Move to pip-compile-multi (#786)

* Switch from pip-tools to pip-compile-multi * Switch to pip-compile-multi, splitting out dev deps from prod deps It's worked fine, albeit with a TODO in the Dockerfile to actually build a separate dev-specific image, which will come in a separate commit. Went with the pattern of auto-installing the dependency-management tool via the makefile. Will likely switch this to an alert + install instructions This change was needed because in-container compilation was failing and various pip+pip-tools versions attempted clashed due to ``` TypeError: make_requirement_preparer() got an unexpected keyword argument 'wheel_download_dir' ``` which may have been a chicken-and-egg problem, but was not worth solving when a simpler route was around. * Rebuild requirements on the host, not in the container, but retain Makefile commands as the primary invocation route - `make compile-requirements` and `make upgrade-requirements` * Update makefile-driven UX around compiling and upgrading using pip-compile-multi Now, instead of force-intalling pip-compile-multi, we get a prompt showing us what do to (and so providing some flexibility) Also note that some dev subdeps have been minorly bumped. IMPORTANT: if you currently try to recompile deps results in a failure with long-unmaintained suds-jurko, so this will need swapping out. The current set of deps builds and passes tests, at least * Drop Salesforce-FuelSDK from imports No longer needed and was causing a dependency install issue due to its suds-jurko subdep * Update docs with note about updating requirements * Add make command for checking for stale dependencies Invoke with: $ make check-requirements and update hard-pinned dependencies as you wish * Refactor to run pip-compile-multi within the docker container This gives us guaranteed install stability regardless of the source platform being used to run the update Note that pip-tools and pip-compile-multi are installed ONLY for compiling or upgrading requirements, rather than adding them to the main build. pip-tools needed pinning to a recent version to get around incompatibility issues with pip 21 and pip-tools. * Update make check-requirements to run in the Docker container * Typo fix in docs * Remove make docs from top-level Makefile, because it fails One can still compile the docs by using the Makefile in /docs and issuing $ make clean html * Update requirements build script * hard-pin latest working combo of pip, pip-tools and pip-compile-multi * add in custom header to make recompliation step unambiguous * update Makefile: remove unneeded upgrade-requirements option; update help * recompile reqs with minor bumps * Remove mention of upgrade-requirements from codebase - redundant
mozmeao · Mar 1, 2022 · ca50f72 · ca50f72
1 parent 79d5d3f
commit ca50f72
Show file tree

Hide file tree

Showing 10 changed files with 484 additions and 394 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,8 +16,11 @@ WORKDIR /app
 ENV DJANGO_SETTINGS_MODULE=basket.settings
 
 # Install app
-COPY requirements.txt /app/
-RUN pip install --require-hashes --no-cache-dir -r requirements.txt
+COPY requirements/* /app/requirements/
+
+# TODO: split out a separate dev image from the prod image and only install scoped deps
+# RUN pip install --require-hashes --no-cache-dir -r requirements/prod.txt
+RUN pip install --require-hashes --no-cache-dir -r requirements/dev.txt
 
 COPY . /app
 RUN DEBUG=False SECRET_KEY=foo ALLOWED_HOSTS=localhost, DATABASE_URL=sqlite:// \

diff --git a/Makefile b/Makefile
@@ -62,11 +62,8 @@ test-image: .make.docker.build
 compile-requirements: .make.docker.pull
 	${DC} run --rm compile-requirements
 
-upgrade-requirements: .make.docker.pull
-	${DC} run --rm upgrade-requirements
-
-docs: .make.docker.pull
-	${DC} run --rm web make -C docs/ clean html
+check-requirements: .make.docker.pull
+	${DC} run --rm test pip list -o
 
