如果您有一组自定义的最佳实践或惯例,希望 Gemini Code Assist 进行检查,可以向代码库的 .gemini/ 根文件夹添加 styleguide.md 文件。此文件会被视为常规文本文件,并会展开 Gemini Code Assist 使用的标准提示。
标准代码审核模式
如果未指定自定义样式指南,Gemini Code Assist 会重点审核以下领域:
正确性:确保代码按预期运行并处理边界情况,检查逻辑错误、竞态条件或 API 使用不当。
效率:找出潜在的性能瓶颈或需要优化的方面,例如过多循环、内存泄露、数据结构效率低下、冗余计算、过多日志记录和字符串操作效率低下。
可维护性:评估代码的可读性、模块化程度以及是否遵循语言惯用法和最佳实践。定位到变量、函数和类的命名不当、缺少注释或文档、代码复杂、代码重复、格式不一致和魔法数字。
安全:识别数据处理或输入验证中的潜在漏洞,例如敏感数据的存储不安全、注入攻击、访问控制不足、跨站请求伪造 (CSRF) 和不安全的直接对象引用 (IDOR)。
其他:在审核拉取请求时,我们还会考虑其他主题,例如测试、性能、可伸缩性、模块化和可重用性,以及错误日志记录和监控。
添加配置文件
.gemini/ 文件夹包含与 Gemini Code Assist 相关的所有配置文件,例如 config.yaml 和 styleguide.md。
config.yaml 文件包含各种可配置功能,您可以启用或停用这些功能。styleguide.md 文本文件是样式指南,用于指示 Gemini Code Assist 在执行代码审核时应遵循的特定规则。
如需添加这些配置文件,请在代码库的 .gemini/ 文件夹中创建这些文件,并使用下表作为参考:
以下代码段是一个使用默认设置的 config.yaml 文件示例。如果您未添加任何特定设置,Gemini Code Assist 会采用默认设置。您可以使用以下代码段作为模板来创建自己的 config.yaml 文件:
have_fun: true
code_review:
disable: false
comment_severity_threshold: MEDIUM
max_review_comments: -1
pull_request_opened:
help: false
summary: true
code_review: true
以下代码段是一个包含自定义设置的 config.yaml 文件示例:
$schema: "http://json-schema.org/draft-07/schema#"
title: RepoConfig
description: Configuration for Gemini Code Assist on a repository. All fields are optional and have default values.
type: object
properties:
have_fun:
type: boolean
description: Enables fun features such as a poem in the initial pull request summary. Default: true.
code_review:
type: object
description: Configuration for code reviews. All fields are optional and have default values.
properties:
disable:
type: boolean
description: Disables Gemini from acting on pull requests. Default: false.
comment_severity_threshold:
type: string
enum:
- UNKNOWN
- LOW
- MEDIUM
- HIGH
- CRITICAL
description: The minimum severity of review comments to consider. Default: MEDIUM.
max_review_comments:
type: integer
format: int64
description: The maximum number of review comments to consider. Use -1 for unlimited. Default: -1.
pull_request_opened:
type: object
description: Configuration for pull request opened events. All fields are optional and have default values.
properties:
help:
type: boolean
description: Posts a help message on pull request open. Default: false.
summary:
type: boolean
description: Posts a pull request summary on the pull request open. Default: true.
code_review:
type: boolean
description: Posts a code review on pull request open. Default: true.
以下代码段是 styleguide.md 文件的示例:
# Company X Python Style Guide
# Introduction
This style guide outlines the coding conventions for Python code developed at Company X.
It's based on PEP 8, but with some modifications to address specific needs and
preferences within our organization.
# Key Principles
* **Readability:** Code should be easy to understand for all team members.
* **Maintainability:** Code should be easy to modify and extend.
* **Consistency:** Adhering to a consistent style across all projects improves
collaboration and reduces errors.
* **Performance:** While readability is paramount, code should be efficient.
# Deviations from PEP 8
## Line Length
* **Maximum line length:** 100 characters (instead of PEP 8's 79).
