Update quality tools.

- Add pyproject-fmt to quality tools. - Remove safety from quality tools. Closes #8928.
ICTU · Jun 14, 2024 · 6c47828 · 6c47828
1 parent ba8c7ae
commit 6c47828
Show file tree

Hide file tree

Showing 24 changed files with 361 additions and 145 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -10,7 +10,7 @@ jobs:
         auth:
           username: $DOCKERHUB_USERNAME
           password: $DOCKERHUB_PASSWORD
-    parallelism: 5
+    parallelism: 6
     steps:
       - checkout
       - run: |
@@ -19,7 +19,8 @@ jobs:
             1) component=components/notifier;;
             2) component=components/api_server;;
             3) component=components/shared_code;;
-            4) component=tests/feature_tests;;
+            4) component=tests/application_tests;;
+            5) component=tests/feature_tests;;
           esac
           cd $component
           mkdir -p build
@@ -36,6 +37,10 @@ jobs:
           path: components/api_server/build
       - store_artifacts:
           path: components/shared_code/build
+      - store_artifacts:
+          path: components/application_tests/build
+      - store_artifacts:
+          path: components/feature_tests/build
 
   unittest_frontend:
     docker:
@@ -65,6 +70,18 @@ jobs:
           ci/unittest.sh
           ci/quality.sh
 
+  unittest_release:
+    machine:
+      image: default
+    steps:
+      - checkout
+      - run: |
+          cd release
+          python3 -m venv venv
+          . venv/bin/activate
+          ci/pip-install.sh
+          ci/quality.sh
+
   application_tests:
     machine:
       image: default

diff --git a/.github/workflows/application-tests-quality.yml b/.github/workflows/application-tests-quality.yml
@@ -0,0 +1,27 @@
+name: Application tests quality
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/[email protected]
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - name: Install dependencies
+      run: |
+        cd tests/application_tests
+        ci/pip-install.sh
+    - name: Test
+      run: |
+        cd tests/application_tests
+        ci/unittest.sh
+    - name: Quality
+      run: |
+        cd tests/application_tests
+        ci/quality.sh
diff --git a/.github/workflows/release-quality.yml b/.github/workflows/release-quality.yml
@@ -0,0 +1,22 @@
+name: Release script quality
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/[email protected]
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - name: Install dependencies and run quality checks
+      run: |
+        cd release
+        python -m venv venv
+        . venv/bin/activate
+        ci/pip-install.sh
+        ci/quality.sh
diff --git a/components/api_server/ci/quality.sh b/components/api_server/ci/quality.sh
@@ -15,15 +15,6 @@ run pipx run `spec mypy` --python-executable=$(which python) src
 # pip-audit
 run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements.txt -r requirements/requirements-dev.txt
 
-# Safety
-# Vulnerability ID: 67599
-# ADVISORY: ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the
-# highest version number, even if the user had intended to obtain a private package from a private index. This only
-# affects use of the --extra-index-url option, and exploitation requires that the...
-# CVE-2018-20225
-# For more information about this vulnerability, visit https://data.safetycli.com/v/67599/97c
-run pipx run `spec safety` check --bare --ignore 67599 -r requirements/requirements.txt -r requirements/requirements-dev.txt
-
 # Bandit
 run pipx run `spec bandit` --quiet --recursive src/
 

diff --git a/components/api_server/pyproject.toml b/components/api_server/pyproject.toml
@@ -29,7 +29,6 @@ tools = [
     "mypy==1.10.0",
     "pip-audit==2.7.3",
     "ruff==0.4.8",
-    "safety==3.2.3",
     "vulture==2.11"
 ]
 

diff --git a/components/collector/ci/quality.sh b/components/collector/ci/quality.sh
@@ -16,15 +16,6 @@ run pipx run `spec mypy` --python-executable=$(which python) src tests
 # See https://github.com/aio-libs/aiohttp/issues/6772 for why we ignore the CVE
 run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements.txt -r requirements/requirements-dev.txt
 