 ###############
 # For use in CI
@@ -92,7 +89,8 @@ help:
 	@echo "  build                - build docker images for dev"
 	@echo "  pull                 - pull the latest production images from Docker Hub"
 	@echo "  run-shell            - open a bash shell in a fresh container"
-	@echo "  compile-requirements - compile requirements.in to requirements.txt"
+	@echo "  compile-requirements - regenerate requirements *.txt files based on *.in files"
+	@echo "  check-requirements   - identify stale Python requirements that need upgrading"
 	@echo "  shell                - open a bash shell in the running app"
 	@echo "  djshell              - start the Django Python shell in the running app"
 	@echo "  clean                - remove all build, test, coverage and Python artifacts"
@@ -103,4 +101,4 @@ help:
 	@echo "  build-ci             - build docker images for use in our CI pipeline"
 	@echo "  test-ci              - run tests against files in docker image built by CI"
 
-.PHONY: all clean build pull docs lint run run-shell shell test test-image build-ci test-ci push-ci djshell stop kill compile-requirements upgrade-requirements
+.PHONY: all clean build pull docs lint run run-shell shell test test-image build-ci test-ci push-ci djshell stop kill compile-requirements check-requirements
diff --git a/bin/compile-requirements.sh b/bin/compile-requirements.sh
@@ -1,10 +1,22 @@
 #!/bin/bash
 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
 set -exo pipefail
 
 export CUSTOM_COMPILE_COMMAND="make compile-requirements"
-if [[ "$1" == "--upgrade" ]]; then
-    pip-compile --generate-hashes --reuse-hashes --upgrade --upgrade-package 'django<2.3' requirements.in
-else
-    pip-compile --generate-hashes --reuse-hashes requirements.in
-fi
+
+# We need this installed, but we don't want it to live in the main requirements
+# We will need to periodically review this pinning
+
+pip install -U pip==22.0.3
+pip install pip-tools==6.5.0
+pip install pip-compile-multi==2.4.3
+
+pip-compile-multi \
+    --generate-hashes prod \
+    --generate-hashes dev \
+    --generate-hashes docs \
+    --header=/app/bin/pip-compile-multi-header-message.txt
diff --git a/bin/pip-compile-multi-header-message.txt b/bin/pip-compile-multi-header-message.txt
@@ -0,0 +1,6 @@
+# Please recompile requirements inside the Docker image, not on your local, host machine.
+#
+# To do this, just use the following from your host:
+#
+# $ make compile-requirements
+#
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -129,11 +129,3 @@ services:
       ./bin/compile-requirements.sh
     volumes:
       - .:/app
-
-  upgrade-requirements:
-    image: mozmeao/basket:builder-${GIT_COMMIT_SHORT:-latest}
-    platform: linux/amd64
-    command:
-      ./bin/compile-requirements.sh --upgrade
-    volumes:
-      - .:/app
diff --git a/docs/install.rst b/docs/install.rst
@@ -52,7 +52,7 @@ The steps to get up and running are these:
     $ # this starts the server and dependencies
     $ docker-compose up web
 
-If you've made changes to the `Dockerfile` or `requirements.txt` you'll need to rebuild the image to run the app and tests:
+If you've made changes to the `Dockerfile` or `requirements/*.txt` you'll need to rebuild the image to run the app and tests:
 
 .. code-block:: bash
 
@@ -79,3 +79,16 @@ And if you need to debug a running container, you can open another terminal to y
     $ # or
     $ docker-compose exec web python manage.py shell
 
