遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/5988)
<a href="https://www.bestpractices.dev/projects/5988"><img src="https://www.bestpractices.dev/projects/5988/badge"></a>
Create Python Packages, with emphasis on CI/CD and automation, from a template.
https://github.com/boromir674/cookiecutter-python-package/blob/master/CONTRIBUTING.md
The main Architecture overview of the Software is on this URL: https://python-package-generator.readthedocs.io/en/master/topics/arch/
This page shows visualizations of the python components and its dependencies!
We also show the Docker Build process on this URL: https://python-package-generator.readthedocs.io/en/master/topics/development/build_process_DAG/
https://github.com/boromir674/cookiecutter-python-package#quickstart
We have enabled CI with the "read the docs server" (readthedocs.org) that builds and hosts new documentation on every commit on the "dev" and "master" branches. See https://python-package-generator.readthedocs.io/en/master/ for the docs See https://readthedocs.org/projects/python-package-generator/ for the readthedocs CI build configurations
We have a badge on the README.rst which is the landing page for the Project source code, hosted on Github. See https://github.com/boromir674/cookiecutter-python-package
We use Github
https://github.com/boromir674/cookiecutter-python-package/issues
There have been no vulnerabilities resolved in the last 12 months.
There is the CONTRIBUTING guide at https://github.com/boromir674/cookiecutter-python-package/blob/master/CONTRIBUTING.md And also we have enabled CI with the codacy server (see https://app.codacy.com/gh/boromir674/cookiecutter-python-package/dashboard?branch=master) that automatically run Checks, including coding style checks, on every pull request.
There are dedicated Pipelines running on Github Actions either triggered on push or PR events. There pipelines include Jobs that run FLOSS tools such as ruff, black and isort, which tools do static code analysis and also enforce coding styles (especially black and isort).
Here are some URLs of Github Actions Workflows that run Jobs which in turn enforce coding styles (using black and isort FLOSS tools): - https://github.com/boromir674/cookiecutter-python-package/actions/workflows/ci.yml - https://github.com/boromir674/cookiecutter-python-package/actions/workflows/test.yaml
This is not applicable to our build command, which is "python3 -m build"
This is met from our "build command": python3 -m build
We use pip for install/uninstall or git commands.
We use pip as our installation system. In the python ecosystem, pip honors the standard conventions for selecting the installation location.
We use tox to automate everything for developers.
All external dependencies are defined in pyproject.toml and/or setup.cfg. These files list the external dependencies in a computer-processable way when using standard "python build" modules (such as build, poetry, setuptools).
https://github.com/boromir674/cookiecutter-python-package/blob/master/setup.cfg https://github.com/boromir674/cookiecutter-python-package/blob/master/pyproject.toml
There is not applicable.
See referenece Github Action Workflow at: https://github.com/boromir674/cookiecutter-python-package/actions/workflows/test.yaml
There we can see the test suite run. Coverage is 93% percent and dedication to adding regression automated tests is followed.
There we can see the test suite run. Coverage is 93% percent.
See also badge in https://github.com/boromir674/cookiecutter-python-package where the 93% coverage is mentioned.
This is stated in the CONTRIBUTING guide. See https://github.com/boromir674/cookiecutter-python-package/blob/master/CONTRIBUTING.md
The policy of adding tests is described in https://github.com/boromir674/cookiecutter-python-package/blob/master/CONTRIBUTING.md
We do not suppress any warnings when running our CI: See "tox" and "github actions workflow" configuration files:
https://github.com/boromir674/cookiecutter-python-package/blob/master/.github/workflows/test.yaml https://github.com/boromir674/cookiecutter-python-package/blob/master/tox.ini
We run Bandit, which is an established python tool to check security/vulnerability issues on static code, on every Opened Pull request as part of the CI integration with Codacy. See: https://app.codacy.com/gh/boromir674/cookiecutter-python-package/dashboard
The project does not produce software written in a memory-unsafe language.
后退