feat(quality): add ruff/mypy/bandit tooling and fix all issues#73
Merged
Conversation
- pyproject.toml: ruff, mypy strict, bandit, pip-audit (no vulns) - .pre-commit-config.yaml: ruff, bandit, mypy, betterleaks, hooks - .github/workflows/quality.yml: CI via uv + pre-commit Fixes across 22 files: - S108 /tmp paths → tempfile.NamedTemporaryFile - S110 bare except → log.debug - S113 requests.get missing timeout - F821 undefined warn() → info() in github-deploy-key.py - F841 unused key_is_new assignments - E501 line-length violations throughout - CustomLogger subclass so mypy resolves log.success() cleanly - CompletedProcess[str] type args on executor return types - argparse.Namespace type on setup_fake_le/setup_ollama args param - run_quiet= kwarg bug in virtmachine (was quiet=, silently wrong) - wildcard import → explicit from lib.constants import VENVDIR Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pyproject.tomlwith ruff, mypy (strict), bandit, pip-audit config.pre-commit-config.yaml(ruff, bandit, mypy, betterleaks, standard hooks).github/workflows/quality.ymlCI (uv + pre-commit, runs on push/PR)Key fixes
run_quiet=kwarg invirtmachine.py(wasquiet=, silently did nothing); undefinedwarn()ingithub-deploy-key.py(F821)/tmphardcoded paths →tempfile.NamedTemporaryFile(S108);requests.getmissing timeout (S113); bareexcept: pass→log.debug(S110)CustomLoggersubclass so mypy strict resolveslog.success()cleanly;CompletedProcess[str]type args;argparse.Namespaceon untypedargsparamsTest plan
uv run pre-commit run --all-filespassesuv run mypy --package lib --package setup_machine— no issuesuv run ruff check .— no issuesuv run bandit -c pyproject.toml -r lib setup_machine.py -ll— no issuesuv run pip-audit— no known vulnerabilities