+
+Maintaining Python requirements
+-------------------------------
+
+.. code-block:: bash
+
+    $ # If you've added a new dependency or changed the hard pinning of one
+    $ make compile-requirements
+    $ # or to just check if there are stale deps so you can
+    $ # update the hard pinning in the *.in files
+    $ make check-requirements
+
+
diff --git a/requirements/dev.in b/requirements/dev.in
@@ -0,0 +1,9 @@
+-r prod.in
+black==19.10b0
+flake8==3.7.9
+mock==3.0.5
+pbr==5.4.4
+pep8==1.7.1
+pytest-django==4.1.0
+pytest-pythonpath==0.7.3
+urlwait==1.0
diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -0,0 +1,215 @@
+# SHA1:1000beb5ddcb8dfa3d35d6df3ef816d761c83622
+# Please recompile requirements inside the Docker image, not on your local, host machine.
+#
+# To do this, just use the following from your host:
+#
+# $ make compile-requirements
+#
+-r prod.txt
+appdirs==1.4.4 \
+    --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41 \
+    --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128
+    # via black
+attrs==21.4.0 \
+    --hash=sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4 \
+    --hash=sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd
+    # via
+    #   black
+    #   pytest
+black==19.10b0 \
+    --hash=sha256:1b30e59be925fafc1ee4565e5e08abef6b03fe455102883820fe5ee2e4734e0b \
+    --hash=sha256:c2edb73a08e9e0e6f65a0e6af18b059b8b1cdd5bef997d7a0b181df93dc81539
+    # via -r requirements/dev.in
+click==8.0.3 \
+    --hash=sha256:353f466495adaeb40b6b5f592f9f91cb22372351c84caeb068132442a4518ef3 \
+    --hash=sha256:410e932b050f5eed773c4cda94de75971c89cdb3155a72a0831139a79e5ecb5b
+    # via black
+django-synctool @ https://github.com/pmclanahan/django-synctool/archive/5f7cf9bad741e60bd9df32aa90e71425d98e437c.tar.gz     --hash=sha256:2dd290c5339769e3c40d644b5248236bec7c558eaccb922badd7c39c5fd5e095
+    # via -r requirements/prod.in
+entrypoints==0.3 \
+    --hash=sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 \
+    --hash=sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451
+    # via flake8
+flake8==3.7.9 \
+    --hash=sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb \
+    --hash=sha256:49356e766643ad15072a789a20915d3c91dc89fd313ccd71802303fd67e4deca
+    # via -r requirements/dev.in
+iniconfig==1.1.1 \
+    --hash=sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3 \
+    --hash=sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32
+    # via pytest
+mccabe==0.6.1 \
+    --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42 \
+    --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f
+    # via flake8
+mock==3.0.5 \
+    --hash=sha256:83657d894c90d5681d62155c82bda9c1187827525880eda8ff5df4ec813437c3 \
+    --hash=sha256:d157e52d4e5b938c550f39eb2fd15610db062441a9c2747d3dbfa9298211d0f8
+    # via -r requirements/dev.in
+packaging==21.3 \
+    --hash=sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb \
+    --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
