« Return to show page
Transcript for Episode #227:
No more awaiting, async comes to SQLAlchemy
00:00 Hello, and welcome to Python bytes, where we deliver Python news and headlines directly to your earbuds. This is Episode 227. Recorded March 31. Nice. I'm Brian knockin Michael Kennedy. I'm myka allerease. Welcome. Good to have you here. Thanks, Mike. And Brian, I'm a big fan of the both of your shows. Oh, thank you. Wonderful. Yeah, that's really nice and super cool. You could drop in here and be part of the show. Even before we get on maybe just tell folks about yourself. What do I do? I'm a software developer for more than 10 years. And then I'm also an organizer of the Python community in the Philippines. So yeah, that's about it. Yeah, to jump in. Let's jump in. All right. Well, um, the other day, I was on Twitter. I
00:52 sorry, I made myself laugh. So Ned batchelder.
00:57 put out a comment, said public service announcement, please do not remove old versions from HP, ipi, because it just causes work for people that have to go find your old versions on GitHub. Pi Pi has a gank feature that you should use instead. And I didn't know about this. Yeah, I didn't know about it, either. I thought you just have to live with leaving it there, or you take it away and cause trouble. Yeah, so. So this is pretty cool. What it does is, um, and I should have had a screenshot of this up. But basically, in peipsi, when you go in and you go in and log into your account, and you go to one of your your the package that you want to take a version down from. And when you go actually if you go to try to delete it, it'll pop up a comment that says, hey, maybe you should make this instead of deleting. And this apparently this just came out like last year or a year before, I can't remember, but it's not terribly old. And I missed it. Yankee is about the same thing. So yanking leaves it there. But it, it doesn't automatically grab that version, even if it's within a range that you've specified, the only way you pipey I'll grab that version is if you specifically have that exact version specified to to grab. And that way, if somebody has a pinned version to just that version, if you if it's gone, they just won't download anything. So that's not nice. It's just gonna crash and Docker build or their system will install or whatever, something bad, right? Yeah, but and then I also wanted to link to Doug Hellman article about. So you've released a broken package, what do you do now? And his recommendation is just relax, it happens. Just push it out again, fix it and push it out. And so I generally, I don't know if I've ever thought of the need to yank because most people probably won't pin the the bad version unless it's unless they know it works for them. So I guess I wouldn't worry about it too much. I did say I guess this is new as well. This is from May of 2019. This yank feature according to the PAP, at least something around that timeframe. So it's pretty new, but it definitely seems like a good feature. Okay. Have you heard of this? I also haven't pushed anything on IP. Just internal packages. Yeah, yeah. Then you just tell people Oh, this is broken. Don't don't use that one. Yeah, if you put it out on pi pi, then yeah, someone PIP installs, Pip freezes it. They've got it. So I guess it depends how popular packages. But even if you have an unpopular one, you know, you've got a just 1000 downloads a day or something or that's still a very high likelihood that someone's gonna grab it. Just pushed up something recently, I was excited that he got up to like, 24 downloads a day. No, I mean, that's, that's good. I think I have nothing I have nothing that scale. I'm thinking you know, if you're you if you're doing flask or Django or pandas and you push a bad thing, like you're gonna hear about it for a long time. It's, it's gonna be a high stress event, where as opposed to like, the stuff that I have up there, no one would notice long as I got to it pretty quick. I'll stick one of mine up in the in the the extra section at the end. Okay. Yeah, perfect. Yeah, I was about to ask.
04:06 So SQL alchemy, maybe you guys have heard of this. I think it's about something to do with databases, something like that. Yeah. So SQL alchemy obviously is the most popular ORM for talking to databases without writing raw SQL which I think for the most part this is the way you should be doing it right you should be programming as suddenly things just change the connection string and it works It doesn't matter what underlying operating or underlying database you're talking to. It'll figure it out. Mostly we'll get to that but big news Mike bear has been working super hard to get SQL alchemy 1.4 out and does it say here says this is a ton of work that they put into over I believe this is months of work, and I think it came out last week but we didn't have time to cover it. So here it is. And this is notable not just because oh look at some point releasing there's a few things but there's a bunch of big changes for people that know about sequel alchemy for example. This is the first one that is moving towards sequel alchemy to Dotto.
