If you would like to become an active contributor to this project please follow the instructions provided in Microsoft Azure Projects Contribution Guidelines.
If you want to contribute to a file that is generated (header contains Code generated by Microsoft (R) AutoRest Code Generator.), the best approach to open a PR on the initial Swagger specification, as we can NOT merge a PR on generated code (it would be replaced by next generation). See https://github.com/Azure/azure-rest-api-specs/ for details.
We utilize a variety of tools to ensure smooth development, testing, and code quality for the Azure Python SDK. Below is a list of key tools and their purpose in the workflow:
-
azpysdk: The
azpysdkCLI is our primary tool for running checks locally and in CI. It is an entrypoint provided by theeng/tools/azure-sdk-toolspackage and abstracts all checks (linting, type checking, tests, doc generation, etc.) behind a single command. See the Tool Usage Guide for full details. -
UV: UV is a fast package manager that can manage Python versions, run and install Python packages, and be used instead of pip, virtualenv, and more.
-
Pytest: Pytest is the test framework we use for writing and running our unit tests. It supports fixtures, parameterized tests, and other features that make testing more powerful and flexible.
-
Pylint: Pylint is used for code linting to enforce coding standards and catch potential issues early. Maintaining a consistent code style is important, and Pylint helps achieve that goal.
-
Mypy and Pyright: Both tools are used for type checking. Mypy helps verify that type annotations are correct, while Pyright provides additional support for type completeness and validation.
-
Sphinx: Sphinx is used for generating package documentation. This ensures that contributors and users alike have clear, accessible information about how to use the SDK.
-
Bandit: Bandit is employed to find common security issues in Python code. It performs static analysis and helps us secure the codebase.
-
Azure DevOps: Our CI/CD pipelines are managed using Azure DevOps, ensuring that builds, tests, and deployments are executed consistently and reliably across all contributions.
The Azure SDK team's Python CI leverages the azpysdk CLI tool to run checks, tests, and linters during PR/CI builds. This means that a dev working locally can reproduce exactly what the build machine is doing.
The azpysdk entrypoint is provided by the eng/tools/azure-sdk-tools package. For full setup instructions and the list of available checks, see the Tool Usage Guide.
From the root of your target package:
pip install -r dev_requirements.txt
This installs azure-sdk-tools (which provides azpysdk) along with the package's dev dependencies.
You can discover all available checks by running azpysdk --help. Some common checks:
azpysdk pylint . # Lint with pylint
azpysdk mypy . # Type check with mypy
azpysdk pyright . # Type check with pyright
azpysdk verifytypes . # Verify type completeness
azpysdk sphinx . # Build documentation
azpysdk bandit . # Security analysis
azpysdk black . # Code formatting
azpysdk verifywhl . # Verify wheel contents
azpysdk verifysdist . # Verify sdist contents
azpysdk import_all . # Verify all imports resolve
azpysdk apistub . # Generate API stub
azpysdk samples . # Run samples
azpysdk breaking . # Check for breaking changes
azpysdk devtest . # Test against dev feed dependencies
azpysdk also supports globbing and comma-separated package names when invoked from the repo root:
azure-sdk-for-python> azpysdk import_all azure-storage*
azure-sdk-for-python> azpysdk pylint azure-storage-blob,azure-core
To run a check in a completely fresh virtual environment, add --isolate:
azpysdk pylint . --isolate
When running test-related checks, you can pass additional arguments to pytest after --:
azpysdk devtest . -- --pdb
SDK performance testing is supported via the custom perfstress framework. For full details on this framework, and how to write and run tests for an SDK - see the perfstress tests documentation.
We maintain an additional document that has a ton of detail as to what is actually happening in these executions.
Daily dev build version of Azure sdk packages for python are available and are uploaded to Azure devops feed daily. Below is the link to Azure devops feed.
https://dev.azure.com/azure-sdk/public/_packaging?_a=feed&feed=azure-sdk-for-python
pip install <package-name> --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple --pre
For e.g.
pip install azure-appconfiguration==1.0.0b6.dev20191205001 --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple
To test a package being developed against latest dev build version of dependent packages:
a. cd to package root folder
b. run azpysdk devtest
azpysdk devtest .
This check will fail if installed dependent packages are not dev build version.
Third party libraries should only be included in samples when necessary to demonstrate usage of an Azure SDK package; they should not be suggested or endorsed as alternatives to the Azure SDK.
When code samples take dependencies, readers should be able to use the material without significant license burden or research on terms. This goal requires restricting dependencies to certain types of open source or commercial licenses.
Samples may take the following categories of dependencies:
-
Open-source : Open source offerings that use an Open Source Initiative (OSI) approved license. Any component whose license isn't OSI-approved is considered a commercial offering. Prefer OSS projects that are members of any of the OSS foundations that Microsoft is part of. Prefer permissive licenses for libraries, like MIT and Apache 2. Copy-left licenses like GPLv3 are acceptable for tools, and OSs. Kubernetes, Linux, and Newtonsoft.Json are examples of this license type. Links to open source components should be to where the source is hosted, including any applicable license, such as a GitHub repository (or similar).
-
Commercial: Commercial offerings that enable readers to learn from our content without unnecessary extra costs. Typically, the offering has some form of a community edition, or a free trial sufficient for its use in content. A commercial license may be a form of dual-license, or tiered license. Links to commercial components should be to the commercial site for the software, even if the source software is hosted publicly on GitHub (or similar).
-
Dual licensed: Commercial offerings that enable readers to choose either license based on their needs. For example, if the offering has an OSS and commercial license, readers can choose between them. MySql is an example of this license type.
-
Tiered licensed: Offerings that enable readers to use the license tier that corresponds to their characteristics. For example, tiers may be available for students, hobbyists, or companies with defined revenue thresholds. For offerings with tiered licenses, strive to limit our use in tutorials to the features available in the lowest tier. This policy enables the widest audience for the article. Docker, IdentityServer, ImageSharp, and Visual Studio are examples of this license type.
In general, we prefer taking dependencies on licensed components in the order of the listed categories. In cases where the category may not be well known, we'll document the category so that readers understand the choice that they're making by using that dependency.
This project's code of conduct can be found in the CODE_OF_CONDUCT.md file (v1.4.0 of the https://contributor-covenant.org/ CoC).