Skip to content
Latchkey

pip-compile (pip-tools): Lock Command Reference

Compile loose requirements into a fully pinned, hashed lockfile.

pip-compile (from the pip-tools package) resolves a high-level requirements.in (or pyproject.toml) into a fully pinned requirements.txt. CI uses it to generate and verify a deterministic lock.

Common flags / usage

  • pip-compile requirements.in -- write a pinned requirements.txt
  • -o FILE -- choose the output file name
  • --generate-hashes -- add integrity hashes for --require-hashes installs
  • --upgrade -- re-resolve to the newest allowed versions
  • --upgrade-package PKG -- bump only one package

Example

shell
- run: pip install pip-tools
- run: pip-compile --generate-hashes -o requirements.txt requirements.in
# Gate: fail if the committed lock is stale
- run: |
    pip-compile --quiet -o /tmp/check.txt requirements.in
    diff requirements.txt /tmp/check.txt

In CI

Commit the compiled requirements.txt and install it with pip install --require-hashes for a hardened, reproducible build. A diff gate catches a forgotten re-compile before merge.

Key takeaways

  • pip-compile turns requirements.in into an exhaustively pinned requirements.txt.
  • --generate-hashes enables tamper-evident --require-hashes installs.
  • Diff a fresh compile against the committed lock as a CI staleness gate.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →