[Discussion] PEP-8 compliance

[CRImier]

Following #24 (and CRImier/pyLCI#1, it'd be great to have PEP-8 and PEP-257 compliance. My ideas about this:

1. Bring the current code into compliance
2. Add instructions for contributors so that they can automatically check their contributions
3. Research (if available, add) automated hooks for checking (and/or enforcing) PEP-8 compliance

[j340m3]

You could check flake8 for PEP-8 compliance. I integrated it also to my travis-ci build. It works flawlessly.

I've never checked for PEP-257 compliance, but there seems to be something that does the job.

[CRImier]

Do you have a link to your .travis.yml file?

[j340m3]

I used tox. So mine is way more complicated. But here you are: .travis.yml

[CRImier]

I see, flake8 is covered by tox, then. BTW, in your .travis.yml, why is env->global->secure (which looks like something secure =D ) not in Travis env vars?

[j340m3]

Yes, it is my encrypted pypi password, so that travis can upload on success to pypi without me having to type in the password.

I followed a manual, and they have put it there, and it works. I fear touching the configuration again for such minor things 🙈.

[CRImier]

=D Got it! I sure hope nobody can use this secret to upload on your behalf, lest we get more PyPi malware - so if that's the case, consider regenerating it and sticking it into the envvars =D

[j340m3]

If they are able to merge into main without my permission, they can upload, otherwise you need to fake the webhook of the push and you need to guess my private key stored in the github server. So it is possible but very unlikely.

Actually how I did it in my repo is how most projects with automated pypi upload handle it.

[CRImier]

I see, makes sense. Let's be on the look out for any GH exploits, then =D