get the latest version and warn us about updatingpipfile.lock.update <specific>should update get the latest of a single package and warn us about updatingpipfile.lock.install --dev(install bothdefaultanddevelop) makes no sense, should be justinstall.install --deployshould be used instead if nodeveloppackages are wanted.
joaomcarlos
on 20 Aug 2019
Totally agree with @joaomcarlos , perhaps it deserves its own GH Issue?
Also, it seems that the behaviour of pipenv install changed recently. The --help says that :
install Installs provided packages and adds them to Pipfile, or (if no
packages are given), installs all packages from Pipfile.
which is not true anymore because:
$ pipenv install
Installing dependencies from Pipfile.lock (abc683)…
januszm
on 12 Dec 2019
@joaomcarlos If I correctly read the docs, install --deploy is just a regular install that throws an error if the lock file is out of sync. Therefore it still makes sense to use it as well as install --dev.
The other issues raised here are problematic tho and that would be great to see them addressed.
lapinvert
on 7 Jun 2020
Related issues
jerzyk
·
3Comments
jeyraof
·
3Comments
johnjiang
·
3Comments
jakul
·
3Comments
FooBarQuaxx
·
3Comments
Most helpful comment
This is extremely confusing.
What I think it should be (and already is ... _for the most part_):
installshould just install dependencies pinned on thepipfile.lock. If nopipfile.lockexists, install latest and create apipfile.lock. In any other instance, do not touch thepipfile.lock.lockshould be used when we are sure we want the versions currently installed. All other commands should warn us to run it, if we mess up, we have it versioned (in GIT) already anyway.syncin its current state, makes no sense, in my mind its the same aslockbut currently thats not the case.install --ignore-pipfilemakes no sense.updateshould get the latest version and warn us about updatingpipfile.lock.update <specific>should update get the latest of a single package and warn us about updatingpipfile.lock.install --dev(install bothdefaultanddevelop) makes no sense, should be justinstall.install --deployshould be used instead if nodeveloppackages are wanted.