Pinning the versions via pip-tools (see the README)

README.md

@@ -16,7 +16,7 @@ The backend consists of an API with:
 
 - Endpoints for all assets imported from the BRO.
 
-## Backend installation
+## Backend development instructions
 
 To install for development:
 
@@ -39,6 +39,11 @@ Do the regular django "migrate", "createsuperuser" stuff.
 
 8) Create a user profile for the superuser.
 
+If a requirement has changed (either dependency in `pyproject.toml` or an extra development package in `requirements.in`:
+
+    $ docker-compose run --rm web pip-compile
+    $ docker-compose run --rm web pip-compile --upgrade  # to grab new versions
+
 
 ## Internal N&S server installation notes
 

requirements.in

@@ -0,0 +1,7 @@
+-e .[test]
+--extra-index-url https://packages.lizard.net
+
+# development tools
+coverage
+pip-tools
+ruff

requirements.txt

@@ -1,7 +1,158 @@
--e .[test]
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile
+#
 --extra-index-url https://packages.lizard.net
 
-# development tools
-coverage
-pip-tools
-ruff
+-e file:///code
+    # via file:///code
+amqp==5.2.0
+    # via kombu
+asgiref==3.8.1
+    # via
+    #   django
+    #   django-cors-headers
+authlib==1.3.0
+    # via nens-auth-client
+billiard==4.2.0
+    # via celery
+build==1.2.1
+    # via pip-tools
+celery[redis]==5.3.6
+    # via brostar-api
+certifi==2024.2.2
+    # via
+    #   requests
+    #   sentry-sdk
+cffi==1.16.0
+    # via cryptography
+charset-normalizer==3.3.2
+    # via requests
+click==8.1.7
+    # via
+    #   celery
+    #   click-didyoumean
+    #   click-plugins
+    #   click-repl
+    #   pip-tools
+click-didyoumean==0.3.1
+    # via celery
+click-plugins==1.1.1
+    # via celery
+click-repl==0.3.0
+    # via celery
+coverage==7.4.4
+    # via -r requirements.in
+cryptography==42.0.5
+    # via
+    #   authlib
+    #   django-encrypted-model-fields
+django==5.0.4
+    # via
+    #   brostar-api
+    #   django-appconf
+    #   django-cors-headers
+    #   django-encrypted-model-fields
+    #   django-filter
+    #   djangorestframework
+    #   drf-yasg
+    #   nens-auth-client
+    #   sentry-sdk
+django-appconf==1.0.6
+    # via nens-auth-client
+django-cors-headers==4.3.1
+    # via brostar-api
+django-encrypted-model-fields==0.6.5
+    # via brostar-api
+django-filter==24.2
+    # via brostar-api
+djangorestframework==3.15.1
+    # via
+    #   brostar-api
+    #   drf-yasg
+drf-yasg==1.21.7
+    # via brostar-api
+idna==3.6
+    # via requests
+inflection==0.5.1
+    # via drf-yasg
+iniconfig==2.0.0
+    # via pytest
+kombu==5.3.6
+    # via celery
+markdown==3.6
+    # via brostar-api
+nens-auth-client==1.6.0
+    # via brostar-api
+packaging==24.0
+    # via
+    #   build
+    #   drf-yasg
+    #   pytest
+pip-tools==7.4.1
+    # via -r requirements.in
+pluggy==1.4.0
+    # via pytest
+prompt-toolkit==3.0.43
+    # via click-repl
+psycopg2-binary==2.9.9
+    # via brostar-api
+pycparser==2.22
+    # via cffi
+pyproject-hooks==1.0.0
+    # via
+    #   build
+    #   pip-tools
+pytest==8.1.1
+    # via
+    #   brostar-api
+    #   pytest-django
+pytest-django==4.8.0
+    # via brostar-api
+python-dateutil==2.9.0.post0
+    # via celery
+pytz==2024.1
+    # via drf-yasg
+pyyaml==6.0.1
+    # via drf-yasg
+redis==5.0.3
+    # via celery
+requests==2.31.0
+    # via
+    #   brostar-api
+    #   nens-auth-client
+ruff==0.3.5
+    # via -r requirements.in
+sentry-sdk[django]==1.45.0
+    # via brostar-api
+six==1.16.0
+    # via python-dateutil
+sqlparse==0.4.4
+    # via django
+tzdata==2024.1
+    # via celery
+uritemplate==4.1.1
+    # via drf-yasg
+urllib3==2.2.1
+    # via
+    #   requests
+    #   sentry-sdk
+vine==5.1.0
+    # via
+    #   amqp
+    #   celery
+    #   kombu
+wcwidth==0.2.13
+    # via prompt-toolkit
+wheel==0.43.0
+    # via pip-tools
+whitenoise==6.6.0
+    # via brostar-api
+xmltodict==0.13.0
+    # via brostar-api
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools