Go full ruff (black and bandit) and disable bandit on codeclimate

.codeclimate.yml

@@ -1,6 +1,4 @@
 version: "2"
 plugins:
-  bandit:
-    enabled: true
   sonar-python:
     enabled: true

.github/workflows/python-code-style.yml

@@ -24,9 +24,8 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        python -m pip install poetry
-        poetry config virtualenvs.create false
-        poetry install --no-root --with dev
+        python -m pip install poetry tox
+        make poetry-export
     - name: Check code style with black
       run: |
         make format

.github/workflows/python-lint.yml

@@ -24,8 +24,7 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        python -m pip install poetry
-        poetry config virtualenvs.create false
-        poetry install --no-root --with dev
+        python -m pip install poetry tox
+        make poetry-export
     - name: Lint with ruff
       run: make lint

.github/workflows/python-tests.yml

@@ -33,6 +33,3 @@ jobs:
     - name: Test with pytest
       run: |
         make ci-test
-    - name: Check typing
-      run: |
-        make typing

.github/workflows/python-bandit.yml → .github/workflows/python-typing.yml

@@ -1,7 +1,7 @@
 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
 
-name: Bandit checks
+name: Python lint
 
 on:
   push:
@@ -12,21 +12,19 @@ on:
   workflow_dispatch:
 
 jobs:
-  bandit:
+  typing:
     runs-on: ubuntu-latest
 
     steps:
     - uses: actions/checkout@v4
-
-    - name: Security check - Bandit
-      uses: ioggstream/[email protected]
-      with:
-        project_path: .
-        config_file: .bandit.yml
-
-    # This is optional
-    - name: Security check report artifacts
-      uses: actions/upload-artifact@v4
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v5
       with:
-        name: Security report
-        path: output/security_report.txt
+        python-version: "3.12"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install poetry tox
+        make poetry-export
+    - name: Check typing
+      run: make typing

Makefile

@@ -1,42 +1,49 @@
-.PHONY: docs
+.PHONY: dev-dependencies update-dependencies test docs fix check typing lint format ci-test ci-coverage poetry-export
+
+#########################
+###### dev commands #####
+#########################
+dev-dependencies:
+	poetry install --with dev --no-root
+
+update-dependencies:
+	poetry update --with dev
 
 test:
 	poetry run pytest -n auto --cov
 
-ci-test:
-	poetry run pytest
+docs:
+	poetry run mkdocs serve
 
-ci-coverage:
-	poetry run pytest --cov --cov-report lcov
+fix:
+	poetry run ruff . --fix
+	poetry run ruff format .
 
-typing:
-	tox -e typing
+check: poetry-export
+	tox
 
-format:
-	tox -e format
+typing: poetry-export
+	tox -e typing
 
-lint:
+lint: poetry-export
 	tox -e lint
 
-bandit:
-	tox -e bandit
-
-format-fix:
-	poetry run black .
+format: poetry-export
+	tox -e format
 
-lint-fix:
-	poetry run ruff . --fix
 
-dev-dependencies:
-	poetry install --with dev --no-root
+#########################
+#### Helper commands ####
+#########################
+poetry-export:
+	poetry export -f requirements.txt --output /tmp/requirements.txt --with dev
 
-update-dependencies:
-	poetry update --with dev
 
-fix:  format-fix lint-fix
-check:
-	poetry export -f requirements.txt --output /tmp/requirements.txt --with dev
-	tox
+#########################
+###### CI commands ######
+#########################
+ci-test:
+	poetry run pytest
 
-docs:
-	poetry run mkdocs serve
+ci-coverage:
+	poetry run pytest --cov --cov-report lcov

pyproject.toml

@@ -46,8 +46,6 @@ optional = true
 
 [tool.poetry.group.dev.dependencies]
 coverage = ">=6.5.0"
-bandit = ">=1.7.6"
-black = ">=22.10.0"
 mkdocs = ">=1.4.3"
 mkdocstrings = { version = ">=0.24.0", extras = ["python"] }
 mkdocs-gen-files = ">=0.5.0"
@@ -67,15 +65,6 @@ tox = ">=4.12.1"
 ### Tools configuration  ###
 ############################
 
-[tool.black]
-target-version = ["py38", "py39", "py310", "py311", "py312"]
-extend-exclude = '''
-(
-  /docs,
-  .tox
-)
-'''
-
 [tool.coverage.run]
 branch = true
 source = ["bootstrap_python_package"]
@@ -104,9 +93,37 @@ testpaths = [
 
 [tool.ruff]
 extend-exclude = ["docs", ".tox"]
+target-version = "py38"
 
 [tool.ruff.lint]
-select = ["E", "F", "I"]
+select = [
+    "E",  # pycodestyle
+    "W",  # pycodestyle
+    "F",  # pyflakes
+    "I",  # isort
+    "N",  # pep8-naming
+    "S",  # flake8-bandit
+    "RUF",  # ruff-specific-rules
+]
+# Ignoring rules problematic with formatter
+# https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
+ignore = [
+    "W191",
+    "E111",
+    "E114",
+    "E117",
+    "D206",
+    "D300",
+    "Q000",
+    "Q001",
+    "Q002",
+    "Q003",
+    "COM812",
+    "COM819",
+    "ISC001",
+    "ISC002",
+]
 
 [tool.ruff.lint.per-file-ignores]
-"__init__.py" = ["F401"]
+"__init__.py" = ["F401"]  # Ignore unused imports on init files
+"tests/**/*.py" = ["S101"]  # Allow assert usage on tests

scripts/gen_pages.py

@@ -35,7 +35,7 @@
     full_doc_path = Path(nav_pages_path, doc_path)
 
     # Handle edge cases
-    parts = (src_dir,) + tuple(module_path.parts)
+    parts = (src_dir, *tuple(module_path.parts))
     if parts[-1] == "__init__":
         parts = parts[:-1]
         doc_path = doc_path.with_name("index.md")

tox.ini

@@ -7,9 +7,8 @@ env_list =
     py39
     py38
     typing
-    format
     lint
-    bandit
+    format
 
 [testenv]
 ; The file /tmp/requirements.txt is created automatically if you run tox
@@ -34,12 +33,8 @@ commands =
 
 [testenv:format]
 commands =
-    black --check .
+    ruff format --check .
 
 [testenv:lint]
 commands =
     ruff .
-
-[testenv:bandit]
-commands =
-    bandit -c .bandit.yml -r .