2. About me
● Tech lead and co-founder typless.com
● Author at testdriven.io
● Twitter: @jangiacomelli
3. Python development
● creating and re-creating virtual environments
● installing, uninstalling, and updating dependencies
● type checking
● writing and running tests
● following consistent code style
● avoiding security vulnerabilities
● documenting code
4. Modern Python Environments - pyenv
Lets you easily switch between multiple versions of Python.
● Install specific Python version: $ pyenv install 3.8.5
● List available Python versions: $ pyenv versions
5. Modern Python Environments - pyenv
● Select a specific version as a global default: $ pyenv global 3.8.5
● Select a specific version for the current project: $ pyenv local 3.9.0
6. Modern Python Environments - pip + venv
Fairly simple to use. Pre-installed with most versions of Python.
● Create virtual environment: $ python -m venv my_venv
● Activate virtual environment: $ source my_venv/bin/activate
● Install a dependency: (my_venv)$ python -m pip install <package-name>
● Create list of dependencies: (my_venv)$ python -m pip freeze > requirements.txt
8. Modern Python Environments - Poetry
Powerful CLI used for creating and managing Python projects.
● Create a new project: $ poetry new <project-name>
● Install a dependency: $ poetry add [--dev] <package name>
● Run a command inside the virtual environment: $ poetry run python -m pytest
● Dependencies are managed inside pyproject.toml
12. Which one to choose?
● pip + venv
● poetry
● pipenv
13. Python testing - pytest
Go-to testing framework for testing Python code.
Compared to unittest:
● less boilerplate code -> more readable test suites
● uses built-in assert statement -> more readable and easier to remember
● updated more frequently (not part of the Python standard library)
● simpler setting up and tearing down test state with its fixture system
● uses a functional approach
16. Python testing - pytest
Plugins:
● pytest-django - set of tools made specifically for testing Django applications
● pytest-xdist - run tests in parallel
● pytest-cov - adds code coverage support
● pytest-instafail - shows failures and errors immediately instead of waiting until the end of a run
17. Python testing - Mocking
Practice of replacing real objects with
mocked ones, which mimic their
behavior, at runtime.
19. Python testing - Code coverage
A metric that tells you the ratio between the
number of lines executed during test runs and
the total number of all lines in your code base.
pytest-cov - adds code coverage support
20. Code quality
Code is considered to be of high quality when:
● It serves its purpose
● Its behavior can be tested
● It follows a consistent style
● It's understandable
● It doesn't contain security vulnerabilities
● It's documented well
● It's easy to maintain
21. Code quality - linters
Linters flag programming errors, bugs, stylistic errors, and suspicious constructs through source code
analysis.
22. Code quality - flake8
Wrapper around Pyflakes, pycodestyle, and McCabe.
24. Code quality - formatters
Reformat your code based on a set of standards.
Code formatting is a dull job that should be performed by a computer.
● reduce merge conflicts
● easier to read code
● easier to find bugs
● easier to onboard new developers
25. Code quality - isort
Automatically separates imports into groups standard library, third-party, local, and alphabetically
orders them.
26. Code quality - black
Code formatter that's used to reformat your code based on the Black's code style guide.
28. Code quality - Security Vulnerability Scanners
Your code is only as secure as its weakest link.
29. Code quality - bandit
Tool designed to find common security issues in Python code.
● hardcoded password strings
● deserializing untrusted code
● using pass in except blocks
30. Code quality - safety
Used to check your installed dependencies for known security vulnerabilities against Safety database.
31. Type checking - type hints
Type hints allow developers to annotate expected types for variables, function parameters, and
function returns inside Python code.
● not enforced by the Python interpreter
● better express the intent
● autocomplete
● less bugs
37. Type checking - Marshmallow
Helps to validate complex data and load/dump data from/to native Python types.
● doesn't use type casting
● schema and class defined separately
39. Type checking - Typeguard
It enforces types while your program is running.
● typechecked decorator
● comes with pytest plugin
● for classes and functions
41. Documenting Python Code
Without proper documentation, it can be very difficult or impossible for internal and external
stakeholders to use and/or maintain your code.
● standalone resource
● should always be present
● how and when to use something
42. Documenting Python Code - Docstrings
A special "string literal that occurs as the first
statement in a module, function, class, or method
definition".
● __doc__ attribute of module/class/function
● multiline and single line
● different formats (Google, NumPy,
reStructuredText, Epytext)
● code examples (doctest)
46. Documenting Python Code - OpenAPI
Standard format for describing, producing,
consuming, and visualizing RESTful APIs.
● used for SwaggerUI and ReDoc
● can be imported to Postman
● can be used to generate SDKs
● can be auto-generated