+    # via pytest
+pathspec==0.9.0 \
+    --hash=sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a \
+    --hash=sha256:e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f895b651a3c76aabb1
+    # via black
+pbr==5.4.4 \
+    --hash=sha256:139d2625547dbfa5fb0b81daebb39601c478c21956dc57e2e07b74450a8c506b \
+    --hash=sha256:61aa52a0f18b71c5cc58232d2cf8f8d09cd67fcad60b742a60124cb8d6951488
+    # via -r requirements/dev.in
+pep8==1.7.1 \
+    --hash=sha256:b22cfae5db09833bb9bd7c8463b53e1a9c9b39f12e304a8d0bba729c501827ee \
+    --hash=sha256:fe249b52e20498e59e0b5c5256aa52ee99fc295b26ec9eaa85776ffdb9fe6374
+    # via -r requirements/dev.in
+pluggy==1.0.0 \
+    --hash=sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159 \
+    --hash=sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3
+    # via pytest
+py==1.11.0 \
+    --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \
+    --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378
+    # via pytest
+pycodestyle==2.5.0 \
+    --hash=sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56 \
+    --hash=sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c
+    # via flake8
+pyflakes==2.1.1 \
+    --hash=sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0 \
+    --hash=sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2
+    # via flake8
+pyparsing==3.0.7 \
+    --hash=sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea \
+    --hash=sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484
+    # via packaging
+pytest==7.0.0 \
+    --hash=sha256:42901e6bd4bd4a0e533358a86e848427a49005a3256f657c5c8f8dd35ef137a9 \
+    --hash=sha256:dad48ffda394e5ad9aa3b7d7ddf339ed502e5e365b1350e0af65f4a602344b11
+    # via
+    #   pytest-django
+    #   pytest-pythonpath
+pytest-django==4.1.0 \
+    --hash=sha256:10e384e6b8912ded92db64c58be8139d9ae23fb8361e5fc139d8e4f8fc601bc2 \
+    --hash=sha256:26f02c16d36fd4c8672390deebe3413678d89f30720c16efb8b2a6bf63b9041f
+    # via -r requirements/dev.in
+pytest-pythonpath==0.7.3 \
+    --hash=sha256:63fc546ace7d2c845c1ee289e8f7a6362c2b6bae497d10c716e58e253e801d62
+    # via -r requirements/dev.in
+regex==2022.1.18 \
+    --hash=sha256:04611cc0f627fc4a50bc4a9a2e6178a974c6a6a4aa9c1cca921635d2c47b9c87 \
+    --hash=sha256:0b5d6f9aed3153487252d00a18e53f19b7f52a1651bc1d0c4b5844bc286dfa52 \
+    --hash=sha256:0d2f5c3f7057530afd7b739ed42eb04f1011203bc5e4663e1e1d01bb50f813e3 \
+    --hash=sha256:11772be1eb1748e0e197a40ffb82fb8fd0d6914cd147d841d9703e2bef24d288 \
+    --hash=sha256:1333b3ce73269f986b1fa4d5d395643810074dc2de5b9d262eb258daf37dc98f \
+    --hash=sha256:16f81025bb3556eccb0681d7946e2b35ff254f9f888cff7d2120e8826330315c \
+    --hash=sha256:1a171eaac36a08964d023eeff740b18a415f79aeb212169080c170ec42dd5184 \
+    --hash=sha256:1d6301f5288e9bdca65fab3de6b7de17362c5016d6bf8ee4ba4cbe833b2eda0f \
+    --hash=sha256:1e031899cb2bc92c0cf4d45389eff5b078d1936860a1be3aa8c94fa25fb46ed8 \
+    --hash=sha256:1f8c0ae0a0de4e19fddaaff036f508db175f6f03db318c80bbc239a1def62d02 \