* Modern screens allow for wider lines, improving code readability in many cases.
* Many common patterns in our codebase, like long strings or URLs, often exceed 79 characters.
## Indentation
* **Use 4 spaces per indentation level.** (PEP 8 recommendation)
## Imports
* **Group imports:**
* Standard library imports
* Related third party imports
* Local application/library specific imports
* **Absolute imports:** Always use absolute imports for clarity.
* **Import order within groups:** Sort alphabetically.
## Naming Conventions
* **Variables:** Use lowercase with underscores (snake_case): `user_name`, `total_count`
* **Constants:** Use uppercase with underscores: `MAX_VALUE`, `DATABASE_NAME`
* **Functions:** Use lowercase with underscores (snake_case): `calculate_total()`, `process_data()`
* **Classes:** Use CapWords (CamelCase): `UserManager`, `PaymentProcessor`
* **Modules:** Use lowercase with underscores (snake_case): `user_utils`, `payment_gateway`
## Docstrings
* **Use triple double quotes (`"""Docstring goes here."""`) for all docstrings.**
* **First line:** Concise summary of the object's purpose.
* **For complex functions/classes:** Include detailed descriptions of parameters, return values,
attributes, and exceptions.
* **Use Google style docstrings:** This helps with automated documentation generation.
```python
def my_function(param1, param2):
"""Single-line summary.
More detailed description, if necessary.
Args:
param1 (int): The first parameter.
param2 (str): The second parameter.
Returns:
bool: The return value. True for success, False otherwise.
Raises:
ValueError: If `param2` is invalid.
"""
# function body here
```
## Type Hints
* **Use type hints:** Type hints improve code readability and help catch errors early.
* **Follow PEP 484:** Use the standard type hinting syntax.
## Comments
* **Write clear and concise comments:** Explain the "why" behind the code, not just the "what".
* **Comment sparingly:** Well-written code should be self-documenting where possible.
* **Use complete sentences:** Start comments with a capital letter and use proper punctuation.
## Logging
* **Use a standard logging framework:** Company X uses the built-in `logging` module.
* **Log at appropriate levels:** DEBUG, INFO, WARNING, ERROR, CRITICAL
* **Provide context:** Include relevant information in log messages to aid debugging.
## Error Handling
* **Use specific exceptions:** Avoid using broad exceptions like `Exception`.
* **Handle exceptions gracefully:** Provide informative error messages and avoid crashing the program.
* **Use `try...except` blocks:** Isolate code that might raise exceptions.
# Tooling
* **Code formatter:** [Specify formatter, e.g., Black] - Enforces consistent formatting automatically.
* **Linter:** [Specify linter, e.g., Flake8, Pylint] - Identifies potential issues and style violations.
# Example
```python
"""Module for user authentication."""
import hashlib
import logging
import os
from companyx.db import user_database
LOGGER = logging.getLogger(__name__)
def hash_password(password: str) -> str:
"""Hashes a password using SHA-256.
Args:
password (str): The password to hash.
Returns:
str: The hashed password.
"""
salt = os.urandom(16)
salted_password = salt + password.encode('utf-8')
hashed_password = hashlib.sha256(salted_password).hexdigest()
return f"{salt.hex()}:{hashed_password}"
def authenticate_user(username: str, password: str) -> bool:
"""Authenticates a user against the database.
Args:
username (str): The user's username.
password (str): The user's password.
Returns:
bool: True if the user is authenticated, False otherwise.
"""
try:
user = user_database.get_user(username)
if user is None:
LOGGER.warning("Authentication failed: User not found - %s", username)
return False
stored_hash = user.password_hash
salt, hashed_password = stored_hash.split(':')
salted_password = bytes.fromhex(salt) + password.encode('utf-8')
calculated_hash = hashlib.sha256(salted_password).hexdigest()
if calculated_hash == hashed_password:
LOGGER.info("User authenticated successfully - %s", username)
return True
else:
LOGGER.warning("Authentication failed: Incorrect password - %s", username)
return False
except Exception as e:
LOGGER.error("An error occurred during authentication: %s", e)
return False