-# Safety
-# Vulnerability ID: 67599
-# ADVISORY: ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the
-# highest version number, even if the user had intended to obtain a private package from a private index. This only
-# affects use of the --extra-index-url option, and exploitation requires that the...
-# CVE-2018-20225
-# For more information about this vulnerability, visit https://data.safetycli.com/v/67599/97c
-run pipx run `spec safety` check --bare --ignore 67599 -r requirements/requirements.txt -r requirements/requirements-dev.txt
-
 # Bandit
 run pipx run `spec bandit` --quiet --recursive src/
 

diff --git a/components/collector/pyproject.toml b/components/collector/pyproject.toml
@@ -29,7 +29,6 @@ tools = [
     "mypy==1.10.0",
     "pip-audit==2.7.3",
     "ruff==0.4.8",
-    "safety==3.2.3",
     "vulture==2.11"
 ]
 

diff --git a/components/notifier/ci/quality.sh b/components/notifier/ci/quality.sh
@@ -16,15 +16,6 @@ run pipx run `spec mypy` --python-executable=$(which python) src
 # See https://github.com/aio-libs/aiohttp/issues/6772 for why we ignore the CVE
 run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements.txt -r requirements/requirements-dev.txt
 
-# Safety
-# Vulnerability ID: 67599
-# ADVISORY: ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the
-# highest version number, even if the user had intended to obtain a private package from a private index. This only
-# affects use of the --extra-index-url option, and exploitation requires that the...
-# CVE-2018-20225
-# For more information about this vulnerability, visit https://data.safetycli.com/v/67599/97c
-run pipx run `spec safety` check --bare --ignore 67599 -r requirements/requirements.txt -r requirements/requirements-dev.txt
-
 # Bandit
 run pipx run `spec bandit` --quiet --recursive src/
 

diff --git a/components/notifier/pyproject.toml b/components/notifier/pyproject.toml
@@ -22,7 +22,6 @@ tools = [
     "mypy==1.10.0",
     "pip-audit==2.7.3",
     "ruff==0.4.8",
-    "safety==3.2.3",
     "vulture==2.11"
 ]
 

diff --git a/components/shared_code/ci/quality.sh b/components/shared_code/ci/quality.sh
@@ -18,15 +18,6 @@ run $PIPX_BIN_DIR/mypy src --python-executable=$(which python)
 # pip-audit
 run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements-dev.txt
 
-# Safety
-# Vulnerability ID: 67599
-# ADVISORY: ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the
-# highest version number, even if the user had intended to obtain a private package from a private index. This only
-# affects use of the --extra-index-url option, and exploitation requires that the...
-# CVE-2018-20225
-# For more information about this vulnerability, visit https://data.safetycli.com/v/67599/97c
-run pipx run `spec safety` check --bare --ignore 67599 -r requirements/requirements-dev.txt
-
 # Bandit
 run pipx run `spec bandit` --quiet --recursive src/
 

diff --git a/components/shared_code/pyproject.toml b/components/shared_code/pyproject.toml
@@ -26,7 +26,6 @@ tools = [
     "pip-audit==2.7.3",
     "pydantic==2.7.4",  # Needed because pipx needs to inject Pydantic into the mpyp venv, see ci/quality.sh
     "ruff==0.4.8",
-    "safety==3.2.3",
     "vulture==2.11"
 ]
 

diff --git a/docs/ci/quality.sh b/docs/ci/quality.sh
@@ -18,15 +18,18 @@ run pipx install --force `spec mypy`  # --force works around this bug: https://g
 run pipx inject mypy `spec pydantic`
 run $PIPX_BIN_DIR/mypy src --python-executable=$(which python)
 
+# Pyproject-fmt
+run pipx run `spec pyproject-fmt` --check pyproject.toml
+
 # Vale
 run pipx run `spec vale` sync
 run pipx run `spec vale` --no-wrap src/*.md
 
 # pip-audit
 run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements.txt -r requirements/requirements-dev.txt
 
-# Safety
-run pipx run `spec bandit` --quiet --recursive src/
+# Bandit
+run pipx run `spec bandit` --configfile pyproject.toml --quiet --recursive src/
 