+    --hash=sha256:2245441445099411b528379dee83e56eadf449db924648e5feb9b747473f42e3 \
+    --hash=sha256:22709d701e7037e64dae2a04855021b62efd64a66c3ceed99dfd684bfef09e38 \
+    --hash=sha256:24c89346734a4e4d60ecf9b27cac4c1fee3431a413f7aa00be7c4d7bbacc2c4d \
+    --hash=sha256:25716aa70a0d153cd844fe861d4f3315a6ccafce22b39d8aadbf7fcadff2b633 \
+    --hash=sha256:2dacb3dae6b8cc579637a7b72f008bff50a94cde5e36e432352f4ca57b9e54c4 \
+    --hash=sha256:34316bf693b1d2d29c087ee7e4bb10cdfa39da5f9c50fa15b07489b4ab93a1b5 \
+    --hash=sha256:36b2d700a27e168fa96272b42d28c7ac3ff72030c67b32f37c05616ebd22a202 \
+    --hash=sha256:37978254d9d00cda01acc1997513f786b6b971e57b778fbe7c20e30ae81a97f3 \
+    --hash=sha256:38289f1690a7e27aacd049e420769b996826f3728756859420eeee21cc857118 \
+    --hash=sha256:385ccf6d011b97768a640e9d4de25412204fbe8d6b9ae39ff115d4ff03f6fe5d \
+    --hash=sha256:3c7ea86b9ca83e30fa4d4cd0eaf01db3ebcc7b2726a25990966627e39577d729 \
+    --hash=sha256:49810f907dfe6de8da5da7d2b238d343e6add62f01a15d03e2195afc180059ed \
+    --hash=sha256:519c0b3a6fbb68afaa0febf0d28f6c4b0a1074aefc484802ecb9709faf181607 \
+    --hash=sha256:51f02ca184518702975b56affde6c573ebad4e411599005ce4468b1014b4786c \
+    --hash=sha256:552a39987ac6655dad4bf6f17dd2b55c7b0c6e949d933b8846d2e312ee80005a \
+    --hash=sha256:596f5ae2eeddb79b595583c2e0285312b2783b0ec759930c272dbf02f851ff75 \
+    --hash=sha256:6014038f52b4b2ac1fa41a58d439a8a00f015b5c0735a0cd4b09afe344c94899 \
+    --hash=sha256:61ebbcd208d78658b09e19c78920f1ad38936a0aa0f9c459c46c197d11c580a0 \
+    --hash=sha256:6213713ac743b190ecbf3f316d6e41d099e774812d470422b3a0f137ea635832 \
+    --hash=sha256:637e27ea1ebe4a561db75a880ac659ff439dec7f55588212e71700bb1ddd5af9 \
+    --hash=sha256:6aa427c55a0abec450bca10b64446331b5ca8f79b648531138f357569705bc4a \
+    --hash=sha256:6ca45359d7a21644793de0e29de497ef7f1ae7268e346c4faf87b421fea364e6 \
+    --hash=sha256:6db1b52c6f2c04fafc8da17ea506608e6be7086715dab498570c3e55e4f8fbd1 \
+    --hash=sha256:752e7ddfb743344d447367baa85bccd3629c2c3940f70506eb5f01abce98ee68 \
+    --hash=sha256:760c54ad1b8a9b81951030a7e8e7c3ec0964c1cb9fee585a03ff53d9e531bb8e \
+    --hash=sha256:768632fd8172ae03852e3245f11c8a425d95f65ff444ce46b3e673ae5b057b74 \
+    --hash=sha256:7a0b9f6a1a15d494b35f25ed07abda03209fa76c33564c09c9e81d34f4b919d7 \
+    --hash=sha256:7e070d3aef50ac3856f2ef5ec7214798453da878bb5e5a16c16a61edf1817cc3 \
+    --hash=sha256:7e12949e5071c20ec49ef00c75121ed2b076972132fc1913ddf5f76cae8d10b4 \
+    --hash=sha256:7e26eac9e52e8ce86f915fd33380f1b6896a2b51994e40bb094841e5003429b4 \
+    --hash=sha256:85ffd6b1cb0dfb037ede50ff3bef80d9bf7fa60515d192403af6745524524f3b \
+    --hash=sha256:8618d9213a863c468a865e9d2ec50221015f7abf52221bc927152ef26c484b4c \
+    --hash=sha256:8acef4d8a4353f6678fd1035422a937c2170de58a2b29f7da045d5249e934101 \
+    --hash=sha256:8d2f355a951f60f0843f2368b39970e4667517e54e86b1508e76f92b44811a8a \
+    --hash=sha256:90b6840b6448203228a9d8464a7a0d99aa8fa9f027ef95fe230579abaf8a6ee1 \
