Python Table Manners - A Clean Style @ PyCon CA 2019

Python Table Manners A Clean Style

Collaboration Note

$whoami Wei Lee / 李唯 Software Engineer @ Rakuten Slice
Volunteer @ PyCon TW @clleew Lee-W http://lee-w.github.io

PyCon Tour 2019 (Unexpected) 1.PyCon US ! 2.PyCon JP "
3.PyCon TW # 4.PyCon CA $

PyCon Tour 2019 (Unexpected) 1.PyCon US ! ⇦ First PyCon
Oversea 2.PyCon JP " 3.PyCon TW # 4.PyCon CA $

⇦ First Lightning Talk 3.PyCon TW # 4.PyCon CA $

3.PyCon TW # ⇦ First Volunteering 4.PyCon CA $

3.PyCon TW # 4.PyCon CA $ ⇦ First Regular Talk in a PyCon!

What I’m going to talk about • A brief introduction
of tools solving the following problems • Dependency Management • Testing • Style Check • Task Management • git commit • Security • Continuous Integration

Some examples come from rg-cli • pycontw/pycontw-postevent-report-generator • A PyCon
TW attendees data analyser • Work in progress. Welcome to contribute

I won’t cover…

Dependency Management

How we used to start a Python project python -m
venv ./venv source venv/bin/activate pip freeze >> requirements.txt

Looks good. Right?

Is this story familiar to you? Your code does not
work. But, it worked on my machine.

work. But, it worked on my machine. It seems you miss some dependencies.

work. But, it worked on my machine. It seems you miss some dependencies. Ahh… I forgot to activate the virtual environment when I tested it…

Sometimes we just forgot to… • Activate / deactivate virtual
environment • Add package into requirements.txt

Till…

Pipenv  Python Dev Workﬂow for Humans

Why Pipenv? • Virtual environments + Package management • No
more manual update dependencies  We use Pipﬁle and Pipﬁle.lock .

Initial Virtual Environment # Initial pipenv # Create Pipfile and
Pipfile.lock if not yet exist pipenv install

Empty Pipﬁle [[source]] name = "pypi" url = "https://pypi.org/simple" verify_ssl
= true [dev-packages] [packages] [requires] python_version = "3.7"

Install Package # Install package pipenv install <package>==<version> # Uninstall
package pipenv uninstall <package>

Pipﬁle with “requests” [[source]] name = "pypi" url = "https://pypi.org/simple"
verify_ssl = true [dev-packages] [packages] requests = “*" [requires] python_version = "3.7"

Pipﬁle.lock with “requests” { ...... "default": { ...... "requests": {
"hashes": [ "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4", "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31" ], "index": "pypi", "version": "==2.22.0" }, "urllib3": { "hashes": [ "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398", "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86" ], "version": "==1.25.6" } }, ...... }

Pipﬁle.lock with “requests” { ...... "default": { ...... "requests": {
"hashes": [ "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4", "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31" ], "index": "pypi", "version": "==2.22.0" }, "urllib3": { "hashes": [ "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398", "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86" ], "version": "==1.25.6" } }, ...... } You’re guaranteed to install the exact same package next time.

Install package only in dev # Install dev only package
pipenv install <package>==<version> --dev

Pipﬁle with “pytest" [[source]] name = "pypi" url = "https://pypi.org/simple"
verify_ssl = true [dev-packages] pytest = "*" [packages] requests = "*" [requires] python_version = "3.7"

Run in virtual environment # Run command inside pipenv shell
pipenv run <Command> # e.g. pipenv run python your_program.py

I don’t recommend using • Reason 1: You might accidentally
install something inside the environment through   pip install • Reason 2: You can do almost anything through pipenv run <command> pipenv shell

Testing Don't let your customer debug for you

Add new features to a project without tests is like…

unittest   Unit testing framework in Python Standard Library

Pytest

Why pytest • More Pythonic • Compatible with old unittest
tests • No boilerplate code required • No more assert.+ (e.g., assertEqual), just assert • Better test discovery • Advance features: mark, parameterize and etc. • Plenty of plugins

Running unittest in rg-cli python -m unittest discover -s ./
-p 'test_*.py' !"" test … #"" test_sponsor.py !"" test_title.py

