# Part VII: Testing and Quality Assurance

## Chapter 16: Code Quality

Maintaining high code quality is essential for production applications. Automated tools for linting, formatting, and type checking catch bugs before they reach production, enforce consistent style across teams, and make code reviews more efficient. This chapter covers the modern Python toolchain for quality assurance, specifically optimized for FastAPI applications with Pydantic models and SQLAlchemy.

---

### 16.1 Linting and Formatting: `ruff`, `black`, and `isort`

Modern Python development uses specialized tools for different quality aspects. `ruff` has emerged as the fastest Python linter (written in Rust), replacing `flake8`, `pylint`, and `isort`. `black` remains the standard formatter.

#### Understanding the Toolchain

```
┌─────────────────────────────────────────────────────────────────┐
│                Code Quality Toolchain Flow                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  Your Code → [ruff check] → [black] → [mypy] → Clean Code      │
│             (Lint/Style)   (Format)   (Types)                   │
│                                                                  │
│  ruff:                                                           │
│  - Syntax errors                                                 │
│  - Import sorting (replaces isort)                               │
│  - Code complexity                                               │
│  - Security issues (bandit rules)                                │
│  - FastAPI/Pydantic specific rules                               │
│                                                                  │
│  black:                                                          │
│  - Consistent formatting                                         │
│  - Line length (default 88)                                      │
│  - Quote style                                                   │
│  - No configuration needed (opinionated)                         │
│                                                                  │
│  mypy:                                                           │
│  - Type consistency                                              │
│  - Generic validation                                            │
│  - SQLAlchemy/Pydantic integration                               │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
```

#### Setting Up Ruff

```toml
# pyproject.toml - Ruff configuration
[tool.ruff]
# Target Python version
target-version = "py311"  # Python 3.11

# Line length (match black)
line-length = 88

# Include all Python files
include = ["*.py", "*.pyi", "**/pyproject.toml"]

# Exclude directories
exclude = [
    ".git",
    ".venv",
    "__pycache__",
    "build",
    "dist",
    "migrations",  # Auto-generated Alembic files
    ".pytest_cache",
]

[tool.ruff.lint]
# Enable rule categories
select = [
    "E",   # pycodestyle errors
    "W",   # pycodestyle warnings
    "F",   # Pyflakes
    "I",   # isort (import sorting)
    "N",   # pep8-naming
    "W",   # warnings
    "UP",  # pyupgrade (Python upgrade checks)
    "B",   # flake8-bugbear
    "C4",  # flake8-comprehensions
    "SIM", # flake8-simplify
    "TCH", # flake8-type-checking
    "PTH", # flake8-use-pathlib
    "ERA", # eradicate (commented code)
    "RUF", # Ruff-specific rules
    "C90", # mccabe complexity
    "S",   # flake8-bandit (security)
]

# Ignore specific rules
ignore = [
    "E501",    # Line too long (handled by black)
    "B008",    # Do not perform function calls in argument defaults (FastAPI Depends)
    "C901",    # Too complex (adjust threshold instead)
    "S101",    # Use of assert detected (common in tests)
    "S104",    # Possible binding to all interfaces (0.0.0.0)
]

# Allow autofix for specific rules
fixable = ["I", "F", "E", "W", "UP", "B", "SIM", "C4"]
unfixable = []

# Per-file-ignores
[tool.ruff.lint.per-file-ignores]
"tests/*" = ["S101", "S105", "S106"]  # Allow asserts and hardcoded passwords in tests
"app/migrations/*" = ["ALL"]          # Ignore everything in migrations

# isort configuration (via ruff)
[tool.ruff.lint.isort]
known-first-party = ["app", "tests"]  # Recognize local imports
known-third-party = ["fastapi", "pydantic", "sqlalchemy", "starlette"]

# Pydantic-specific settings
[tool.ruff.lint.pydocstyle]
convention = "google"  # Google docstring style

# Complexity settings
[tool.ruff.lint.mccabe]
max-complexity = 10  # Cyclomatic complexity threshold
```

**Ruff Commands:**

```bash
# Check all files
ruff check .

# Check with auto-fix
ruff check . --fix

# Check specific file
ruff check app/main.py

# Show all enabled rules
ruff linter

# Check for specific rule
ruff check . --select E,W,F
```

#### Black Configuration

```toml
# pyproject.toml - Black configuration
[tool.black]
line-length = 88
target-version = ['py311']
include = '\.pyi?$'
extend-exclude = '''
/(
  # directories
  \.eggs
  | \.git
  | \.hg
  | \.mypy_cache
  | \.tox
  | \.venv
  | build
  | dist
  | migrations
)/
'''

# Force specific style
skip-string-normalization = false  # Use double quotes
skip-magic-trailing-comma = false  # Allow trailing commas
```