+    --hash=sha256:9187500d83fd0cef4669385cbb0961e227a41c0c9bc39219044e35810793edf7 \
+    --hash=sha256:93c20777a72cae8620203ac11c4010365706062aa13aaedd1a21bb07adbb9d5d \
+    --hash=sha256:93cce7d422a0093cfb3606beae38a8e47a25232eea0f292c878af580a9dc7605 \
+    --hash=sha256:94c623c331a48a5ccc7d25271399aff29729fa202c737ae3b4b28b89d2b0976d \
+    --hash=sha256:97f32dc03a8054a4c4a5ab5d761ed4861e828b2c200febd4e46857069a483916 \
+    --hash=sha256:9a2bf98ac92f58777c0fafc772bf0493e67fcf677302e0c0a630ee517a43b949 \
+    --hash=sha256:a602bdc8607c99eb5b391592d58c92618dcd1537fdd87df1813f03fed49957a6 \
+    --hash=sha256:a9d24b03daf7415f78abc2d25a208f234e2c585e5e6f92f0204d2ab7b9ab48e3 \
+    --hash=sha256:abfcb0ef78df0ee9df4ea81f03beea41849340ce33a4c4bd4dbb99e23ec781b6 \
+    --hash=sha256:b013f759cd69cb0a62de954d6d2096d648bc210034b79b1881406b07ed0a83f9 \
+    --hash=sha256:b02e3e72665cd02afafb933453b0c9f6c59ff6e3708bd28d0d8580450e7e88af \
+    --hash=sha256:b52cc45e71657bc4743a5606d9023459de929b2a198d545868e11898ba1c3f59 \
+    --hash=sha256:ba37f11e1d020969e8a779c06b4af866ffb6b854d7229db63c5fdddfceaa917f \
+    --hash=sha256:bb804c7d0bfbd7e3f33924ff49757de9106c44e27979e2492819c16972ec0da2 \
+    --hash=sha256:bf594cc7cc9d528338d66674c10a5b25e3cde7dd75c3e96784df8f371d77a298 \
+    --hash=sha256:c38baee6bdb7fe1b110b6b3aaa555e6e872d322206b7245aa39572d3fc991ee4 \
+    --hash=sha256:c73d2166e4b210b73d1429c4f1ca97cea9cc090e5302df2a7a0a96ce55373f1c \
+    --hash=sha256:c9099bf89078675c372339011ccfc9ec310310bf6c292b413c013eb90ffdcafc \
+    --hash=sha256:cf0db26a1f76aa6b3aa314a74b8facd586b7a5457d05b64f8082a62c9c49582a \
+    --hash=sha256:d19a34f8a3429bd536996ad53597b805c10352a8561d8382e05830df389d2b43 \
+    --hash=sha256:da80047524eac2acf7c04c18ac7a7da05a9136241f642dd2ed94269ef0d0a45a \
+    --hash=sha256:de2923886b5d3214be951bc2ce3f6b8ac0d6dfd4a0d0e2a4d2e5523d8046fdfb \
+    --hash=sha256:defa0652696ff0ba48c8aff5a1fac1eef1ca6ac9c660b047fc8e7623c4eb5093 \
+    --hash=sha256:e54a1eb9fd38f2779e973d2f8958fd575b532fe26013405d1afb9ee2374e7ab8 \
+    --hash=sha256:e5c31d70a478b0ca22a9d2d76d520ae996214019d39ed7dd93af872c7f301e52 \
+    --hash=sha256:ebaeb93f90c0903233b11ce913a7cb8f6ee069158406e056f884854c737d2442 \
+    --hash=sha256:ecfe51abf7f045e0b9cdde71ca9e153d11238679ef7b5da6c82093874adf3338 \
+    --hash=sha256:f99112aed4fb7cee00c7f77e8b964a9b10f69488cdff626ffd797d02e2e4484f \
+    --hash=sha256:fd914db437ec25bfa410f8aa0aa2f3ba87cdfc04d9919d608d02330947afaeab
+    # via black
+toml==0.10.2 \
+    --hash=sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b \
+    --hash=sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f
+    # via black
+tomli==2.0.0 \
+    --hash=sha256:b5bde28da1fed24b9bd1d4d2b8cba62300bfb4ec9a6187a957e8ddb9434c5224 \
+    --hash=sha256:c292c34f58502a1eb2bbb9f5bbc9a5ebc37bee10ffb8c2d6bbdfa8eb13cc14e1
+    # via pytest
+typed-ast==1.5.2 \
+    --hash=sha256:0eb77764ea470f14fcbb89d51bc6bbf5e7623446ac4ed06cbd9ca9495b62e36e \
