Conversation
…nd package publishing
make with black - Cleaned up whitespace and formatting across multiple files. - Standardized string quotes to double quotes for consistency. - Removed unnecessary blank lines and adjusted indentation. - Enhanced logging messages for better clarity. - Updated comments and docstrings for improved documentation. - Ensured consistent use of argument formatting in function definitions. - Improved error handling and response messages in the upload handler. - Streamlined configuration loading and saving methods.
- Fixed unused variable assignments in handlers.py and utils.py - Removed f-string placeholders where not needed in server.py and handlers.py - Split long lines in cli.py, handlers.py, logging_config.py, and server.py - Added .flake8 configuration file with exceptions for templates.py HTML strings - All tests still pass and code formatting is compliant with Black Resolves code quality issues for clean CI/CD pipeline
- Update Python version from 3.8 to 3.9 in mypy configuration - Fix incompatible type assignments in config.py and logging_config.py: - Use default_factory for mutable default list in dataclass - Use Optional[T] syntax for nullable parameters (Python 3.8+ compatibility) - Update CI/CD workflow to use .flake8 config file instead of inline args - All type checks, linting, formatting, and tests now pass Resolves mypy compliance for reliable type checking in CI/CD pipeline
Security Improvements: - Added nosec comments for intentional 0.0.0.0 binding in file server - Created .bandit configuration file to properly handle B104 warnings - Updated CI/CD workflow to use bandit configuration file - Refactored hardcoded IP checks to use variables for better maintainability Code Quality: - Fixed line length violations caused by security comments - Maintained Black formatting compliance - All security, linting, type checking, and tests pass Resolves all Bandit security warnings while maintaining server accessibility
Breaking Changes Fixed: - Updated actions/setup-python from v4 to v5 - Updated actions/upload-artifact from v3 to v4 (fixes deprecation error) - Updated actions/download-artifact from v3 to v4 - Updated codecov/codecov-action from v3 to v4 Pipeline Improvements: - Integrated security checks (bandit) into test job for efficiency - Removed separate security job to reduce complexity - Updated Python version matrix: removed 3.8 (mypy compatibility), added 3.13 - Added bandit to test dependencies for comprehensive security scanning - Simplified job dependencies (build now only needs test) Resolves GitHub Actions deprecation warnings and improves pipeline performance
- Separated security checks back into dedicated job for parallel execution - Test and security jobs now run simultaneously instead of sequentially - Added safety check with || true to prevent failure on system dependencies - Build job now depends on both test and security jobs - Improved overall pipeline efficiency through parallelization
- Move build.py to scripts/build_helper.py to avoid conflict with python -m build - This resolves CI/CD build failures where local build.py was interfering with package building - python -m build now works correctly for package distribution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive development and CI/CD workflow for the project, focusing on code quality, security, and automation. It adds configuration files for linting and security, updates development dependencies, documents the development process, and implements a robust GitHub Actions pipeline for testing, building, and publishing. Additionally, the helper script for build and quality checks is improved and renamed for clarity.
CI/CD and Automation Enhancements:
ci.yml) for CI/CD, covering testing (across OSes and Python versions), linting, type checking, security scanning, building, publishing to PyPI, and automated release creation..flake8and.banditconfiguration files for consistent linting and security checks, and integrated these tools into the workflow. [1] [2]Development Environment and Documentation:
README.mdwith a detailed development section, including environment setup, code quality tools usage, workflow instructions, and CI/CD overview.requirements-dev.txtfor streamlined installation of development dependencies and tooling.pyproject.tomlto include new development dependencies (e.g.,bandit,safety,build) and enhanced tool configurations for mypy, flake8, bandit, and coverage. [1] [2]Build and Quality Script Improvements:
scripts/build_helper.py, improving code clarity, error handling, and output formatting, and aligning commands with the documented workflow. [1] [2] [3] [4] [5] [6] [7]Minor Code and Test Adjustments:
Summary of Most Important Changes:
1. CI/CD and Security Automation
.github/workflows/ci.yml)..flake8and.banditconfig files and integrated them into the workflow for consistent code quality and security checks. [1] [2]2. Development Experience and Documentation
README.mdwith detailed setup, workflow, and code quality instructions for contributors.requirements-dev.txtfor easy installation of all development and code verification dependencies.3. Dependency and Tooling Updates
pyproject.tomlto include new development dependencies and enhanced tool configurations for mypy, flake8, bandit, and coverage. [1] [2]4. Build Helper Script Improvements
scripts/build_helper.py, improving usability, output, and alignment with the documented workflow. [1] [2] [3] [4] [5] [6] [7]5. Minor Code and Test Cleanup