AI-assisted dependency management

1. AI-assisted dependency management

Welcome back! In this video, we will explore how AI can help with dependency management and environment configuration in software projects. Let's dive in!

2. The problem

So far, I have been able to run Atlas on my machine. However, let's say I'm now trying to run Atlas on a real production server, and the installation fails. How can it be? It seems Atlas works on one machine but not another!

3. Dependency conflicts

Let's have a closer look. Atlas is a data analysis toolbox, so it depends on a lot of third-party libraries. If our environment is not reproducible, two people running the same code on different machines can get different results. These types of issues are known as dependency conflicts.

4. AI analyzes the error

AI can help us solve this conflict! Let's say we encounter this error about version conflicts during installation. AI is useful here because it can read the error output and identify the root cause with a simple diagnosis prompt that contains the right context.

5. Root cause analysis

In this case, the AI model indicates a conflict between Atlas requirements and the packages already installed on the server. A straightforward fix is to use a virtual environment to isolate dependencies and make the setup reproducible.

6. Reproducible environments

Ideally, we want a single command that creates the exact environment every time. Since Atlas does not yet include clear instructions for running the codebase in a virtual environment, we can use AI to quickly generate the setup commands and add them to the repository. That way, colleagues can consistently create an environment that allows Atlas to be installed successfully.

7. Generating setup commands

Using this prompt, the model effectively guides us through creating a virtual environment and resolving the installation conflict. Feel free to pause the video and carefully read the proposed prompt, as well as the key part of the model's response explaining how to use a virtual environment.

8. Transitive dependencies

Analytics toolboxes often pull in many packages. Even if Atlas does not depend directly on a vulnerable library, it can still be pulled in indirectly through another package. That is called a transitive dependency. We need to detect these issues using dependency auditing tools. We can follow the same workflow as we did for pip-audit: Run the tool and then use AI to interpret the reports, suggest safer versions or alternatives, and highlight any required code changes.

9. Maintainable dependencies

We also want maintainable dependencies. Actively maintained dependencies have a lower security risk. We can generate license and maintainability reports from our dependency set, and AI can help us get the exact commands we need.

10. Inspecting reports

Let's run the proposed command that uses pip-licenses and generates a licenses.json report. On screen, we can observe how the resulting report looks like.

11. AI proposes alternatives

We can also use the model to aggregate and interpret the results from the dependency list that we just generated. Here, we are asking the model to provide a summary table of the findings and to propose alternatives for the top risky dependency.

12. Automating environment setup

Finally, as with functional and security testing, it's best practice to automate environment setup and license checking. We want two guarantees: A new developer can set up Atlas with one command. And continuous integration can validate that the environment is correct on every change.

13. Part of daily workflow

As seen in previous videos, AI can help generate the required scripts and connect them to continuous integration. When this is in place, dependency management becomes part of your daily workflow, not an emergency task after something breaks.

14. Let's practice!

Now, it is your turn. Let's practice!

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.