**Black Commands:**

```bash
# Check formatting (dry run)
black --check app/

# Format files
black app/ tests/

# Diff of changes
black --diff app/main.py

# Format with specific line length
black -l 100 app/
```

#### Import Sorting with Ruff (replaces isort)

Ruff handles import sorting natively, eliminating the need for `isort`:

```python
# Before ruff (unsorted):
import os
from app.models import User
import json
from typing import List
from fastapi import FastAPI
import pytest
from sqlalchemy import select
from app.database import get_db
from datetime import datetime

# After ruff (sorted):
# Standard library
import json
import os
from datetime import datetime
from typing import List

# Third party
import pytest
from fastapi import FastAPI
from sqlalchemy import select

# First party (local)
from app.database import get_db
from app.models import User
```

**Ruff import sorting groups:**
1. `__future__` imports
2. Standard library (`os`, `sys`, `json`, etc.)
3. Third-party (`fastapi`, `sqlalchemy`, `pydantic`, etc.)
4. First-party/local (`app`, `tests`)
5. Relative imports (`.models`, `..config`)

---

### 16.2 Type Checking: Integrating `mypy` with FastAPI

`mypy` performs static type checking, catching type errors before runtime. FastAPI's heavy use of Pydantic and SQLAlchemy requires specific configuration for accurate type checking.

#### MyPy Configuration for FastAPI

```toml
# pyproject.toml - mypy configuration
[tool.mypy]
# Python version
python_version = "3.11"

# Strictness settings
strict = true  # Enable all strict options
warn_return_any = true
warn_unused_configs = true
warn_unused_ignores = true
warn_redundant_casts = true
warn_unreachable = true

# Ignore missing imports for untyped libraries
ignore_missing_imports = true

# Show error codes (useful for # type: ignore[code])
show_error_codes = true

# Follow imports
follow_imports = "normal"
follow_imports_for_stubs = true

# Plugin configuration for SQLAlchemy and Pydantic
plugins = [
    "pydantic.mypy",           # Pydantic plugin
    "sqlalchemy.ext.mypy.plugin",  # SQLAlchemy plugin (v1.4+)
]

# Exclude paths
exclude = [
    "migrations",
    "venv",
    ".venv",
    "__pycache__",
    "build",
]

# Per-module configuration
[[tool.mypy.overrides]]
module = "tests.*"
ignore_errors = true  # Don't type-check tests (optional)

[[tool.mypy.overrides]]
module = "app.migrations.*"
ignore_errors = true

# Pydantic specific settings
[tool.pydantic-mypy]
init_forbid_extra = true      # Forbid extra kwargs in __init__
init_typed = true             # Add types to __init__
warn_required_dynamic_aliases = true
warn_untyped_fields = true

# SQLAlchemy specific (for v2.0)
[tool.mypy-sqlalchemy]
warn_redundant_casts = true
warn_unused_ignores = true
```

**MyPy with FastAPI Examples:**

```python
# mypy_examples.py - Type checking patterns

from fastapi import FastAPI, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from pydantic import BaseModel
from typing import Annotated, Optional, List

app = FastAPI()

# SQLAlchemy model (typed)
class User(Base):
    __tablename__ = "users"
    
    id: Mapped[str] = mapped_column(primary_key=True)
    username: Mapped[str] = mapped_column(unique=True)
    email: Mapped[str]
    is_active: Mapped[bool] = mapped_column(default=True)

# Pydantic schemas (fully typed)
class UserCreate(BaseModel):
    username: str
    email: str
    password: str  # type: ignore[reportIncompatibleMethodOverride]  # If needed

class UserResponse(BaseModel):
    id: str
    username: str
    email: str
    is_active: bool
    
    class Config:
        from_attributes = True

# Dependency with proper typing
DBSession = Annotated[AsyncSession, Depends(get_db)]

@app.post("/users/", response_model=UserResponse)
async def create_user(
    user_data: UserCreate,  # Pydantic validates input
    db: DBSession           # Typed dependency
) -> UserResponse:          # Explicit return type
    """
    Fully typed endpoint.
    
    mypy will check:
    - user_data is UserCreate
    - db is AsyncSession
    - Return value matches UserResponse
    """
    # Type checked database query
    result = await db.execute(
        select(User).where(User.username == user_data.username)
    )
    existing: Optional[User] = result.scalar_one_or_none()
    
    if existing:
        raise HTTPException(status_code=400, detail="User exists")
    
    # Type inference works here
    user = User(
        username=user_data.username,
        email=user_data.email,
        hashed_password="hashed"
    )
    
    db.add(user)
    await db.commit()
    await db.refresh(user)
    
    # Return type checked against UserResponse
    return user  # Pydantic converts SQLAlchemy model


# Handling Optional types
@app.get("/users/{user_id}", response_model=Optional[UserResponse])
async def get_user(
    user_id: str,
    db: DBSession
) -> Optional[UserResponse]:
    """Return user or None (404 handled by FastAPI)."""
    result = await db.execute(select(User).where(User.id == user_id))
    user: Optional[User] = result.scalar_one_or_none()
    
    if not user:
        raise HTTPException(status_code=404, detail="Not found")
    
    return user


# Generic types
T = TypeVar("T")

class PaginatedResponse(BaseModel, Generic[T]):
    items: List[T]
    total: int
    page: int
    page_size: int

@app.get("/users/", response_model=PaginatedResponse[UserResponse])
async def list_users(
    db: DBSession,
    page: int = 1,
    page_size: int = 10
) -> PaginatedResponse[UserResponse]:
    """Generic paginated response."""
    result = await db.execute(select(User).offset((page-1)*page_size).limit(page_size))
    users: List[User] = result.scalars().all()
    
    return PaginatedResponse(
        items=users,  # mypy checks this is List[UserResponse]
        total=len(users),
        page=page,
        page_size=page_size
    )
```

