Conversation
Adds docs/ci-cd.md covering GitHub Actions workflows for linting, type-checking, testing (including matrix builds), coverage reporting, PyPI publishing via Trusted Publishing, and dependency security scanning. Updates README.md to include the new guide in the contents table. Co-Authored-By: agent-kurouto[bot] <268466204+agent-kurouto[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds a new documentation guide describing recommended CI/CD patterns for Python projects in this repository, and links it from the main README contents table.
Changes:
- Add
docs/ci-cd.mdwith GitHub Actions examples for linting/formatting (ruff), type checking (pyright), testing (pytest + coverage), publishing to PyPI (OIDC Trusted Publishing), and dependency auditing (pip-audit). - Update
README.mdto include the new CI/CD guide in the “Contents” table.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| README.md | Adds a new entry linking to the CI/CD guide. |
| docs/ci-cd.md | Introduces a comprehensive CI/CD guide with workflow snippets and best-practice recommendations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| With `--cov-fail-under=80`, `pytest` exits non-zero if overall coverage falls below 80 %, causing the CI step to fail. | ||
|
|
||
| > **Note:** Coverage thresholds are a useful safety net, but chasing 100% coverage leads to shallow tests written to satisfy the metric rather than to verify behaviour. Aim for meaningful tests over raw coverage numbers. See the [Testing Guide](testing.md) for more on this. |
There was a problem hiding this comment.
The link to testing.md is broken: there is no docs/testing.md (or other testing.md) in this repo. Consider linking to the existing testing section in python/best-practices.md (e.g. ../python/best-practices.md#5-testing) or removing the reference until a dedicated testing guide exists.
| > **Note:** Coverage thresholds are a useful safety net, but chasing 100% coverage leads to shallow tests written to satisfy the metric rather than to verify behaviour. Aim for meaningful tests over raw coverage numbers. See the [Testing Guide](testing.md) for more on this. | |
| > **Note:** Coverage thresholds are a useful safety net, but chasing 100% coverage leads to shallow tests written to satisfy the metric rather than to verify behaviour. Aim for meaningful tests over raw coverage numbers. See the [Testing Guide](../python/best-practices.md#5-testing) for more on this. |
| - name: Audit dependencies | ||
| run: | | ||
| uv tool install pip-audit | ||
| uv run pip-audit |
There was a problem hiding this comment.
This snippet installs pip-audit as a uv tool but then runs it via uv run pip-audit. In this repo's existing guidance, uv tool install pip-audit is followed by running pip-audit directly; uv run typically expects the command to be available in the project environment. Adjust the example to run the tool in a way that matches uv tool usage (e.g. pip-audit or uv tool run pip-audit) so readers don’t get a failing CI step.
| uv run pip-audit | |
| pip-audit |
| [tool.hatch.version] | ||
| source = "vcs" # reads version from the latest git tag |
There was a problem hiding this comment.
The Hatch VCS version example is incomplete: using source = "vcs" requires the hatch-vcs plugin to be present in build-system requirements (and often additional Hatch config). As written, readers may copy this and end up with builds that fail to resolve the version. Please update the example to include the required plugin/config or add a note pointing to the Hatch docs for VCS versioning setup.
| [tool.hatch.version] | |
| source = "vcs" # reads version from the latest git tag | |
| [build-system] | |
| requires = ["hatchling", "hatch-vcs"] | |
| build-backend = "hatchling.build" | |
| [tool.hatch.version] | |
| source = "vcs" # reads version from the latest git tag via hatch-vcs |
| - name: Audit dependencies | ||
| run: | | ||
| uv tool install pip-audit | ||
| uv run pip-audit |
There was a problem hiding this comment.
Same pip-audit invocation issue as earlier: uv tool install pip-audit is followed by uv run pip-audit in the worked example. Please make the worked example consistent with the recommended way to execute uv-installed tools (e.g. run pip-audit directly or uv tool run pip-audit).
| uv run pip-audit | |
| pip-audit |
Summary
docs/ci-cd.md— a comprehensive guide to automating Python projects with GitHub ActionsREADME.mdto include the new guide in the contents tableTest plan
docs/ci-cd.mdfor accuracy and consistency with the project's existing styletesting.md,best-practices.md) are correct once referenced guides landCloses PLT-1035
🤖 Generated with Claude Code