如果您有自訂的最佳做法或慣例,希望 Gemini Code Assist 進行檢查,可以新增 styleguide.md 檔案至存放區的 .gemini/ 根資料夾。系統會將此檔案視為一般文字檔案,並展開 Gemini Code Assist 使用的標準提示。
標準程式碼審查模式
如未指定自訂樣式指南,Gemini Code Assist 會將重點放在以下幾個主要類別:
正確性:確保程式碼運作正常,並處理極端情況,檢查邏輯錯誤、競爭條件或不正確的 API 用法。
效率:找出可能的效能瓶頸或可進行最佳化的部分,例如過多的迴圈、記憶體外洩、效率不佳的資料結構、多餘的計算、過多的記錄,以及效率不佳的字串操作。
可維護性:評估程式碼的可讀性、模組化,以及是否遵循語言慣用語和最佳做法。針對變數、函式和類別的命名不當、缺少註解或說明、程式碼複雜、程式碼重複、格式不一致和魔術數字。
安全性:找出資料處理或輸入驗證的潛在安全漏洞,例如機密資料的儲存方式不安全、注入攻擊、存取控管不足、跨網站要求偽造 (CSRF) 和不安全的直接物件參照 (IDOR)。
其他:審查拉取要求時,我們會考量其他主題,例如測試、效能、可擴充性、模組化和可重用性,以及錯誤記錄和監控。
新增設定檔
.gemini/ 資料夾會代管任何 Gemini Code Assist 相關的設定檔,例如 config.yaml 和 styleguide.md。
config.yaml 檔案包含各種可啟用或停用的可設定功能。styleguide.md 文字檔案是樣式指南,可指示 Gemini Code Assist 在執行程式碼審查時遵循的特定規則。
如要新增這些設定檔,請在存放區的 .gemini/ 資料夾中建立這些檔案,並使用下表做為參考:
以下程式碼片段是使用預設設定的 config.yaml 檔案範例。如果您沒有加入任何特定設定,Gemini Code Assist 會採用預設設定。您可以使用這個程式碼片段做為範本,自行建立 config.yaml 檔案:
have_fun: true
code_review:
disable: false
comment_severity_threshold: MEDIUM
max_review_comments: -1
pull_request_opened:
help: false
summary: true
code_review: true
以下程式碼片段為含有自訂設定的 config.yaml 檔案範例:
$schema: "http://json-schema.org/draft-07/schema#"
title: RepoConfig
description: Configuration for Gemini Code Assist on a repository. All fields are optional and have default values.
type: object
properties:
have_fun:
type: boolean
description: Enables fun features such as a poem in the initial pull request summary. Default: true.
code_review:
type: object
description: Configuration for code reviews. All fields are optional and have default values.
properties:
disable:
type: boolean
description: Disables Gemini from acting on pull requests. Default: false.
comment_severity_threshold:
type: string
enum:
- LOW
- MEDIUM
- HIGH
- CRITICAL
description: The minimum severity of review comments to consider. Default: MEDIUM.
max_review_comments:
type: integer
format: int64
description: The maximum number of review comments to consider. Use -1 for unlimited. Default: -1.
pull_request_opened:
type: object
description: Configuration for pull request opened events. All fields are optional and have default values.
properties:
help:
type: boolean
description: Posts a help message on pull request open. Default: false.
summary:
type: boolean
description: Posts a pull request summary on the pull request open. Default: true.
code_review:
type: boolean
description: Posts a code review on pull request open. Default: true.
以下程式碼片段是 styleguide.md 檔案的範例:
# Company X Python Style Guide
# Introduction
This style guide outlines the coding conventions for Python code developed at Company X.
It's based on PEP 8, but with some modifications to address specific needs and
preferences within our organization.
# Key Principles
* **Readability:** Code should be easy to understand for all team members.
* **Maintainability:** Code should be easy to modify and extend.
* **Consistency:** Adhering to a consistent style across all projects improves
collaboration and reduces errors.
* **Performance:** While readability is paramount, code should be efficient.
# Deviations from PEP 8
## Line Length
* **Maximum line length:** 100 characters (instead of PEP 8's 79).