**Running MyPy:**

```bash
# Type check entire project
mypy app/

# Type check specific file
mypy app/main.py

# Show error statistics
mypy app/ --show-error-codes

# Ignore missing imports (third party without types)
mypy app/ --ignore-missing-imports

# Generate report
mypy app/ --html-report mypy_report/

# Check specific module
mypy -p app
```

---

### 16.3 Pre-commit Hooks: Automating Quality Checks

Pre-commit hooks run checks before code is committed to git, preventing bad code from entering the repository. This ensures all commits meet quality standards.

#### Pre-commit Configuration

```yaml
# .pre-commit-config.yaml
# Install: pip install pre-commit
# Setup: pre-commit install
# Run manually: pre-commit run --all-files

repos:
  # General file checks
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: trailing-whitespace        # Remove trailing whitespace
      - id: end-of-file-fixer          # Ensure newline at end of file
      - id: check-yaml                 # Validate YAML syntax
      - id: check-json                 # Validate JSON syntax
      - id: check-toml                 # Validate TOML syntax
      - id: check-added-large-files    # Prevent large files (>500KB)
        args: ['--maxkb=500']
      - id: check-merge-conflict       # Detect merge conflict markers
      - id: check-case-conflict        # Check for case conflicts
      - id: detect-private-key         # Prevent committing private keys
      - id: mixed-line-ending          # Fix line endings (LF vs CRLF)

  # Ruff (linting and import sorting)
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.1.9
    hooks:
      - id: ruff
        args: [--fix, --exit-non-zero-on-fix]  # Auto-fix issues
        types_or: [python, pyi, jupyter]
      - id: ruff-format  # Formatting (alternative to black)
        types_or: [python, pyi, jupyter]

  # Black formatting (if not using ruff-format)
  # - repo: https://github.com/psf/black
  #   rev: 23.12.1
  #   hooks:
  #     - id: black
  #       language_version: python3.11
  #       args: [--line-length=88]

  # MyPy type checking
  - repo: https://github.com/pre-commit/mirrors-mypy
    rev: v1.7.1
    hooks:
      - id: mypy
        additional_dependencies:
          - pydantic>=2.0.0
          - sqlalchemy>=2.0.0
          - types-python-jose
          - types-passlib
          - pytest
        args: [--strict, --ignore-missing-imports]

  # Security scanning with bandit (via ruff now, but explicit is ok)
  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.6
    hooks:
      - id: bandit
        args: ["-c", "pyproject.toml"]
        additional_dependencies: ["bandit[toml]"]

  # Dockerfile linting (if using Docker)
  - repo: https://github.com/hadolint/hadolint
    rev: v2.12.0
    hooks:
      - id: hadolint-docker

  # Git commit message validation
  - repo: https://github.com/commitizen-tools/commitizen
    rev: v3.13.0
    hooks:
      - id: commitizen
        stages: [commit-msg]
```

**Pre-commit Usage:**

```bash
# Install hooks (run once after cloning)
pre-commit install

# Install commit-msg hook (for commitizen)
pre-commit install --hook-type commit-msg

# Run all hooks on all files
pre-commit run --all-files

# Run specific hook
pre-commit run ruff --all-files

# Skip hooks temporarily (emergency)
git commit -m "fix: hotfix" --no-verify

# Update hooks to latest versions
pre-commit autoupdate

# Clean cache
pre-commit clean
```

**Skipping Specific Hooks:**

```bash
# Skip specific hook
SKIP=mypy git commit -m "wip: work in progress"

# Skip multiple
SKIP=ruff,black git commit -m "wip: updating"
```

---

### 16.4 CI/CD Pipelines: GitHub Actions for Automated Testing

Continuous Integration ensures code quality checks run automatically on every pull request and push to main branches.

