Skip to content
Snippets Groups Projects
Commit 5a53920f authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/ruff' into 'master'

Feat/ruff

See merge request to-be-continuous/python!101
parents 5f78c734 ef364ef6
Branches
Tags
No related merge requests found
......@@ -282,6 +282,17 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/
| ---------------- | ----------------------------------------------------------------------- | ----------------- |
| `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job | _none_ (disabled) |
### `py-ruff` job
This job **disabled by default** and runs [Ruff](https://docs.astral.sh/ruff/) on the repo. It is bound to the build stage.
| Input / Variable | Description | Default value |
| ---------------- | ----------------------------------------------------------------------- | ----------------- |
| `ruff-enabled` / `RUFF_ENABLED` | Set to `true` to enable ruff job | _none_ (disabled) |
| `ruff-args` / `RUFF_ARGS` | Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface) | _none_ |
| `ruff-ext-exclude` / `RUFF_EXT_EXCLUDE` | Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files | _.venv,.cache_ |
:warning: Ruff can replace isort, Black, Bandit, Pylint and much more. [More info](https://github.com/astral-sh/ruff/blob/main/docs/faq.md#which-tools-does-ruff-replace).
### SonarQube analysis
......@@ -504,7 +515,7 @@ The variant requires the additional configuration parameters:
| Input / Variable | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- |
| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token | `$CI_SERVER_URL` |
| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |
| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |
......
......@@ -252,6 +252,24 @@
"name": "isort",
"description": "Check imports order with [isort](https://pycqa.github.io/isort)",
"enable_with": "PYTHON_ISORT_ENABLED"
},
{
"id": "ruff",
"name": "Ruff",
"description": "An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)",
"enable_with": "RUFF_ENABLED",
"variables": [
{
"name": "RUFF_ARGS",
"description": "Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)",
"advanced": true
},
{
"name": "RUFF_EXT_EXCLUDE",
"description": "Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files",
"advanced": true
}
]
}
],
"variants": [
......@@ -299,7 +317,7 @@
"variables": [
{
"name": "GCP_OIDC_AUD",
"description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
"description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_",
"default": "$CI_SERVER_URL",
"advanced": true
},
......
......@@ -21,7 +21,8 @@ variables:
.gcp-provider-auth:
before_script:
- echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
- set -e
- echo -e "[\\e[1;94mINFO\\e[0m] Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
- echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
- |-
cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"
......
......@@ -155,6 +155,16 @@ spec:
description: Enable isort
type: boolean
default: false
ruff-enabled:
description: Enable Ruff
type: boolean
default: false
ruff-args:
description: Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)
default: ""
ruff-ext-exclude:
description: Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files
default: ""
---
# default workflow rules: Merge Request pipelines
workflow:
......@@ -270,6 +280,9 @@ variables:
PYTHON_BLACK_ENABLED: $[[ inputs.black-enabled ]]
PYTHON_ISORT_ENABLED: $[[ inputs.isort-enabled ]]
RUFF_ENABLED: $[[ inputs.ruff-enabled ]]
RUFF_ARGS: $[[ inputs.ruff-args ]]
RUFF_EXT_EXCLUDE: $[[ inputs.ruff-ext-exclude ]]
.python-scripts: &python-scripts |
......@@ -759,7 +772,7 @@ variables:
poetry build ${TRACE+--verbose}
fi
log_info "--- publish packages (poetry)..."
log_info "--- publish packages (poetry) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."
poetry config repositories.user_defined "$PYTHON_REPOSITORY_URL"
poetry publish ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository user_defined
else
......@@ -773,7 +786,7 @@ variables:
python -m build
fi
log_info "--- publish packages (twine)..."
log_info "--- publish packages (twine) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."
twine upload ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository-url "$PYTHON_REPOSITORY_URL" dist/*
fi
}
......@@ -897,6 +910,33 @@ py-isort:
when: never
- !reference [.test-policy, rules]
py-ruff:
extends: .python-base
stage: build
script:
- mkdir -p -m 777 reports
- |
if [[ ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" || ${PYTHON_BLACK_ENABLED} == "true" ]]; then
log_warn "Ruff can replace isort, Black, Bandit, Pylint"
fi
# Ruff is self dependent tool (written in Rust), so is can be install alone without project dependency (so not need _pip and _run)
- pip install ${PIP_OPTS} ruff
- ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format gitlab --output-file reports/ruff.gitlab.json || ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format grouped
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
reports:
codequality: $PYTHON_PROJECT_DIR/reports/ruff.gitlab.json
paths:
- "$PYTHON_PROJECT_DIR/reports/ruff.gitlab.json"
rules:
# exclude if $RUFF_ENABLED not set
- if: '$RUFF_ENABLED != "true"'
when: never
- !reference [.test-policy, rules]
###############################################################################################
# test stage #
###############################################################################################
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment