Ruff config #1049
Ruff config #1049
Conversation
c0rydoras
force-pushed
the
ruff-config
branch
4 times, most recently
from
de7d763 to
16105aa
Compare
c0rydoras
force-pushed
the
ruff-config
branch
2 times, most recently
from
ef1270c to
3d61393
Compare
There was a problem hiding this comment.
An interesting experiment, enabling all these checks! I think however that some of them are maybe a bit too eager, and don't really add anything of value. Not every rule available is actually useful.
I've added some comments where I think the rules go too far. Consider reverting the affected changes (Note I've only commented maybe once or twice per type of change, not on every change affected by the rule.
Also, and most importantly: Please extend your commit messages and comments a bit, so future readers know why something was done - not just oneliners.
timed/projects/migrations/0017_alter_billingtype_options_alter_costcenter_options_and_more.py
Outdated
Show resolved
Hide resolved
|
I'm not sure how to handle Warning DJ001 Avoid using It would require a migration (if the null=True) gets dropped and might break something (don't know for sure tho) |
I think i agree with DJ001 per se as well as with your reasoning why this might need more consideration. Let's deactivate this one for now and defer it to future us with a new issue. edit: link for TODO comment: adfinis/timed#23 |
That's DB design dogma however. I do agree with it in the general case, but I think that check just goes too far. As you noted, we can do it in a separate PR sometimes, but just for the linter's sake, it's not the right thing to do |
|
timed/subscription/admin.py:27:38: S324 Probable use of insecure hash functions in class CustomerPassword(models.Model):
"""Password per customer used for login into SySupport portal.
Password are only hashed with md5. This model will be obsolete
once customer center will go live.
"""Can this be dropped, respectively ignored and dropped in a separate PR? Since https://github.com/adfinis/customer-center does exist |
I'm not 100% if this is still in use or not. It looks like it was part of the old SySupport portal and might have been replaced with a proper solution when the portal was migrated to being an Ember based frontend. If this is in fact the case then we should create an issue to track the codes removal. Maybe @winged or @trowik know if it's still needed? |
I'm also not 100% sure, but I'd say it's safe to remove it in another PR. |
There was a problem hiding this comment.
i think this is shaping up nicely and we should proceed with merging it while deferring further improvements to later PRs.
As it stands, this already activates many rules that will help keep the code base clean going forward as well as stomping several potential bugs.
tests: move unused fixtures to `usefixtures` conftest: ignore ARG001 for db fixture tracking: use named arguments for boolean (rejected)
serializers: added docstrings to files serializers: ClassVar[dict[str, str]] annotation for included_serializers views: make ordering tuple if its not already a tuple
move __str__'s from sphinx-doc to type annotations move worktime_per_day and similar properties/lazy_attributes from sphinx-doc to annotations serializers: move validate, clean from sphinx-doc to type annotations
Co-authored-by: David Vogt <[email protected]>
while editing code to make ruff happy about unused variables i ended up replacing unused args/kwargs with *args, **kwargs, this commit reverts this to use the argname with an underscore wherever possible
Um, same :) I promised @c0rydoras that i wold do some light catching up on PEPs wrt to typing, specifically wrt to the previously unknown to me string form, and i discovered a rabbit hole of PEPs that i have yet to go down fully having previously focused on getting started with typing and not deep typing. I still have some reading to do, while i'm not (yet?) convinced that the string for is pythonic, i do think Basically, the import section has long been a part of my code that i do inspect, but i rarely write it on my own. either my IDE just add the required imports or i write them in any (isort violating) order and ruff fixes whatever i am too lazy to consider at the time of writing. Given this hand-off approach to handling imports, the I've run into situations where i refactor the code and a dependency was "ruffed" to move my import into the block, this helps demonstrate that i was successful at reducing the coupling between the component under refactor and what i was working on. Anyways.... @c0rydoras proposed to today that he would love to merge this in the near term and followup on typing discussions in #1054 and I kinda agree with him. I think this discussion is highly valuable and don't consider it bike-shedding at all. In my opinion we can start safely using some typing without the resulting code being highly un-pythonic. I created #1054 because i see considerable value where typing can help us get rid of several low-level incorrectness's in our code base. For this PR to get merged ASAP, which i am highly favorable of since it seems to be correct and not introduce and defects i think we have two options:
To no surprise i'm in favour of the latter option. The plan is to tackle #1054 right once this is landed. We should also prepare the typing discussion so we can find consensus/input with a broader audience of stake holders to any policy here. langer rede kurzer sinn, 🥺 👉 👈 does this address your concerns? |
|
I absolutely agree with you @hairmare - The thing I'm most scared about with this strict Ruff config is that we stop questioning the rules in cases where they don't make sense, and apply patterns just to satisfy the linter. We've seen this a few times in this PR (not blaming @c0rydoras at all): It's often difficult to see if a linter complaint is a valid criticism or something that should be acceptable in this particular situation. So in a weird sense having stricter linting solves a problem but introduces a new one: While earlier you had to rely on experience/knowledge to figure out whether a code structure/pattern/whatever is "good", you now have to rely on experience/knowledge/common-sense to figure out whether a linter complaint is "good". Not sure which one is preferrable. For example the whole tuple-vs-list discussion we had here: I think tuples are harder to read and easier to make mistakes with, for the (slight) benefit of them being readonly (but still replaceable) Regarding type hints - I think it's a glorious idea, and it makes my life (via IDE/LSP/tooling) much better, but: Python will never be a strictly, fully-typed language, so I'm quite happy to make the move rather gradual, and omit it where it's just cluttering up the code without real benefit. So, in conclusion:
I'm OK with merging this PR soon-ish - I'll have a final look over it and approve if I don't see any more issues |
| @@ -12,13 +12,10 @@ | |||
|
|
|||
|
|
|||
| class TimedOIDCAuthenticationBackend(OIDCAuthenticationBackend): | |||
| def get_introspection(self, access_token, id_token, payload): | |||
| def get_introspection(self, access_token, _id_token, _payload): | |||
There was a problem hiding this comment.
Just a note (no change required): This naming pattern really only works when the method is called with positional args. We'll have to be careful to check the call sites in such cases - especially if it's implementing a protocol / defined API or overriding a base class' implementation
| qs = qs[: int(value)] | ||
|
|
||
| return qs | ||
| return qs[: int(value)] |
There was a problem hiding this comment.
This whole filter is kind of smelly - should be cleaned up in a separate PR:
- It's not a filter only
- It does implicit ordering
- It does implicit "pagination"
To make it work properly, this will need corresponding fixes in the frontend as well I think
|
@winged how would you merge this? I'd be in favour of squashing it and then using the |
No description provided.