+    --hash=sha256:1098df9a0592dd4c8c0ccfc2e98931278a6c6c53cb3a3e2cf7e9ee3b06153344 \
+    --hash=sha256:183b183b7771a508395d2cbffd6db67d6ad52958a5fdc99f450d954003900266 \
+    --hash=sha256:18fe320f354d6f9ad3147859b6e16649a0781425268c4dde596093177660e71a \
+    --hash=sha256:26a432dc219c6b6f38be20a958cbe1abffcc5492821d7e27f08606ef99e0dffd \
+    --hash=sha256:294a6903a4d087db805a7656989f613371915fc45c8cc0ddc5c5a0a8ad9bea4d \
+    --hash=sha256:31d8c6b2df19a777bc8826770b872a45a1f30cfefcfd729491baa5237faae837 \
+    --hash=sha256:33b4a19ddc9fc551ebabca9765d54d04600c4a50eda13893dadf67ed81d9a098 \
+    --hash=sha256:42c47c3b43fe3a39ddf8de1d40dbbfca60ac8530a36c9b198ea5b9efac75c09e \
+    --hash=sha256:525a2d4088e70a9f75b08b3f87a51acc9cde640e19cc523c7e41aa355564ae27 \
+    --hash=sha256:58ae097a325e9bb7a684572d20eb3e1809802c5c9ec7108e85da1eb6c1a3331b \
+    --hash=sha256:676d051b1da67a852c0447621fdd11c4e104827417bf216092ec3e286f7da596 \
+    --hash=sha256:74cac86cc586db8dfda0ce65d8bcd2bf17b58668dfcc3652762f3ef0e6677e76 \
+    --hash=sha256:8c08d6625bb258179b6e512f55ad20f9dfef019bbfbe3095247401e053a3ea30 \
+    --hash=sha256:90904d889ab8e81a956f2c0935a523cc4e077c7847a836abee832f868d5c26a4 \
+    --hash=sha256:963a0ccc9a4188524e6e6d39b12c9ca24cc2d45a71cfdd04a26d883c922b4b78 \
+    --hash=sha256:bbebc31bf11762b63bf61aaae232becb41c5bf6b3461b80a4df7e791fabb3aca \
+    --hash=sha256:bc2542e83ac8399752bc16e0b35e038bdb659ba237f4222616b4e83fb9654985 \
+    --hash=sha256:c29dd9a3a9d259c9fa19d19738d021632d673f6ed9b35a739f48e5f807f264fb \
+    --hash=sha256:c7407cfcad702f0b6c0e0f3e7ab876cd1d2c13b14ce770e412c0c4b9728a0f88 \
+    --hash=sha256:da0a98d458010bf4fe535f2d1e367a2e2060e105978873c04c04212fb20543f7 \
+    --hash=sha256:df05aa5b241e2e8045f5f4367a9f6187b09c4cdf8578bb219861c4e27c443db5 \
+    --hash=sha256:f290617f74a610849bd8f5514e34ae3d09eafd521dceaa6cf68b3f4414266d4e \
+    --hash=sha256:f30ddd110634c2d7534b2d4e0e22967e88366b0d356b24de87419cc4410c41b7
+    # via black
+urlwait==1.0 \
+    --hash=sha256:a9bf2da792fa6983fa93f6360108e16615066ab0f9cfb7f53e5faee5f5dffaac \
+    --hash=sha256:eae2c20001efc915166cac79c04bac0088ad5787ec64b36f27afd2f359953b2b
+    # via -r requirements/dev.in
+
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
+# setuptools
diff --git a/requirements.in → requirements/prod.in b/requirements.in → requirements/prod.in
@@ -1,6 +1,6 @@
-# prod
 APScheduler==3.8.1
 boto3==1.16.59
+backports.zoneinfo==0.2.1
 celery==4.4.7
 configparser==5.0.1
 contextlib2==0.6.0.post1
@@ -34,19 +34,7 @@ PyFxA==0.7.7
 pysilverpop==0.2.6
 python-decouple==3.4
 PyYAML==6.0
-https://github.com/mozmeao/FuelSDK-Python/archive/172815bd74009e36b728b16f774f1aafecb06d03.tar.gz#egg=Salesforce-FuelSDK==1.2.0
 sentry-sdk==0.19.5
 simple-salesforce==1.10.1
 user-agents==2.2.0
 whitenoise==5.2.0
-
-# testing / dev
-black==19.10b0
-flake8==3.7.9
-mock==3.0.5
-pbr==5.4.4
-pip-tools==5.3.1
-pep8==1.7.1
-pytest-django==4.1.0
-pytest-pythonpath==0.7.3
-urlwait==1.0