05:00 is a big change of the API's and things like that. So it introduces a bunch of new API's, especially around async and await. So this is the first sequel alchemy that natively supports without some kind of external patching thing natively supports using the ORM to talk to the database using async. And await allow you to plug into things like fast API and other places in a real scalable way, though, that's pretty cool. And yeah, the fact that it's moving on to this, this tuo style is pretty interesting. So yeah, big news, right? Yeah. Yeah, cool. And there's a lot of changes around working with the ORM towards this new API. So it used to be you would create a session, and then you would say session query of the class, you want to query and then like filter and order by and all that kind of stuff. And that stuff is gone, not removed, but it's not the new style. And it's not the styles that supports async, and await. So I'm pulling up here, this, this doc that shows like the before and after. So if you wanted to get all the users used to say session query of user all now what you do is use this combination of SELECT statements and then executing them. I believe this comes out of the core of SQL alchemy, there was a way to do the core queries, and then the ORM queries. And I think it's leaning more on the way that the core works. So now you would say session dot execute, select every user. And there's a few more steps. For some reason, you got to say, dot scalars dot, all you don't do that what you get back is like a bunch of tuples, where some part of the tuple on each entry is the thing you were looking for, I believe. So it's not super different, but it is not even close to the same. So that's, that's something that people should look at. Let's see if I can find the async support here. I'll just show you one thing that you also I want to point out, I said, normally, you can just change what database you talk to you, if you're doing the async API, you have to be more specific about it. For example, if you just tried to talk to SQL lite, it'll crash and says the sequel lite driver doesn't support async sorry, you can no longer use, you can't use that API to talk to SQL Lite. But what you can do from
06:59 time taken from one of my classes is you can use a different connection string. This is from my second fast API course. You can say SQL light plus AI Oh SQL light and say, I want to use the AI Oh, SQL light driver, not the plain SQL light driver for my async connection. Right? Yeah. So if you do that, then you're back to good things go Yeah, things go as you would expect, which is really cool. And then you got to do things different. So to create an engine, you got to create an async engine, the way you work with the the session object is now with the async. With block. There's a lot of interesting, like slight variations going on. But you know, basically, it's really cool that you can now do SQL lite, or SQL alchemy and SQL lite, I guess, but especially SQL alchemy against the databases using the ORM in an async and await friendly way. That's that's the big news. That's really cool. Yeah, I actually think the changes to the your m are kind of neat. Yeah, no, I'm not saying I just like that. They're just you're not just going to be able to put in a weight in front of what used to do. It's a it's a different API, you got to kind of go through and figure it out. But it's, it's fine. It's good. I'm really happy to see. Okay, let's see. Do you think with SQL alchemy? Yeah, it looks the new query style is more understandable, I guess. But I'm just worried about those who were using the old version in production. Yeah, I don't know if it's gonna go away and sequel alchemy to I'm not sure what the story is there, what the future plans are. But if you want to take advantage of the async and await stuff, you've got to go do new things. But there's not going to be a lot of old code. I mean, there's gonna be no old code doing the old async await because it just wasn't supported at all right. So it should be okay. Oh, yeah. All right. Well, that's that for that one, then I think you're up next, right on your iPhone, this Django tenant package back in 2017. And then I just, I was just surprised that it's still being maintained when I when I looked at it. And so it's a multi tenancy implementation for Django, typically used for SAS website. So it's like, what's a what's a good use case? Let's say you have a restaurant with a franchise, and then you have different branches for each location. Then you can have
09:12 for example, your main web main web app is my website that calm and then you can have, let's say, Makati that my website that calm or branch to that my website that calm, it uses Kosgei SQL schemas. So for each then it has a different, it will use a different schema for for each, then. Yeah, this is really neat, because that is such a big challenge. I know. People that have sites that they build that their customer wants to log in multiple logins for them, and when they go in there, they want to see their data but you don't want to have a copy of the website for everyone. You don't have one website.
