Ideas from ChatGPT:
- Linting: Beyond formatting, linting helps catch potential errors and enforces coding standards. Tools like
flake8 or pylint can be used alongside black and isort.
- Static Analysis: Tools like
mypy for type checking or bandit for finding common security issues can catch errors that are not detected by linters.
- Code Coverage: Ensure that your tests cover a high percentage of your codebase with tools like
coverage.py. This can be integrated to fail the build if the coverage falls below a certain threshold.
- Dependency Checks: Use tools like
pip-audit for Python to check for known vulnerabilities in your project dependencies.
- Code Quality Metrics: Consider integrating a tool like
SonarCloud or CodeClimate to keep track of technical debt and code complexity.
- Documentation Checks: If you have project documentation (for example, with Sphinx), ensure it builds correctly and detect broken links.
- Performance Benchmarking: If your project's performance is crucial, incorporate benchmarks to detect performance regressions.
Here's a sample snippet for a GitHub Action workflow including some of these suggestions:
name: Python CI
on:
pull_request:
push:
branches:
- main
paths:
- '**.py'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.8'
- name: Install dependencies
run: |
pip install -r requirements.txt
pip install black isort flake8 mypy coverage
- name: Check code formatting with black
run: black --check .
- name: Sort import statements with isort
run: isort --check-only .
- name: Lint with flake8
run: flake8 .
- name: Static type-checking with mypy
run: mypy .
- name: Run pytest with coverage
run: |
coverage run -m pytest
coverage report --fail-under=80
- name: Check for security issues with bandit
run: bandit -r .
Ideas from ChatGPT:
flake8orpylintcan be used alongsideblackandisort.mypyfor type checking orbanditfor finding common security issues can catch errors that are not detected by linters.coverage.py. This can be integrated to fail the build if the coverage falls below a certain threshold.pip-auditfor Python to check for known vulnerabilities in your project dependencies.SonarCloudorCodeClimateto keep track of technical debt and code complexity.Here's a sample snippet for a GitHub Action workflow including some of these suggestions: