Add "Project best practices" page #1760
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…H/ecosystem-best-practices
| conduct](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/adding-a-code-of-conduct-to-your-project). | ||
|
|
||
| * **GitHub actions** | ||
|
|
There was a problem hiding this comment.
Suggested change
| Software projects benefit from using continuous integration (CI) and continuous deployment (CD): | |
| * [Continuous integration](https://www.atlassian.com/continuous-delivery/continuous-integration): automating the integration of changes to your code, including through the use of automated tests to ensure your changes do not break the project. | |
| * [Continuous deployment](https://www.ibm.com/topics/continuous-deployment): automation of your deployment/release process. Often, continuous deployment can be semi-automated, such as requiring a human to initiate the deployment. |
There was a problem hiding this comment.
I think it's a good idea to name-drop CI/CD so users can read about it more, but given the target audience, I think it's better as a "further reading" link at the end of the paragraph. Added in a7d02c7.
docs/open-source/best-practices.mdx
Outdated
Comment on lines
80
to
90
| The simplest way to list your requirements is to put the Python version you're | ||
| using in your `README` and include a | ||
| [`requirements.txt`](https://pip.pypa.io/en/stable/reference/requirements-file-format/) | ||
| file in your repository. However, this means you must manually identify your | ||
| requirements and keep the file in sync. | ||
|
|
||
| Tools such as [Poetry](https://python-poetry.org/) solve this problem by | ||
| managing dependencies for you, which means they can keep track of everything | ||
| you've installed. Installing a dependency through Poetry will add it to a | ||
| "lock" file, which keeps track of the exact versions of each package you have | ||
| installed. Users can use the lockfile to replicate your environment. |
There was a problem hiding this comment.
Suggested change
| The simplest way to list your requirements is to put the Python version you're | |
| using in your `README` and include a | |
| [`requirements.txt`](https://pip.pypa.io/en/stable/reference/requirements-file-format/) | |
| file in your repository. However, this means you must manually identify your | |
| requirements and keep the file in sync. | |
| Tools such as [Poetry](https://python-poetry.org/) solve this problem by | |
| managing dependencies for you, which means they can keep track of everything | |
| you've installed. Installing a dependency through Poetry will add it to a | |
| "lock" file, which keeps track of the exact versions of each package you have | |
| installed. Users can use the lockfile to replicate your environment. | |
| Traditionally, many Python projects use a `requirements.txt` file to list the project's dependencies. | |
| You may also see `requirements-dev.txt` to list dependencies only used for contributing to | |
| the project, such as linters or test runners. This approach can be fine, but it has two issues: | |
| 1) no "lockfiles", and 2) you still need to set up metadata about your project. | |
| Instead of the traditional requirements.txt approach, build tools such as [Poetry](https://python-poetry.org/) improve dependency management. Poetry also ensures that you properly set up metadata for your project, | |
| such as which Python versions you support; this metadata is necessary to | |
| [package your project](#package-your-project). | |
| Installing a dependency through Poetry will add it to a "lockfile", | |
| which keeps track of the exact versions of each package you have | |
| installed. Lockfiles are crucial for | |
| ["supply chain security"](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). | |
| Lockfiles also ensure that your project will not break overnight due to new releases of dependencies | |
| breaking your project; with a lockfile, your dependencies will only change when you intentionally upgrade. |
There was a problem hiding this comment.
@Eric-Arellano Is it important to put "supply chain security" in quotes? I'd leave them off unless it's confusing otherwise.
There was a problem hiding this comment.
I've incorporated this into f6977d8. I've left out the security bit as most projects are run-once programs for a specific experiment.
abbycross
reviewed
Sep 3, 2024
abbycross
reviewed
Sep 3, 2024
abbycross
reviewed
Sep 3, 2024
abbycross
reviewed
Sep 3, 2024
abbycross
reviewed
Sep 3, 2024
abbycross
reviewed
Sep 3, 2024
Co-authored-by: abbycross <[email protected]> Co-authored-by: Eric Arellano <[email protected]>
Co-authored-by: Eric Arellano <[email protected]>
Co-authored-by: Eric Arellano <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a new page on best practices for ecosystem projects.
Link to preview