Commit 5a53920f authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/ruff' into 'master' 

Feat/ruff

See merge request to-be-continuous/python!101
parents 5f78c734 ef364ef6

README.md

+12 −1
Original line number Diff line number Diff line
@@ -282,6 +282,17 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/ 
| ---------------- | ----------------------------------------------------------------------- | ----------------- |

| `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job               | _none_ (disabled) |



### `py-ruff` job



This job **disabled by default** and runs [Ruff](https://docs.astral.sh/ruff/) on the repo. It is bound to the build stage.



| Input / Variable | Description                                                             | Default value     |

| ---------------- | ----------------------------------------------------------------------- | ----------------- |

| `ruff-enabled` / `RUFF_ENABLED` | Set to `true` to enable ruff job                  | _none_ (disabled) |

| `ruff-args` / `RUFF_ARGS` | Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)     | _none_           |

| `ruff-ext-exclude` / `RUFF_EXT_EXCLUDE` | Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files                             | _.venv,.cache_   |



:warning: Ruff can replace isort, Black, Bandit, Pylint and much more. [More info](https://github.com/astral-sh/ruff/blob/main/docs/faq.md#which-tools-does-ruff-replace). 



### SonarQube analysis
@@ -504,7 +515,7 @@ The variant requires the additional configuration parameters: 


| Input / Variable | Description                            | Default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token      | `$CI_SERVER_URL` |

| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |

| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |

| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |

kicker.json

+19 −1
Original line number Diff line number Diff line
@@ -252,6 +252,24 @@ 
      "name": "isort",

      "description": "Check imports order with [isort](https://pycqa.github.io/isort)",

      "enable_with": "PYTHON_ISORT_ENABLED"

    },

    {

      "id": "ruff",

      "name": "Ruff",

      "description": "An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)",

      "enable_with": "RUFF_ENABLED",

      "variables": [

        {

          "name": "RUFF_ARGS",

          "description": "Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)",

          "advanced": true

        },

        {

          "name": "RUFF_EXT_EXCLUDE",

          "description": "Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files",

          "advanced": true

        }

      ]

    }

  ],

  "variants": [
@@ -299,7 +317,7 @@ 
      "variables": [

        {

          "name": "GCP_OIDC_AUD",

          "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",

          "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_",

          "default": "$CI_SERVER_URL",

          "advanced": true

        },

templates/gitlab-ci-python-gcp.yml

+2 −1
Original line number Diff line number Diff line
@@ -21,7 +21,8 @@ variables: 


.gcp-provider-auth:

  before_script:

    - echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"

    - set -e

    - echo -e "[\\e[1;94mINFO\\e[0m] Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"

    - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"

    - |-

      cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"

templates/gitlab-ci-python.yml

+42 −2
Original line number Diff line number Diff line
@@ -155,6 +155,16 @@ spec: 
      description: Enable isort

      type: boolean

      default: false

    ruff-enabled:

      description: Enable Ruff

      type: boolean

      default: false

    ruff-args:

      description: Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)

      default: ""

    ruff-ext-exclude:

      description: Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files

      default: ""

---

# default workflow rules: Merge Request pipelines

workflow:
@@ -270,6 +280,9 @@ variables: 


  PYTHON_BLACK_ENABLED: $[[ inputs.black-enabled ]]

  PYTHON_ISORT_ENABLED: $[[ inputs.isort-enabled ]]

  RUFF_ENABLED: $[[ inputs.ruff-enabled ]]

  RUFF_ARGS: $[[ inputs.ruff-args ]]

  RUFF_EXT_EXCLUDE: $[[ inputs.ruff-ext-exclude ]]





.python-scripts: &python-scripts |
@@ -759,7 +772,7 @@ variables: 
        poetry build ${TRACE+--verbose}

      fi



      log_info "--- publish packages (poetry)..."

      log_info "--- publish packages (poetry) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."

      poetry config repositories.user_defined "$PYTHON_REPOSITORY_URL"

      poetry publish ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository user_defined

    else
@@ -773,7 +786,7 @@ variables: 
        python -m build

      fi



      log_info "--- publish packages (twine)..."

      log_info "--- publish packages (twine) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."

      twine upload ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository-url "$PYTHON_REPOSITORY_URL" dist/*

    fi

  }
@@ -897,6 +910,33 @@ py-isort: 
      when: never

    - !reference [.test-policy, rules]



py-ruff:

  extends: .python-base

  stage: build

  script:

    - mkdir -p -m 777 reports

    - |  

      if [[  ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" || ${PYTHON_BLACK_ENABLED} == "true" ]]; then

        log_warn "Ruff can replace isort, Black, Bandit, Pylint"

      fi

    # Ruff is self dependent tool (written in Rust), so is can be install alone without project dependency (so not need _pip and _run)

    - pip install ${PIP_OPTS} ruff

    - ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format gitlab --output-file reports/ruff.gitlab.json || ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format grouped 



  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day

    when: always

    reports:

      codequality: $PYTHON_PROJECT_DIR/reports/ruff.gitlab.json

    paths:

      - "$PYTHON_PROJECT_DIR/reports/ruff.gitlab.json"

  rules:

    # exclude if $RUFF_ENABLED not set

    - if: '$RUFF_ENABLED != "true"'

      when: never

    - !reference [.test-policy, rules]



###############################################################################################

#                                      test stage                                             #

###############################################################################################