10:00 Do you maintain? And it's always filtered to what company? Are you in? You get to see the data related to that company that account as someone else comes in. Yeah. And this is this is super cool. Is the data leaks can cause you lawsuits? Yeah. Yeah. I mean, you could do it yourself, right? Every single query, you could say, whatever the query is, and your company ID equals or account ID equals whatever it is, but if you forget one time, yeah. in a bad way. Yeah. Yeah. Yeah. This is very cool. Yeah. I was always curious about. I mean, I'm sure there's other ways too, but I was curious about how people would do that, to build this house off of Jenga. It's interesting. And it's based on domains. So like tenant one.domain.com, tenant, two.domain.com, and so on. Yeah. So I like it. I mean, if you're doing Django stuff, it seems it seems like it makes a lot of sense. And this goes down to the actual Django ORM models, right? Yeah. Yeah. Cool. Well, I don't have any use case for this. I don't, right now. But I see that a lot of people out there would I mean, like I said, if if you've got a group of people associated with one customer and another group of people associate with another customer, and you want to make sure that only their data is all kind of shared, but not not overly shared, then this is a cool use case. Yeah. Nice. Well, that's a really good find. Yeah, cool. Awesome. Awesome. All right. I'm Brian. You're ready to commit? Oh,
11:28 yeah. Yeah. So
11:30 I think we've talked about pre commit, I'm pretty sure we have
11:34 talked about pre commit hooks in the small but not necessarily in the framework style, I don't know. Yeah, so. So pre commit the well, this is the documentation for pre commit the normal pre commit, everybody knows and loves. And if you don't know it, and love it, you should probably check it out. Because it's a, it's a, I wanted to bring up a couple of things. One of them is that it's a it's a lot more than just so I get I, I am, along with a lot of other people ran across pre commit with things like I want to remember to run black. And you know, I know I'm going to run my test. So I'm so miserable, just check, make sure that all the tests pass before I check stuff in. And maybe I'll run the linter. And just go ahead and run black over something. And then I don't have to worry about it too much, things like that, before you commit. And that's where the pre commit got its name. But there's a lot more hooks than pre commit, then commit, or the pre commit hook with the pre commit tool, you can hook into pre merge and post merge and all sorts of entry points around version control. So it's a very powerful tool. And there's a there's this thing when when people build up a whole bunch of tooling around it. And you can also get best in class low hook snippets from other people to plug into it, which is really great. But if I'm sharing it across a whole bunch of different projects, I kind of have to copy that into all the repos. But you don't really have to anymore, because because now there's a pre commit ci. So it's a continuous integration type version, like a lot of other like, I don't know, like Travis used to be or something or other sort of ci tools. This is another ci tool chain that you can use. And it'll run, you can set up a pre commit hooks and run it over a project. And one of the nice things about it is you can, you can have a whole bunch of different things set up and configured and run it against multiple projects and have that just set up in a different place. So this is a really, really kind of a cool tool. And I've been trying it out on a couple projects. So yeah, so we have pre commit pre commit framework, which lets you use pre commit hooks, there's a lot of layers, it's like turtles all the way down, you could have pre commit, you can have pre commit hooks for good, but they might be written in all different languages like node or rust or Python or whatever. And getting those installed. And running can be a pain. So there's the pre commit framework, which lets you not worry about that stuff, and just run all these pre commit hooks from different sources. This is another thing on top of that this is a pre commit continuous integration service. So people have heard of pre commit before, this is like extra new stuff that Anthony sottile has been working on. Right? Yeah, yep. And he's been doing this on the side for a little while to try to It's, uh, it's believe it's, well, I've signed up with through GitHub, and I think it's free for open source projects. I don't know the details. But yeah, anyway, I think it's an neat idea. I occasionally get some one of the things that's nice about it, obviously, I'm gonna run pre commit the hooks, but if somebody merges something into my code, they can it can choose not to do that and do a merge request. And this, this allows all those hooks to run on all the merge requests. So I'm a big fan of putting stuff in ci because I've seen so many scenarios where people are part of some of the people on the team are really excited about this and really want to work with it and other people. They don't even want to be bothered to figure out what it is yet, but they're
