Skip to content

use uv, ruff, prek; update tests gh-workflow #1754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
felixrindt wants to merge 5 commits into
base: main
Choose a base branch
from
Open

use uv, ruff, prek; update tests gh-workflow #1754

felixrindt wants to merge 5 commits into from

Conversation

@felixrindt
Copy link
Member

@felixrindt felixrindt commented Feb 5, 2026
edited
Loading

closes #1641

  • dynamic versioning
  • entrypoints --> work independently of our build backend. Created issue Move to uv/ruff ephios-plugin-template#1
  • system to translate plugin content --> moved to Add translation build backend ephios-plugin-template#2
  • We could also switch to their code formatting tools (ruff?!, there is uv format as well)
  • replace "pre-commit" with "prek" and update developer documentation
  • move our package to a src folder as suggested in the uv docs and pypi docs
  • resolve all code TODOs
  • migrate all occurences of poetry (Docker, workflows, docs, ...)
  • test docker and compose

@felixrindt felixrindt added the [C] infrastructure Changes to CI and deployment label Feb 5, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2026
View reviewed changes
src/ephios/core/views/consequences.py
Comment on lines +23 to +26
return JsonResponse({
"state": consequence.state,
"fail_reason": fail_reason,
})

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 7 days ago

In general, to fix this class of issue you should avoid sending raw exception messages or stack traces directly to clients. Instead, log the detailed information on the server (where developers can inspect it) and return either a generic error message or a sanitized, predefined user-facing message. This prevents accidental disclosure of internal state or implementation details.

For this specific view in src/ephios/core/views/consequences.py, the minimal-impact fix is:

  • Stop using str(e) directly as fail_reason.
  • Replace it with a generic, non-sensitive message (e.g. "confirm_failed" or a short human-readable text) that does not depend on the exception content.
  • Optionally, log the exception using Django’s logging facilities so that developers still have full details; this requires importing logging and using a module-level logger.

Concretely:

  • Add an import for the standard logging module at the top of consequences.py, and define a logger such as logger = logging.getLogger(__name__).
  • In the except ConsequenceError as e: block, replace fail_reason = str(e) with:
    • a call to logger.exception(...) (or logger.warning/info if preferred) to record the exception, and
    • assignment of fail_reason to a safe, generic string that can be returned to the client.
      This preserves the existing JSON structure (state and fail_reason) while eliminating exposure of exception text.
Suggested changeset 1
src/ephios/core/views/consequences.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/ephios/core/views/consequences.py b/src/ephios/core/views/consequences.py
--- a/src/ephios/core/views/consequences.py
+++ b/src/ephios/core/views/consequences.py
@@ -5,7 +5,11 @@
 
 from ephios.core.consequences import ConsequenceError, editable_consequences
 
+import logging
 
+logger = logging.getLogger(__name__)
+
+
 class ConsequenceUpdateView(LoginRequiredMixin, SingleObjectMixin, View):
     def get_queryset(self):
         return editable_consequences(self.request.user)
@@ -19,7 +22,8 @@
             try:
                 consequence.confirm(request.user)
             except ConsequenceError as e:
-                fail_reason = str(e)
+                logger.exception("Error while confirming consequence %s for user %s", consequence, request.user)
+                fail_reason = "confirm_failed"
         return JsonResponse({
             "state": consequence.state,
             "fail_reason": fail_reason,
EOF
@@ -5,7 +5,11 @@

from ephios.core.consequences import ConsequenceError, editable_consequences

import logging

logger = logging.getLogger(__name__)


class ConsequenceUpdateView(LoginRequiredMixin, SingleObjectMixin, View):
def get_queryset(self):
return editable_consequences(self.request.user)
@@ -19,7 +22,8 @@
try:
consequence.confirm(request.user)
except ConsequenceError as e:
fail_reason = str(e)
logger.exception("Error while confirming consequence %s for user %s", consequence, request.user)
fail_reason = "confirm_failed"
return JsonResponse({
"state": consequence.state,
"fail_reason": fail_reason,
Copilot is powered by AI and may make mistakes. Always verify output.
@felixrindt felixrindt force-pushed the uv_prek_ruff branch 8 times, most recently from c0efe1b to 1d2d606 Compare February 6, 2026 13:46
@felixrindt
use uv, ruff, prek; update tests gh-workflow
df8978e 
uv system

fix locale building

fix locale building

fix locale building

fix locale building

fix signals import
@felixrindt
migrate dynamic versioning
4264c48
@felixrindt
migrate docker setup
f89c096
@felixrindt
restore some unneeded changes
ae0f0a6 
refix pylint
@felixrindt felixrindt requested a review from jeriox February 9, 2026 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeriox jeriox Awaiting requested review from jeriox

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

[C] infrastructure Changes to CI and deployment

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Switch to uv

1 participant

@felixrindt