* Modern screens allow for wider lines, improving code readability in many cases.
* Many common patterns in our codebase, like long strings or URLs, often exceed 79 characters.
## Indentation
* **Use 4 spaces per indentation level.** (PEP 8 recommendation)
## Imports
* **Group imports:**
* Standard library imports
* Related third party imports
* Local application/library specific imports
* **Absolute imports:** Always use absolute imports for clarity.
* **Import order within groups:** Sort alphabetically.
## Naming Conventions
* **Variables:** Use lowercase with underscores (snake_case): `user_name`, `total_count`
* **Constants:** Use uppercase with underscores: `MAX_VALUE`, `DATABASE_NAME`
* **Functions:** Use lowercase with underscores (snake_case): `calculate_total()`, `process_data()`
* **Classes:** Use CapWords (CamelCase): `UserManager`, `PaymentProcessor`
* **Modules:** Use lowercase with underscores (snake_case): `user_utils`, `payment_gateway`
## Docstrings
* **Use triple double quotes (`"""Docstring goes here."""`) for all docstrings.**
* **First line:** Concise summary of the object's purpose.
* **For complex functions/classes:** Include detailed descriptions of parameters, return values,
attributes, and exceptions.
* **Use Google style docstrings:** This helps with automated documentation generation.
```python
def my_function(param1, param2):
"""Single-line summary.
More detailed description, if necessary.
Args:
param1 (int): The first parameter.
param2 (str): The second parameter.
Returns:
bool: The return value. True for success, False otherwise.
Raises:
ValueError: If `param2` is invalid.
"""
# function body here
```
## Type Hints
* **Use type hints:** Type hints improve code readability and help catch errors early.
* **Follow PEP 484:** Use the standard type hinting syntax.
## Comments
* **Write clear and concise comments:** Explain the "why" behind the code, not just the "what".
* **Comment sparingly:** Well-written code should be self-documenting where possible.
* **Use complete sentences:** Start comments with a capital letter and use proper punctuation.
## Logging
* **Use a standard logging framework:** Company X uses the built-in `logging` module.
* **Log at appropriate levels:** DEBUG, INFO, WARNING, ERROR, CRITICAL
* **Provide context:** Include relevant information in log messages to aid debugging.
## Error Handling
* **Use specific exceptions:** Avoid using broad exceptions like `Exception`.
* **Handle exceptions gracefully:** Provide informative error messages and avoid crashing the program.
* **Use `try...except` blocks:** Isolate code that might raise exceptions.
# Tooling
* **Code formatter:** [Specify formatter, e.g., Black] - Enforces consistent formatting automatically.
* **Linter:** [Specify linter, e.g., Flake8, Pylint] - Identifies potential issues and style violations.
# Example
```python
"""Module for user authentication."""
import hashlib
import logging
import os
from companyx.db import user_database
LOGGER = logging.getLogger(__name__)
def hash_password(password: str) -> str:
"""Hashes a password using SHA-256.
Args:
password (str): The password to hash.
Returns:
str: The hashed password.
"""
salt = os.urandom(16)
salted_password = salt + password.encode('utf-8')
hashed_password = hashlib.sha256(salted_password).hexdigest()
return f"{salt.hex()}:{hashed_password}"
def authenticate_user(username: str, password: str) -> bool:
"""Authenticates a user against the database.
Args:
username (str): The user's username.
password (str): The user's password.
Returns:
bool: True if the user is authenticated, False otherwise.
"""
try:
user = user_database.get_user(username)
if user is None:
LOGGER.warning("Authentication failed: User not found - %s", username)
return False
stored_hash = user.password_hash
salt, hashed_password = stored_hash.split(':')
salted_password = bytes.fromhex(salt) + password.encode('utf-8')
calculated_hash = hashlib.sha256(salted_password).hexdigest()
if calculated_hash == hashed_password:
LOGGER.info("User authenticated successfully - %s", username)
return True
else:
LOGGER.warning("Authentication failed: Incorrect password - %s", username)
return False
except Exception as e:
LOGGER.error("An error occurred during authentication: %s", e)
return False