https://github.com/commaai/dependencies

vendored dependencies, wrapped as pip packages, for all comma projects
https://github.com/commaai/dependencies

Last synced: 2 months ago
JSON representation

vendored dependencies, wrapped as pip packages, for all comma projects

• Host: GitHub
• URL: https://github.com/commaai/dependencies
• Owner: commaai
• Created: 2025-08-09T17:34:40.000Z (10 months ago)
• Default Branch: master
• Last Pushed: 2026-03-21T18:18:49.000Z (3 months ago)
• Last Synced: 2026-03-22T07:05:31.907Z (3 months ago)
• Language: Python
• Homepage:
• Size: 167 KB
• Stars: 3
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# dependencies

a central repo for [vendoring](https://htmx.org/essays/vendoring/) all third party dependencies for comma projects.

since all our projects are Python, we wrap each vendored dependency as a pip package. `git clone` and `uv sync` is all you need.

motivations for this approach

- `apt-get` is slow

- `apt-get` updates its packages on a schedule we don't control

- `apt-get` package versions don't match `brew` versions

- `apt-get` doesn't come with Arch Linux

- `apt-get` packages come with more than we need, bloating our project footprint 

`uv`, as opposed to `apt-get`, `brew`, and friends, is fast and already used in our projects.

we target the following platforms:

- Linux x86_64

- Linux aarch64

- Darwin aarch64 (Apple Silicon)

contributions welcome for other platforms!

## usage

```python

dependencies = [

  # use per-package release branches for pre-built wheels

  "capnproto @ git+https://github.com/commaai/dependencies.git@release-capnproto#subdirectory=capnproto",

  "ffmpeg @ git+https://github.com/commaai/dependencies.git@release-ffmpeg#subdirectory=ffmpeg",

  # use the master branch to build the package on pip install

  "capnproto @ git+https://github.com/commaai/dependencies.git@master#subdirectory=capnproto",

  "ffmpeg @ git+https://github.com/commaai/dependencies.git@master#subdirectory=ffmpeg",

]

```

## workflow

to add a new package:

* start a new top-level directory as a new package

* `./test.sh` tests the building of all packages

*  on pushes to `master`, wheels are built for our target platforms and pushed to a GitHub release

*  each `release-` branch contains a single shim package, so old lockfiles keep resolving even as new packages are added