15:00 In attention to it means the builds break and other stuff goes wrong for the people we're trying to keep. I don't know, though linter happy the unit test running or whatever it is, right? And so if you're relying upon pre commit hooks, this means that everybody gets their pre commit their commit hooks and stuff run and validated, not just the people who didn't, you know, ignore them or whatever. Yeah, like one example is like, just like black. For instance, if you like to run black over stuff before you check it in, you can just not even see it before people do it. And one of the nice things about this is it can, it can change or create a new merge request. So one of the things that will do is if somebody does a pull request or merge request, whatever gets your project and you want this stuff run, like for instance, some of them will actually change your code, Black Swan that changes your code. So this takes the old merge request, runs black on it, and then creates a new merge request with the changes. So that's nice. Yeah. Okay, are you sending pre commit hooks or anything like that with your teams? No, I'm so aware of black but when Brian explained, it's it's, yeah, it's similar to it, although it's something that you put on GitHub. Did I understand that? Well, or whatever, your continuous integration version, the what we're just covering does, you can put it on GitHub, but the and frequent works with GitHub projects as well. But it's something you run locally. So you have it, it's it's run by get pre commit hooks are triggering the hooks that you can configure. Yeah, that's a yes. It's turtles all the way down. Yeah. So Brian, I don't know if you have any awareness of this or not. But I'll ask you anyway, just tell me if you don't know, would it still make sense to wrap it the pre commit framework locally? and have it write to do it locally before it happens in GitHub? So maybe you get a better, more immediate feedback on it? Or, like depend on the one on the CI server? Of course I do. So that because I I want to catch it before I push it up my own stuff. But if somebody
17:07 wants to, you know, do a pull request, I don't even want to look at their code, if it doesn't pass. I mean,
17:13 I mean, it might be a cool idea. But But if it's if if you know, it's a lot of work, if somebody pushes something in it, all the tests are broken, and whatever. And then worst case, you don't want to go back and say, oh, I'll accept your PR, but you have to go and run black against it. And then I'll accept it. Like, just make it automatic. Yeah, just make it automatic. So yeah, yeah, super cool. All right. The next one here comes to us from David's Schmidt. And he, like many of our listeners are very helpful since and things periodically, hey, I happen across this thing at sneak s in y k.io. And I'm not sure how new This is, but it's quite neat. So over here, we have the sneak package advisor. And it's not just for Python is for many of the things I guess three of the things at the moment, NPM Hi, pi and Docker. And what you can do is you can go over here, I'll just focus on ipi for now. And you can put in packages like they have Django they're listed. So let's put Django in and see what happens. And it will tell you, what is the package health score? What is the security story? Have there been issues? Have they been fixed? How often is this being worked on? So many times people who are new to Python, or even not new to Python, but new to an area? Like you know what, I want to start using async and await with an ORM? What are my options? I've been using SQL alchemy and imagine it didn't get an update, I got to switch to something else. What are my choices? Here's four, how do I know which one of those four is still alive, healthy, etc, etc. So you come in here and you can see some information about it. I'm going to say that this is not not necessarily the best. Let me see if I find Django without one of the things I'm seeing that makes me kind of wonder I clicked on the maybe the wrong one. I click on a specific version. And it said it was not very popular and like that can't be right for Jenkins.
18:59 It's an unpopular job. It tells you things like what is the popularity and for Django said this is a key ecosystem project like too big to fail. Why does this maintenance story? It's healthy. Does it have known security concerns? No. is Kennedy active or whatever. And then also, it's cool it has, you might also look at these other packages like Django is getting 97 flask, it shows right there. flask is a 93 out of 100 and a score. And you can open it up and see why there's a bunch of graphs around here as well. You can see like the commit frequency, the open issues, open prs, when was the last commit GitHub forks, all sorts of stuff around here. So number of contributors go down there and see that actually the community shows like The recent people, does it have a code of conduct that it could discover, right, is it have funding that have a contributing Doc, what were the recent security issues, all sorts of stuff, you know, I'm not going to go through all of it, but there's a bunch of cool things you can just pull up about other packages and compare them against each other. You can pull up like flask. If you want
20:00 See that side by side and so on? So, yeah, all right. Yeah, I think it's neat. It's similar to Django packages that are Oh, yeah, Django packages that are, which is why he said a similar idea. But just for like, for Django, layer for Django, or a special admin back in for Django, but this is more like for the whole Yeah, community.
