Testing¶
This projects provides a few different tests and checks.
In general, we have two files which defines all the tests:
- prek.toml
- CI pipeline like GitLab's .gitlab-ci.yml or GitHubs workflows
To easily run these tests locally, use:
If you only want to run the pre-commit hooks manually, use:
Python Code Tests¶
Feature tests as well as test coverage:
# run tests
uv run coverage run -m pytest
# serve html coverage report
uv run python -m http.server -d build/htmlcov
Static code checks using ruff:
# linter
uv run ruff check src
uv run ruff check tests
uv run ruff check scripts
# formatter
uv run ruff format --diff src
uv run ruff format --diff tests
uv run ruff format --diff scripts
To run automatic static code fixes, use:
# linter
uv run ruff check --fix src
uv run ruff check --fix tests
uv run ruff check --fix scripts
# formatter
uv run ruff format src
uv run ruff format tests
uv run ruff format scripts
Static code analysis using pylint:
Static type checks using ty:
General typo checking using typos:
Bash Script Checks¶
find scripts -type f -name "*.sh" -exec uv run shellcheck --external-sources --shell bash --source-path scripts {} +
Markdown Checks¶
Verify documentation (markdown) compliance w.r.t. markdown linting rules further specified inside the .markdownlint-cli2.jsonc configuration file.
License Checks¶
Vulnerability Checks¶
DependaBot Checks¶
dependabot-cli is a tool for testing and debugging Dependabot update jobs.
Preparations¶
To run DependaBot checks locally, please ensure that Docker is installed and configured.
Currently, dependabot-cli does not support using rootless Docker directly. Therefore, we need to build our own DependaBot Docker image and use Docker in Docker.
For system-wide Docker, you can just Download the pre build binaries and from the official release pages.
FROM golang:1.26.1-alpine3.23 AS install-dependabot
RUN go install github.com/dependabot/cli/cmd/dependabot@latest \
&& cp $GOPATH/bin/dependabot /usr/local/bin/
FROM docker:29-dind AS runtime
COPY --from=install-dependabot /usr/local/bin/dependabot /usr/local/bin/
ENTRYPOINT ["dependabot"]
Run DependaBot Checks¶
docker run \
-it \
--rm \
--network=host \
-v $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock \
-v $HOME/.docker/config.json:/root/.docker/config.json \
-v .:/repo \
dependabot-cli update pip test/test --local /repo
Note that in the last command line pip could be any supported DependaBot manager, depending on what you want to check. Some useful manager are:
pipuvpre_commitgithub_actionssubmodulesdockerdocker_composedevcontainers
Also take a look at all supported DependaBot managers on GitHub. Note that this links is referencing to a fixed version. Check out the main branch too.