Merged
Conversation
…ty tooling This commit implements two backlog tickets: TD-009: Dependency Security Scanning - Add Dependabot configuration for automated dependency updates (weekly) - Add pip-audit for vulnerability scanning - Create security scanning GitHub Actions workflow (runs weekly + on push/PR) - Add bandit for security code analysis - Create SECURITY.md with vulnerability reporting policy IMP-005: Code Quality Tooling - Add Black formatter (line length: 100) - Add isort for import sorting (Black profile) - Add Ruff linter with comprehensive rule sets - Add mypy for static type checking - Add pre-commit hooks for all quality tools - Create .editorconfig for cross-IDE consistency - Create code quality GitHub Actions workflow - Add CONTRIBUTING.md with developer guidelines Files Created: - .github/dependabot.yml - Dependabot configuration - .github/workflows/security.yml - Security scanning CI/CD - .github/workflows/code-quality.yml - Code quality CI/CD - .pre-commit-config.yaml - Pre-commit hooks - .editorconfig - Editor configuration - SECURITY.md - Security policy - CONTRIBUTING.md - Developer guidelines Files Modified: - pyproject.toml - Added dev dependencies and tool configurations - BACKLOG.md - Marked TD-009 and IMP-005 as completed Related to: TD-009, IMP-005
Update all GitHub Actions workflows to use the official astral-sh/setup-uv@v4 action instead of manually installing uv via pip. This provides: - Proper caching of uv and dependencies - Faster CI runs - Better integration with uv's ecosystem - Follows uv best practices for CI Changes: - Use astral-sh/setup-uv@v4 with enable-cache in all workflows - Remove pip cache configuration (uv handles caching) - Use `uv run` for all tool invocations - Add documentation to dependabot.yml about uv usage Workflows updated: - .github/workflows/security.yml (both jobs) - .github/workflows/code-quality.yml (all 4 jobs) Related: https://docs.astral.sh/uv/guides/integration/github/
Remove standalone SECURITY.md policy file and consolidate security information into CONTRIBUTING.md for simpler documentation structure. Changes: - Remove SECURITY.md file - Add security tools section to CONTRIBUTING.md (Dependabot, pip-audit, Bandit) - Update security best practices in CONTRIBUTING.md - Update BACKLOG.md to reflect actual files created The project still has all security scanning in place: - Dependabot for automated dependency updates - pip-audit for vulnerability scanning - Bandit for security code analysis - All running weekly + on push/PR via GitHub Actions
Update Dependabot configuration to use the new native "uv" package-ecosystem instead of "pip". As of March 2025, Dependabot officially supports uv in general availability. Benefits: - Direct uv.lock file updates - Proper uv workspace support - Better handling of uv-specific features - Official support from GitHub Changes: - package-ecosystem: "pip" → "uv" - Removed pip-specific `allow` configuration - Updated documentation comments with GA announcement link Reference: https://github.blog/changelog/2025-03-13-dependabot-version-updates-now-support-uv-in-general-availability/
|
- Fix source code linting errors (SIM108, ARG001, ARG005, F841, F601, E402, SIM102, SIM113, B007) - Fix test file linting errors (E402, E712, B007, F841, F401) - Address Bandit security warnings with appropriate #nosec comments - Fix nbqa-isort and nbqa-ruff configuration for notebooks - Configure ruff to ignore notebook-specific linting errors (F821, F403, F405, B018) - Exclude notebooks from regular ruff hook (handled by nbqa-ruff) - Exclude src/h3/ from mypy due to module name conflict
- Renamed the module to to resolve naming conflicts with the installed library. - Updated all relevant imports across the codebase, including , , and . - Modified to include in the packages list and removed the exclusion for . - Adjusted pre-commit configuration to reflect the changes in module structure. - Updated documentation to ensure consistency with the new module name.
- Updated type hints in multiple functions across the codebase to use more specific types, including dict[str, Any] and list[Path]. - Added assertions to ensure correct types are used in various functions, enhancing type safety. - Improved readability and maintainability of the code by clarifying expected data structures.
PhilipMathieu
deleted the
claude/backlog-imp-005-td-009-01U38o4p7D84W5Z4k8Uia52j
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add code quality and dependency scanning