 # Vulture
 run pipx run `spec vulture` --min-confidence 0 src/ tests/ .vulture_ignore_list.py
diff --git a/docs/pyproject.toml b/docs/pyproject.toml
@@ -1,36 +1,94 @@
 [project]
 name = "docs"
 version = "5.13.0"
+requires-python = ">=3.12"
+classifiers = [
+    "Programming Language :: Python :: 3 :: Only",
+    "Programming Language :: Python :: 3.12",
+]
 dependencies = [
     "furo==2023.9.10",
     "gitpython==3.1.43",
     "myst-parser==2.0.0",
-    "pydantic==2.7.4",  # Needed for generating the reference docs from the data model
-    "Sphinx==7.2.6",
+    "pydantic==2.7.4",          # Needed for generating the reference docs from the data model
+    "sphinx==7.2.6",
     "sphinx-copybutton==0.5.2",
-    "sphinx_design==0.5.0"
+    "sphinx-design==0.5.0",
 ]
-
-[project.optional-dependencies]
-dev = [
+optional-dependencies.dev = [
     "coverage==7.3.4",
     "pip==24.0",
+    "pip-tools==7.4.1",              # To add hashes to requirements
     "pipx==1.6.0",
-    "pip-tools==7.4.1",  # To add hashes to requirements
-    "unittest-xml-reporting==3.2.0",  # Needed to generate JUnit XML output for Sonarcloud.io
+    "unittest-xml-reporting==3.2.0", # Needed to generate JUnit XML output for Sonarcloud.io
 ]
-tools = [
+optional-dependencies.tools = [
     "bandit==1.7.9",
     "fixit==2.1.0",
     "mypy==1.10.0",
     "pip-audit==2.7.3",
-    "pydantic==2.7.4",  # Needed because pipx needs to inject Pydantic into the mpyp venv, see ci/quality.sh
+    "pydantic==2.7.4",      # Needed because pipx needs to inject Pydantic into the mpyp venv, see ci/quality.sh
+    "pyproject-fmt==2.1.3",
     "ruff==0.4.8",
-    "safety==3.2.3",
-    "vale==3.0.3.0",  # Documentation grammar and style checker
-    "vulture==2.11"
+    "vale==3.0.3.0",        # Documentation grammar and style checker
+    "vulture==2.11",
 ]
 