20:25 Are there it supports other languages too, right? Yeah, this sorta it supports node as and Docker. Right. So yeah, I think the idea is probably that more stuff is coming along. But I do like this, you know, if everything else being equal, and you can't decide put two projects in here, and it says, right, you can see, like, to me, one of the big warning signs of an open source project is if there's a bunch of prs that are like six months old, nobody's even bothered to respond. You know, somebody has gone to the effort of I've actually tried to improve this. I've done the work, I've written the test. Here it is, will you just accept it or tell me what I set out to do? And they're not even willing to respond like that is a huge red flag. And that kind of stuff will come up here as well. And hey, Anthony Shaw out there in the live stream, is if you sign up with your GitHub creds sneek will check your project requirements dot txt for you and raise prs. If there's security issues. Yeah. Oh, no. And if you use PI charm, the PI charm security extension it has sneek is integrated in Oh, and Anthony, who makes then pi charm secure extension? That's right, Anthony. That's that one.
21:33 Awesome. Yeah. That's really good work. Anthony. Thanks for the that extra information as well. So you can just search a project on there. Yeah. Put me on the spot. search my cards. What is it? No pi test dash? up? I just checked. Gotcha. Oh, let's see what we get when we're gonna get
21:51 pretty good. You got to 65. I mean, you look, you're recognized like this. And you're no known security issues. Like I'm saying this is the same bad man. The I mean, there are fewer committers than in Django To be fair, but still. Yeah. Right. But, but I'm surprised that there's 10 contributors. This is just something that I it's pretty good. It's probably my oldest package. So that's okay. No, this is pretty good. I mean, it has no no security issues. That's pretty good. And you can even embed a little package health score if you wanted to. Right. Well, let's get let's figure out how I can get it up.
22:27 Yeah, I get that into the 90s. And then in the 90s. Perfect. Fantastic. All right. Who's next? I guess, Kayla, you're next. So there you go. That's about this one. So the This one has been contributed by one of the shows in on Twitter, pants.
23:33 And then started playing with Anvil, which has a similar like really simple way to just get like graphical stuff on the screen. And I was she was all about it. She played with it for hours creating little apps and quizzes for people and stuff. And it's it doesn't seem like a big difference, but that visual aspect, I think it's pretty big. I think.
23:33 You know, it makes a big difference. Yeah, yeah, I was um, so I probably use something like this for maybe
23:33 build scripts, for instance, were used by a team. So sometimes you have like, just a few questions, you need to ask somebody. And you can do that easily on a web form or something like that. But, but if it's a, like a script that you're running on the command line, and some people don't want to run to have interactive command line, I don't understand that actually, personally. Definitely people on my team that will not voluntarily run a command line script. Yeah, absolutely. And it looks like it integrates into existing web frameworks, which is cool. But it also the way it runs, it looks like you might be able to actually package it up with PI installer and just go here, double click this, and it'll come up with some Yeah, yeah. No, don't don't limitation I see is that when once you want to style, the HTML code, that's fire that way part of the future, I mean, yeah.
23:33 Right. Yeah. Cool. That's a good pick. Right. Nice. Thanks to the contributor in on Twitter. Yeah, absolutely. All right. That's that's it for me. Brian, have you got anything else? Um, well, I teased about just saying that while we already talked about paychecks test check a little bit. So I'm the new
23:33 the new package that I just put up last week, I guess, was it's a, I went ahead and I misunderstood. There's a package called pi test poo, which is a brilliant package that I thought I hadn't had it wrong. I thought it put little like, ooh, emojis for failed tests. Turns out it didn't. What it does is, is you put, you had to market test with, like poo. And then it just showed those, whether it passed or failed? And I said, Well, I thought we kind of need to distinguish or So also, I don't think I could get my team to use oo emojis. So I created my test yaak, because I'm a kid of the Mr. Yuck generation, I guess. And so these, what it does is you, you market test with yuck. And if it passes, you get a green, queasy face. And if it fails, it actually throws up so.
23:33 So this is a new and it's download stats are the only date that recorded was 24 downloads. So that's actually pretty good for its first day. That's I'm gonna say that's good. It's probably all me. But then, I don't know, a month ago or so I did I test source pass, which just allows you to specify import paths for so that your tests can find your code. And then, as we already showed, by just check is the one that's been out for years, just allows multiple failures. So those are my my packages. No, those are really cool. And you've been busy.
23:33 As trays? Yeah.
