Skip to content

Automated Dependency Updates for pip-compile

Categories: python

Renovate supports updating pip-compile dependencies.

File Matching

Because file names for pip-compile cannot be easily determined automatically, Renovate will not attempt to match any pip-compile files by default. For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: pypi, git-tags.

Default config

{
  "fileMatch": [],
  "lockFileMaintenance": {
    "enabled": true,
    "branchTopic": "pip-compile-refresh",
    "commitMessageAction": "Refresh pip-compile outputs"
  }
}

Additional Information

Due to limited functionality, the pip-compile manager should be considered in an "alpha" stage, which means it's not ready for production use for the majority of end users. We welcome feedback and bug reports!

The current implementation has some limitations. Read the full document before you start using the pip-compile manager.

Non-configured fileMatch

The pip-compile manager has an empty array for default fileMatch, meaning it won't match any files ever by default. You can "activate" the manager by specifying a fileMatch pattern such as:

{
  "pip-compile": {
    "fileMatch": ["(^|/)requirements\\.txt$"]
  }
}

pip-compile reads the output files to extract the arguments passed to the original command, as such the fileMatch must be configured for *.txt files and not *.in.

Assumption of header with a command

As Renovate matches a pip-compile output file it will extract original command that was used to create it from header in this file. Because of that pip-compile manager poses restrictions on how this file is generated:

  • Use default header generation, don't use --no-header option.
  • Pass all source files explicitly.

In turn pip-compile manager will find all source files and parse them as package files using their respective managers.

The following files are currently supported:

Source filename Manager
setup.py pip_setup
*.in pip_requirements

Example header:

#
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
#    pip-compile --no-emit-index-url --output-file=requirements.txt requirements.in
#

Conflicts with other managers

Because pip-compile will update source files with their associated manager you should disable them to avoid running these managers twice.

{
  "pip_requirements": {
    "enabled": false
  },
  "pip_setup": {
    "enabled": false
  }
}

Configuration of Python version

By default Renovate extracts Python version from the header. To get Renovate to use another version of Python, add a constraints` rule to the Renovate config:

{
  "constraints": {
    "python": "==3.7"
  }
}

pip-compile arguments

Renovate reads the requirements.txt file and extracts these pip-compile arguments:

  • source files as positional arguments
  • --output-file

All other allowed pip-compile arguments will be passed over without modification.

Transitive / indirect dependencies

This manager detects dependencies that only appear in lock files. They are disabled by default but can be forced to enable by vulnerability alerts. They will be upgraded with --upgrade-package option.