Well… It’s not all unittest’s fault. • test directory need
to be a package  (even for pytest)        • After that we can use python -m unittest !"" test #"" __init__.py ... #"" test_sponsor.py !"" test_title.py

Running pytest in rg-cli pytest

Run test in pytest pipenv install pytest --dev pipenv run
pytest After using pipenv (or any other virtual environment tool), you should always run in a virtual environment. Note that I won’t add the pipenv run preﬁx future pages.

unittest style tests import unittest from atta.partner import sponsor class
TestSponsor(unittest.TestCase): def setUp(self): sponsors = sponsor.get_all_sponsors('./data/packages.yaml', './data/sponsors.yaml') self.sponsors = sponsors ...... def test_sponsor_number(self): self.assertEqual(len(self.sponsors), 1) .......

pytest style tests import pytest from report_generator.partner import sponsor class
TestSponsor: @pytest.fixture(scope="class") def sponsors(self): return sponsor.get_all_sponsors("test/data/packages.yaml", “test/data/sponsors.yaml") ...... def test_sponsor_number(self, sponsors): assert len(sponsors) == 1 ......

pytest style tests import pytest from report_generator.partner import sponsor @pytest.fixture(scope="class")
def sponsors(): return sponsor.get_all_sponsors("test/data/packages.yaml", "test/data/sponsors.yaml") def test_sponsor_number(sponsors): assert len(sponsors) == 1

Pytest - powerful plugins • pytest-mock: Replace objects that are
hard to test with fake objects • pytest-cov: Generate test coverage report • pytest-xdist: Distributed testing • and etc.

Style Check Check syntax correctness and make your code Pythonic

Style check tools • Check syntax and coding style •
Flake8 • Pylint • Static Typing • Mypy

Flake8

• Run Flake8 • Code to Check    • Warning
Run Flake8 import os os = "My Operating system" ./bad_code.py:4:1: F811 redefinition of unused 'os' from line 1 ./bad_code.py:4:5: E222 multiple spaces after operator flake8

Conﬁg Flake8 - .ﬂake8 [flake8] ignore = # F632: use
==/!= to compare str, bytes, and int literals F632, max-line-length = 119

Pylint

Config Pylint - .pylintrc • Run Pylint • Generate default
config file  • What I usually config in my .pylintrc pylint --generate-rcfile >> .pylintrc ... disable=print-statement, ... max-line-length=119 pylint <package> ......

Flake8 v.s. Pylint • Flake8: Faster • Pylint: Stricter and
more optional • How do I use them? • Enforce ﬂake8 but run pylint for reference only

Run mypy mypy -p <package> -p <package> ...... --ignore-missing-imports

Run mypy - code to check from typing import List
def func(val: List[str]): print(val) func([1, 2, 3])

Run mypy - Error Message wrong_type_hint.py:8: error: List item 0
has incompatible type "int"; expected “str” wrong_type_hint.py:8: error: List item 1 has incompatible type "int"; expected “str" wrong_type_hint.py:8: error: List item 2 has incompatible type "int"; expected "str"

One step forward Fix the style automatically

Run Black black <package> ...

How Black reformat

Why Black? • It’s not conﬁgurable.

Why Black? • It’s not conﬁgurable. No more arguing about
which style is better

–The Zen of Python, by Tim Peters “There should be
one-- and preferably only one --obvious way to do it.”

How I combine these tools pipenv run black -l 119
<package> pipenv run flake8 pipenv run mypy -p <package> --ignore-missing-imports pipenv run pylint <package>

Task Management Break the loop and repeat no more

Invoke • Task execution tool that can manage your commands.
• It’s like Makeﬁle in Python. • No more type or memorize long commands!

Before invoke in rg-cli

After invoke in rg-cli

List all commands inv -l

How ? - tasks.py from invoke import task PIPENV_PREFIX =
"pipenv run" ...... @task def install(cmd): """Install script in pipenv environment""" cmd.run(f"{PIPENV_PREFIX} python setup.py install")

Modulize - Namespace #"" tasks $ #"" __init__.py $ #""
build.py $ #"" common.py $ #"" env.py $ #"" style.py $ !"" test.py

Autocomplete inv --print-completion-script=zsh >> ~/.zshrc

Why not use Makeﬁle? 1.We’re Python developers! 2.Some tasks might
not be easy to handle through shell script. 3.Python + Shell Script  It’s the best of the both world!

