Merge branch 'feat/ruff' into 'master'

Feat/ruff See merge request to-be-continuous/python!101

Merge branch 'feat/ruff' into 'master'
5a53920f · Pierre Smeyers · 5f78c734 · ef364ef6 · 5a53920f · 5a53920f
Commit 5a53920f authored 1 year ago by Pierre Smeyers
--- a/README.md
+++ b/README.md
@@ -282,6 +282,17 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/
 | ---------------- | ----------------------------------------------------------------------- | ----------------- |
 | `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job               | _none_ (disabled) |

+### `py-ruff` job
+
+This job **disabled by default** and runs [Ruff](https://docs.astral.sh/ruff/) on the repo. It is bound to the build stage.
+
+| Input / Variable | Description                                                             | Default value     |
+| ---------------- | ----------------------------------------------------------------------- | ----------------- |
+| `ruff-enabled` / `RUFF_ENABLED` | Set to `true` to enable ruff job                  | _none_ (disabled) |
+| `ruff-args` / `RUFF_ARGS` | Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)     | _none_           |
+| `ruff-ext-exclude` / `RUFF_EXT_EXCLUDE` | Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files                             | _.venv,.cache_   |
+
+:warning: Ruff can replace isort, Black, Bandit, Pylint and much more. [More info](https://github.com/astral-sh/ruff/blob/main/docs/faq.md#which-tools-does-ruff-replace). 

 ### SonarQube analysis

@@ -504,7 +515,7 @@ The variant requires the additional configuration parameters:

 | Input / Variable | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
-| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token      | `$CI_SERVER_URL` |
+| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |
 | `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
 | `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |


--- a/kicker.json
+++ b/kicker.json
@@ -252,6 +252,24 @@
      "name": "isort",
      "description": "Check imports order with [isort](https://pycqa.github.io/isort)",
      "enable_with": "PYTHON_ISORT_ENABLED"
+    },
+    {
+      "id": "ruff",
+      "name": "Ruff",
+      "description": "An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)",
+      "enable_with": "RUFF_ENABLED",
+      "variables": [
+        {
+          "name": "RUFF_ARGS",
+          "description": "Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)",
+          "advanced": true
+        },
+        {
+          "name": "RUFF_EXT_EXCLUDE",
+          "description": "Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files",
+          "advanced": true
+        }
+      ]
    }
  ],
  "variants": [
@@ -299,7 +317,7 @@
      "variables": [
        {
          "name": "GCP_OIDC_AUD",
-          "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
+          "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_",
          "default": "$CI_SERVER_URL",
          "advanced": true
        },

--- a/templates/gitlab-ci-python-gcp.yml
+++ b/templates/gitlab-ci-python-gcp.yml
@@ -21,7 +21,8 @@ variables:

 .gcp-provider-auth:
  before_script:
-    - echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
+    - set -e
+    - echo -e "[\\e[1;94mINFO\\e[0m] Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
    - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
    - |-
      cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"

--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -155,6 +155,16 @@ spec:
      description: Enable isort
      type: boolean
      default: false
+    ruff-enabled:
+      description: Enable Ruff
+      type: boolean
+      default: false
+    ruff-args:
+      description: Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)
+      default: ""
+    ruff-ext-exclude:
+      description: Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files
+      default: ""
 ---
 # default workflow rules: Merge Request pipelines
 workflow:
@@ -270,6 +280,9 @@ variables:

  PYTHON_BLACK_ENABLED: $[[ inputs.black-enabled ]]
  PYTHON_ISORT_ENABLED: $[[ inputs.isort-enabled ]]
+  RUFF_ENABLED: $[[ inputs.ruff-enabled ]]
+  RUFF_ARGS: $[[ inputs.ruff-args ]]
+  RUFF_EXT_EXCLUDE: $[[ inputs.ruff-ext-exclude ]]


 .python-scripts: &python-scripts |
@@ -759,7 +772,7 @@ variables:
        poetry build ${TRACE+--verbose}
      fi

-      log_info "--- publish packages (poetry)..."
+      log_info "--- publish packages (poetry) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."
      poetry config repositories.user_defined "$PYTHON_REPOSITORY_URL"
      poetry publish ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository user_defined
    else
@@ -773,7 +786,7 @@ variables:
        python -m build
      fi

-      log_info "--- publish packages (twine)..."
+      log_info "--- publish packages (twine) to $PYTHON_REPOSITORY_URL with user $PYTHON_REPOSITORY_USERNAME..."
      twine upload ${TRACE+--verbose} --username "$PYTHON_REPOSITORY_USERNAME" --password "$PYTHON_REPOSITORY_PASSWORD" --repository-url "$PYTHON_REPOSITORY_URL" dist/*
    fi
  }
@@ -897,6 +910,33 @@ py-isort:
      when: never
    - !reference [.test-policy, rules]

+py-ruff:
+  extends: .python-base
+  stage: build
+  script:
+    - mkdir -p -m 777 reports
+    - |  
+      if [[  ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" || ${PYTHON_BLACK_ENABLED} == "true" ]]; then
+        log_warn "Ruff can replace isort, Black, Bandit, Pylint"
+      fi
+    # Ruff is self dependent tool (written in Rust), so is can be install alone without project dependency (so not need _pip and _run)
+    - pip install ${PIP_OPTS} ruff
+    - ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format gitlab --output-file reports/ruff.gitlab.json || ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format grouped 
+
+  artifacts:
+    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+    expire_in: 1 day
+    when: always
+    reports:
+      codequality: $PYTHON_PROJECT_DIR/reports/ruff.gitlab.json
+    paths:
+      - "$PYTHON_PROJECT_DIR/reports/ruff.gitlab.json"
+  rules:
+    # exclude if $RUFF_ENABLED not set
+    - if: '$RUFF_ENABLED != "true"'
+      when: never
+    - !reference [.test-policy, rules]
+
 ###############################################################################################
 #                                      test stage                                             #
 ###############################################################################################