/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

A Modern DevSecOps-centric Cookiecutter template for Python packages and/or projects

Primary LanguageMakefileApache License 2.0Apache-2.0

cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

Status CI codecov Documentation Status License PyPI - Python Version pre-commit Ruff Code style: black powered by semgrep


Documentation: https://cookiecutter-cruft-poetry-tox-pre-commit-ci-cd.readthedocs.io

Source Code: https://github.com/TeoZosa/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

Example Project: https://github.com/TeoZosa/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd-instance


πŸ“ Note
Originally inspired by @cjolowicz's fantastic cookiecutter-hypermodern-python project and eponymous Hypermodern Python article series.

A robust and extensible (nearly feature-complete), DevSecOps-centric Cookiecutter template for Python packages and/or projects with rich automated tooling for high-quality software development and maintenance, from testing and code quality to documentation and template synchronization.

Pre-configured to seamlessly run both locally and via the GitHub Actions CI/CD system to not only provide powerful guardrails and out-of-the-box audit trails, but significant quality of life improvements such as automated dependency upgrades, PR-based release notes, and many other high-level features for agile, defect-free software development.

Best of all, best practices are baked in order to provide you with the best foundation on which you can build your best work!


Table of Contents

πŸŽ‰ Creating a New Project

Via cruft (recommended):

pip install --user cruft # Install `cruft` on your path for easy access
cruft create https://github.com/TeoZosa/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

Via cookiecutter:

pip install --user cookiecutter # Install `cookiecutter` on your path for easy access
cookiecutter gh:TeoZosa/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

Note: Cookiecutter uses gh: as short-hand for https://github.com/

πŸ”— Linking an Existing Project

If the project was originally installed via cookiecutter, you must first use cruft to link the project with the original template:

cruft link https://github.com/TeoZosa/cookiecutter-cruft-poetry-tox-pre-commit-ci-cd

Then/else:

cruft update

✨ Features

πŸš€ Project Standardization and Automation

πŸ”¨ Developer Workflow Automation

  • Python packaging and dependency management with Poetry
  • Project workflow orchestration with Make as an interface shim
    • Self-documenting Makefile; just type make on the command line to display auto-generated documentation on available targets:

self_documenting_makefile.mov

  • Automated Cookiecutter template synchronization with cruft
  • Test automation with Tox
  • Code quality tooling automation and management with pre-commit
  • Continuous integration and deployment with GitHub Actions

🌱 Conditionally Rendered Python Package or Project Boilerplate

  • [Optional] Command-line interface boilerplate with Typer
  • Project-specific Docker image Dockerfile1 with production dependencies for a completely reproducible execution environment
  • [Optional] Jupyter support1

⚑ Performance

πŸ“¦ C-Extension Compilation

  • Python module to C-extension compilation (enabled by standard Python type hints) with Mypyc
    • Automatically configured for Python package builds (see the template's build.py file)

⚠️️ Warning
Mypyc is currently alpha software. It’s only recommended for production use cases with careful testing, and if you are willing to contribute fixes or to work around issues you will encounter.

πŸ”§ Maintainability

🏷️ Type Checking and Data Validation

πŸ”₯ Tip
Complementary to type-checking, function-specific input validation is another useful technique. This helps eliminate an implicit knowledge violation from hidden argument requirements:

"Hidden argument requirements occur when a method signature implies a wider range of valid inputs than the method actually accepts. For example, accepting an int while only allowing numbers 1 to 10 is a hidden constraint." [1]

[1] C. Riccomini and D. Ryaboy, The Missing README: A Guide for the New Software Engineer, Paperback. No Starch Press, 2021.

βœ… Testing/Coverage

ℹ️ Info
For a good overview of how property-based testing and mutation testing work together to improve the value and quality of your tests, see this stackoverflow post and the follow-up by the mutmut author.

🚨 Linting

πŸ‘· CI/CD

πŸ“‰ Observability

πŸ”Š Logging

  • Structured logging with structlog-sentry-logger (via structlog)
    • Granular control flow context logging (via call stack introspection):
      • Namespaced module-specific loggers
      • Function name logging
    • Environment-dependent standard output stream log formatting:
      • Production: JSON logs
      • Development: Colorized human-readable logs, with JSON logs saved locally for retrospective analysis
    • [Optional] Exception logging to Sentry with structlog-sentry

πŸ₯… Error Tracking

πŸ”’ Security

πŸ” Static Application Security Testing (SAST)

  • Code vulnerabilities with Bandit2
  • Python package dependencies vulnerabilities with Safety

πŸ“‹ Accessibility

πŸ“ Project Documentation

β˜‘οΈ Design Documentation and Production Deployment Checklists

πŸ—ƒοΈ Architecture Documentation

πŸ§‘β€βš–οΈ Legal

πŸ“„ License

cookiecutter-cruft-poetry-tox-pre-commit-ci-cd is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Footnotes

  1. Conditionally rendered based on the configurations specified in the project setup phase to avoid tooling bloat ↩ ↩2 ↩3

  2. Jupyter notebook compatibility via nbQA ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7

  3. Via ruff ↩ ↩2 ↩3

  4. Requires definitions of one or more of the below repository secrets: AUTO_MERGE_DEPENDABOT_TOKEN DOCKERHUB_TOKEN DOCKERHUB_USERNAME PYPI_TOKEN TEST_PYPI_TOKEN ↩ ↩2 ↩3

  5. Custom setup steps in Sphinx configuration file for Read the Docs compatibility (see: conf.py:117-139) ↩