Commit message A clear way back to the past

If you’re like him…

You’ll hate yourself when you need to roll back your
code.

Commitizen

Commitizen in Python

Commit - cz commit type of this change

Commit - cz commit scope of this change

Commit - cz commit  a short description

Regulated git commits

Other Commitizen features • Bump version automatically based on commits
• Customizable commit rules

Other Commitizen features • Bump version automatically based on commits
• Customizable commit rules • Auto generate changelog (WIP)

Let’s Sprint!

Security

Safety Dependency Checking

Check vulnerability in current environment safety check

But if you use pipenv … pipenv check

How does Safety work? • Search the vulnerability in CVS
  (Common Vulnerabilities and Exposures) • Free DB: update monthly • Paid DB: update realtime

Bandit Static Analysis

Check Common Security Issue in Python Code bandit -r <package>

Not all the warnings should be ﬁxed • Use bandit
as a reference.

Skip the warning in bandit • Add # nosec after
the line code • Conﬁg in .bandit

Continuous Integration Assemble all the trivial steps

Why Drone • Plenty of Plugins • CI conﬁguration as
code • Easy to conﬁg • Container-based • Run on local easily ($ drone exec) • Easy to setup

Install drone-cli

Drone in rg-cli

Conﬁg Drone - .drone.yml --- kind: pipeline type: docker name:
default steps: - name: setup image: python:3.7-slim pull: if-not-exists volumes: - name: system_dependencies path: /usr/local - name: virtual_env path: /root/.local/share/virtualenvs commands: - pip install pipenv invoke - inv env.init-dev    ...   volumes: - name: system_dependencies temp: {} - name: virtual_env temp: {}

Conﬁg Drone - .drone.yml - name: check package security image:
python:3.7-slim pull: if-not-exists volumes: - name: system_dependencies path: /usr/local - name: virtual_env path: /root/.local/share/virtualenvs commands: - inv secure depends_on: - setup

Run CI locally drone exec

What you need to do next 1.Push your code change
to your remote git repo 2.Let drone check automatically 3. 4.Celebrate

Conclusion 1. Initial project and install packages through pipenv 2.
Write unit tests to ensure functionality correctness and run pytest 3. Format your code through black 4. Check coding style through ﬂake8, pylint, mypy 5. Manage all the commands through invoke 6. Regulate commit message through commitizen

Conclusion (Cont.) 7. Check vulnerability through Safety and bandit 8.
Setup Drone CI on your remote git repo and let it check for you automatically

Tools • Dependency Management • Poetry: Manage packages and support
package releasing (replace setup.py) • pip-tools: Compile requirements to pin package versions and without leaving pip and venv

Tools • Testing • Hypothesis • nox • Project Creation
• Cookiecutter • PyScaffold

Related Talks • Dependency Management • Tzu-ping Chung - 這樣的開發環境沒問題嗎？
(PyCon TW 2018) • Kenneth Reitz - Pipenv: The Future of Python Dependency Management (PyCon US 2018) • Style Check • Kyle Knapp - Automating Code Quality - Kyle Knapp (PyCon US 2018) • Task Managements • Thea Flowers - Break the Cycle: Three excellent Python tools to automate repetitive tasks (PyCon US 2019)

Related Talks • Test • Chun-Yu Tseng - 快快樂樂成為 Coding
Ninja (by pytest) (PyCon APAC 2015) • Florian Bruhin – Pytest: Rapid Simple Testing (Swiss Python Summit 16) • Security • Terri Oda - Python Security Tools (PyCon US 2019) • Tennessee Leeuwenburg - Watch out for Safety Bandits! (PyCon AU 2018) • Multiple Topic • Dustin Ingram - Modern development environments for Pythonistas (PyCon JP 2019)

Python Table Manners - A Clean Style @ PyCon CA...

Python Table Manners - A Clean Style @ PyCon CA 2019

More Decks by Lee Wei

Other Decks in Technology

Featured

Transcript