#### GitHub Actions Workflow

```yaml
# .github/workflows/ci.yml
name: CI

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  test:
    runs-on: ubuntu-latest
    
    # Service containers (PostgreSQL for testing)
    services:
      postgres:
        image: postgres:15
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: test_db
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
      
      redis:
        image: redis:7
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12"]

    steps:
    - uses: actions/checkout@v4

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
        cache: 'pip'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install -r requirements-dev.txt

    - name: Lint with ruff
      run: |
        ruff check app/ tests/
        ruff format --check app/ tests/

    - name: Type check with mypy
      run: |
        mypy app/ --strict

    - name: Test with pytest
      env:
        DATABASE_URL: postgresql+asyncpg://postgres:postgres@localhost:5432/test_db
        REDIS_URL: redis://localhost:6379/0
        SECRET_KEY: test-secret-key-for-ci
      run: |
        pytest tests/ -v --cov=app --cov-report=xml --cov-report=term

    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./coverage.xml
        fail_ci_if_error: false

  security:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    
    - name: Run security scan with bandit
      run: |
        pip install bandit
        bandit -r app/ -f json -o bandit-report.json || true
        bandit -r app/

    - name: Run pip-audit
      run: |
        pip install pip-audit
        pip-audit

  build:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    
    - name: Build Docker image
      run: |
        docker build -t fastapi-app:${{ github.sha }} .
        
    - name: Test Docker image
      run: |
        docker run --rm fastapi-app:${{ github.sha }} python -c "import app"
```

#### Pre-commit CI Configuration

```yaml
# .github/workflows/pre-commit.yml
name: Pre-commit checks

on:
  pull_request:
  push:
    branches: [main]

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v5
      with:
        python-version: '3.11'
    - uses: pre-commit/action@v3.0.0
```

#### Advanced CI with Matrix Testing

```yaml
# .github/workflows/advanced-ci.yml
name: Advanced CI

on:
  push:
    branches: [main]
  pull_request:

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install ruff
      - run: ruff check .
      - run: ruff format --check .

  typecheck:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install mypy pydantic sqlalchemy
      - run: mypy app/

  test:
    needs: [lint, typecheck]
    runs-on: ubuntu-latest
    
    services:
      postgres:
        image: postgres:15-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: test
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432

    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          
      - name: Install dependencies
        run: |
          pip install -r requirements.txt
          pip install pytest pytest-asyncio pytest-cov
          
      - name: Run tests
        run: pytest --cov=app --cov-report=xml
        env:
          DATABASE_URL: postgresql+asyncpg://postgres:postgres@localhost/test
          
      - name: Coverage report
        uses: codecov/codecov-action@v3
        with:
          files: ./coverage.xml

  build:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build and push Docker
        uses: docker/build-push-action@v5
        with:
          push: ${{ github.event_name != 'pull_request' }}
          tags: |
            ghcr.io/${{ github.repository }}:${{ github.sha }}
            ghcr.io/${{ github.repository }}:latest
```

---

### Summary

In this chapter, you established automated code quality workflows:

1. **Linting and Formatting**: Configured `ruff` as a unified linter and import sorter, replacing multiple tools. Set up `black` for consistent code formatting with 88-character line lengths.

2. **Type Checking**: Integrated `mypy` with FastAPI-specific plugins for Pydantic and SQLAlchemy, enabling strict type checking to catch errors before runtime.

3. **Pre-commit Hooks**: Automated quality checks with `.pre-commit-config.yaml`, running ruff, black, mypy, and security scans before each commit, ensuring no bad code enters the repository.

4. **CI/CD Pipelines**: Created GitHub Actions workflows for automated testing across Python versions, with service containers for PostgreSQL and Redis, coverage reporting, and security scanning.

**Quality Assurance Checklist:**
- Run `ruff check .` and `ruff format .` before committing
- Use `mypy app/` to verify type safety
- Install pre-commit hooks with `pre-commit install`
- Ensure CI passes before merging pull requests
- Keep coverage above 80% with `pytest --cov=app`

---

### What's Next?

**Chapter 17: Mastering Async/Await** will cover:
- **`def` vs `async def`**: Understanding when to use synchronous versus asynchronous endpoint functions based on their I/O characteristics
- **Blocking vs Non-Blocking**: Identifying operations that block the event loop (file I/O, CPU-intensive tasks) and learning to offload them properly
- **Running Blocking Code**: Using `run_in_threadpool` to execute blocking libraries (like `requests`, `pandas`) without freezing the application
- **Background Tasks**: Leveraging FastAPI's `BackgroundTasks` for fire-and-forget operations like sending emails or processing images after returning the HTTP response

This next chapter dives deep into the async programming model that makes FastAPI fast, ensuring you avoid common pitfalls that degrade performance.