23:33 That's actually nice. All right, I got a few real quick things to throw out there at the end here as well, Marco garelli, sent over this project he's working on called absolute absolute fi imports. So if you've got a package that's using relative imports, and you would rather to convert it over, so all the dot, and you know, from.or, from dot, dot, whatever, import something and turn those into absolute imports, it's like one line. To me, it's a little bit like Flint, run that against your project that turns all the string formatting into f strings, this will do that. But for the imports, take them from relative to absolute. So that might be helpful. People got some code to migrate, they want to do it like this. And then notice Anthony Shah was in the audience. I was already going to cover this last week, Kelly herdez, who said, Oh, I want to talk about beanie, the MongoDB ORM. She's like, Oh, I thought you're talking about Beanie Babies. And then somebody threw out that Anthony Shaw should make a Beanie Baby login. And it looks like he's already made a Beanie Baby Bear.
23:33 That amazing. He had this up like the same day. Well done. Anthony. Thanks for keeping it. Interactive. That's awesome. Yeah, that's good. Yeah, cool. And we talked about supply chain issues and hacks and whatnot. Well, this one should take people's breath away. Like, you were like, Oh, you don't want install from this other other install source rather than from like, main source on python.org, or whatever I was talking about the other day, right? I'm like, I build it from source at this point. This is driving me crazy. Well, DHP, didn't want to use GitHub. They wanted to have their own like sort of GitHub like thing with their own authentication and all that kind of stuff. Well, somebody broke into that, and literally put a backdoor into PHP itself. Oh, think about that. 79% of the websites in the world run on PHP. And the runtime itself had a backdoor in it just for a little while. But yeah, I mean, just for a little while. Yeah, right. So there's
23:33 a little bit of a def here in this Ars Technica article I'm linking to like, excuse me, what is this line? Do? This line executes PHP code from within the user agent. If the string if the user
23:33 It includes zero Diem. So you just put your user eight, you just put the hack, you want to run in your user agent and do a request to the server and off it goes. That's nuts. That's not good. So thankfully, it's not Python. And then this one, this one was you Michaela, right? Yeah. It's the last one. It's the last day of the match membership drive for the PSF. I mean, they said that they you can be a member anytime of the year, but it's the last day for their 2000. Goal. Member for March. Yeah. Super cool. Hopefully they're doing well over here. Yeah. Yeah. People, please be part of that. If, yeah. If you want to be great to support them that way. All right. And I got to say, Michael, thanks for bringing up Flint. I was actually forgot about that. And I need it in. fl YNT. Love it. Yes, y n T. I was googling it for a while till I found it. Nice. Yeah, I've turned that loose on some most of the Python code I have to live with and any frequency I have to go back to it's like, just find all the strings and make them f strings and I'll go look at it. Lovely. I love it. Okay. All right. Speaking of love and stuff, how about a joke? I love one. Alright, so this one comes not to us, but was found and Ricardo for Marissa put this out on Twitter. So I thought this would be fun. Like we've talked about comments before. And we've even had those jokes where it's like all about the comments, right? It's all the crazy things people put in their comments. Like, you know, hash, I really need to find a better job type of comments. So this one is more visual. I know some people are more visual and commenting what they're doing. So Brian, this is a got like a smart speaker or like a, like a, some kind of conference phone. And on the phone. It's got some buttons, they have little icons like a mute microphone. My phone number one, two, like maybe placed the call up down in volumes have like louder volume, less loud volume, maybe describe the comments for our listeners. Well, there's dashed lines to go to each button with like a manual or something right with it with like the the same icon that's on the device just next to it. Just Yeah, exactly. This is like just the EDA slash slash or hash or whatever, of the, you know, logger. logger equals new logger was the comment, you know,
23:33 this is the same, but if we're in the user interface, yeah, that's definitely like the the, you know, string user comment the user.
23:33 Exactly. Beautiful. Nice. Yeah. Well, super fun to be us about Python again with you this week. Kayla, for joining us expand and Miko Yeah, it was really great to have you here. Thanks for coming. Good to see you. As always, Brian. Bye, I think Thank you for listening to Python bytes. Follow the show on Twitter via at Python bytes. That's Python bytes as in BYT s and get the full show notes at python bytes.fm. If you have a news item you want featured just visit Python bisetta fm and send it our way we're always on the lookout for sharing something cool. On behalf of myself and Brian rockin. This is Michael Kennedy. Thank you for listening and sharing this podcast with your friends and colleagues.