QA

We try to keep our quality standards high. So, we use different tools to make this possible.

First of all, we use mypy for optional static typing.

We are also using radon and xenon to measure code complexity and quality.

We use bandit for static security checks.

radon

Rules

Here are our standards:

  • A single block of code can not go below B mark
  • A single module can not go below A mark
  • Overall mark can not go below A mark

If your commit breaks this rule: well, the build won’t succeed.

Running code analysis

There are several metrics we use.

Cyclomatic Comlexity:

radon cc . -a

Maintainability Index:

radon mi .

And at last but not least, raw metrics:

radon raw .

Running validation

If you would like to run QA by hand:

xenon --max-absolute B --max-modules A --max-average A .

It will return status code 0 if everything is fine.

mypy

Running mypy is required before any commit:

mypy server

This will eliminate a lot of possible TypeError and other issues. However, this will not make code 100% working. So, testing and reviewing is still required.

mypy is configured via setup.cfg. Read the docs for more information.

bandit

Running bandit is required before any commit:

bandit -r server

This will find possible XSS errors, insecure operations, and other issues. Read the docs for bandit.