+[tool.ruff]
+target-version = "py312"
+line-length = 120
+src = [
+    "src",
+]
+lint.select = [
+    "ALL",
+]
+lint.ignore = [
+    "ANN101", # https://docs.astral.sh/ruff/rules/missing-type-function-argument/ - type checkers can infer the type of `self`, so annotating it is superfluous
+    "COM812", # https://docs.astral.sh/ruff/rules/missing-trailing-comma/ - this rule may cause conflicts when used with the ruff formatter
+    "D203",   # https://docs.astral.sh/ruff/rules/one-blank-line-before-class/ - prevent warning: `one-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. Ignoring `one-blank-line-before-class`
+    "D213",   # https://docs.astral.sh/ruff/rules/multi-line-summary-second-line/ - prevent warning: `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. Ignoring `multi-line-summary-second-line`
+    "FBT",    # https://docs.astral.sh/ruff/rules/#flake8-boolean-trap-fbt - not sure of the value of preventing "boolean traps"
+    "ISC001", # https://docs.astral.sh/ruff/rules/single-line-implicit-string-concatenation/ - this rule may cause conflicts when used with the ruff formatter
+    "PD",     # https://docs.astral.sh/ruff/rules/#pandas-vet-pd - pandas isn't used
+    "PT",     # https://docs.astral.sh/ruff/rules/#flake8-pytest-style-pt - pytest isn't used
+]
+lint.per-file-ignores.".vulture_ignore_list.py" = [
+    "ALL",
+]
+lint.per-file-ignores."__init__.py" = [
+    "D104", # https://docs.astral.sh/ruff/rules/undocumented-public-package/ - don't require doc strings in __init__.py files
+]
+lint.per-file-ignores."src/conf.py" = [
+    "INP001", # https://docs.astral.sh/ruff/rules/implicit-namespace-package/ - false positive because this is a configuration file
+]
+lint.per-file-ignores."src/create_reference_md.py" = [
+    "INP001", # https://docs.astral.sh/ruff/rules/implicit-namespace-package/ - false positive because this is a script
+]
+lint.per-file-ignores."tests/**/*.py" = [
+    "ANN201", # https://docs.astral.sh/ruff/rules/missing-return-type-undocumented-public-function/ - don't require test functions to have return types
+]
+lint.isort.section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "second-party",
+    "first-party",
+    "tests",
+    "local-folder",
+]
+lint.isort.sections.second-party = [
+    "shared",
+    "shared_data_model",
+]
+lint.isort.sections.tests = [
+    "tests",
+]
+
+[tool.pyproject-fmt]
+indent = 4
+keep_full_version = true # Remove trailing zero's from version specifiers?
+
 [tool.mypy]
 plugins = "pydantic.mypy"
 ignore_missing_imports = false
@@ -46,43 +104,3 @@ generate_hashes = true
 quiet = true
 strip_extras = true
 upgrade = true
-
-[tool.ruff]
-target-version = "py312"
-line-length = 120
-src = ["src"]
-
-[tool.ruff.lint]
-select = ["ALL"]
-ignore = [
-    "ANN101",  # https://docs.astral.sh/ruff/rules/missing-type-function-argument/ - type checkers can infer the type of `self`, so annotating it is superfluous
-    "COM812",  # https://docs.astral.sh/ruff/rules/missing-trailing-comma/ - this rule may cause conflicts when used with the ruff formatter
-    "D203",    # https://docs.astral.sh/ruff/rules/one-blank-line-before-class/ - prevent warning: `one-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. Ignoring `one-blank-line-before-class`
-    "D213",    # https://docs.astral.sh/ruff/rules/multi-line-summary-second-line/ - prevent warning: `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. Ignoring `multi-line-summary-second-line`
-    "FBT",     # https://docs.astral.sh/ruff/rules/#flake8-boolean-trap-fbt - not sure of the value of preventing "boolean traps"
-    "ISC001",  # https://docs.astral.sh/ruff/rules/single-line-implicit-string-concatenation/ - this rule may cause conflicts when used with the ruff formatter
-    "PD",      # https://docs.astral.sh/ruff/rules/#pandas-vet-pd - pandas isn't used
-    "PT",      # https://docs.astral.sh/ruff/rules/#flake8-pytest-style-pt - pytest isn't used
-]
-
-[tool.ruff.lint.isort]
-section-order = ["future", "standard-library", "third-party", "second-party", "first-party", "tests", "local-folder"]
-
-[tool.ruff.lint.isort.sections]
-"second-party" = ["shared", "shared_data_model"]
-"tests" = ["tests"]
-
-[tool.ruff.lint.per-file-ignores]
-".vulture_ignore_list.py" = ["ALL"]
-"__init__.py" = [
-    "D104",  # https://docs.astral.sh/ruff/rules/undocumented-public-package/ - don't require doc strings in __init__.py files
-]
-"src/conf.py" = [
-    "INP001",  # https://docs.astral.sh/ruff/rules/implicit-namespace-package/ - false positive because this is a configuration file
-]
-"src/create_reference_md.py" = [
-    "INP001",  # https://docs.astral.sh/ruff/rules/implicit-namespace-package/ - false positive because this is a script
-]
-"tests/**/*.py" = [
-    "ANN201",  # https://docs.astral.sh/ruff/rules/missing-return-type-undocumented-public-function/ - don't require test functions to have return types
-]
diff --git a/release/ci/quality.sh b/release/ci/quality.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+source ../ci/base.sh
+
+# Ruff
+run pipx run `spec ruff` check .
+run pipx run `spec ruff` format --check .
+
+# Fixit
+run pipx run `spec fixit` lint *.py
+
+# Mypy
+run pipx run `spec mypy` --python-executable=$(which python) *.py
+
+# Pyproject-fmt
+run pipx run `spec pyproject-fmt` --check pyproject.toml
+
+# pip-audit
+run pipx run `spec pip-audit` --strict --progress-spinner=off -r requirements/requirements.txt -r requirements/requirements-dev.txt
+
+# Bandit
+run pipx run `spec bandit` --configfile pyproject.toml --quiet --recursive *.py
+
+# Vulture
+run pipx run `spec vulture` --min-confidence 0 *.py