diff --git a/README.md b/README.md index 47d6837d5c5f56a11f6c855e7686fbb80ff84f31..7147a36836aee04b20efe9fecec852dce6a117a2 100644 --- a/README.md +++ b/README.md @@ -282,6 +282,17 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/ | ---------------- | ----------------------------------------------------------------------- | ----------------- | | `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job | _none_ (disabled) | +### `py-ruff` job + +This job **disabled by default** and runs [Ruff](https://docs.astral.sh/ruff/) on the repo. It is bound to the build stage. + +| Input / Variable | Description | Default value | +| ---------------- | ----------------------------------------------------------------------- | ----------------- | +| `ruff-enabled` / `RUFF_ENABLED` | Set to `true` to enable ruff job | _none_ (disabled) | +| `ruff-args` / `RUFF_ARGS` | Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface) | _none_ | +| `ruff-ext-exclude` / `RUFF_EXT_EXCLUDE` | Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files | _.venv,.cache_ | + +:warning: Ruff can replace isort, Black, Bandit, Pylint and much more. [More info](https://github.com/astral-sh/ruff/blob/main/docs/faq.md#which-tools-does-ruff-replace). ### SonarQube analysis @@ -504,7 +515,7 @@ The variant requires the additional configuration parameters: | Input / Variable | Description | Default value | | ----------------- | -------------------------------------- | ----------------- | -| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token | `$CI_SERVER_URL` | +| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` | | `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ | | `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ | diff --git a/kicker.json b/kicker.json index 128cce4878a3c4949cd9c141da58b31e864c9c71..84ed9a0f2c8c2f702261e2f76ad385995cc0931e 100644 --- a/kicker.json +++ b/kicker.json @@ -252,6 +252,24 @@ "name": "isort", "description": "Check imports order with [isort](https://pycqa.github.io/isort)", "enable_with": "PYTHON_ISORT_ENABLED" + }, + { + "id": "ruff", + "name": "Ruff", + "description": "An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)", + "enable_with": "RUFF_ENABLED", + "variables": [ + { + "name": "RUFF_ARGS", + "description": "Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)", + "advanced": true + }, + { + "name": "RUFF_EXT_EXCLUDE", + "description": "Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files", + "advanced": true + } + ] } ], "variants": [ @@ -299,7 +317,7 @@ "variables": [ { "name": "GCP_OIDC_AUD", - "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_", + "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_", "default": "$CI_SERVER_URL", "advanced": true }, diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml index 0bd873adfc3a8f63d6182f73ef027708d7a3615e..b2e2becf544c29c1f339fa79973de1c315db12c8 100644 --- a/templates/gitlab-ci-python.yml +++ b/templates/gitlab-ci-python.yml @@ -155,6 +155,16 @@ spec: description: Enable isort type: boolean default: false + ruff-enabled: + description: Enable Ruff + type: boolean + default: false + ruff-args: + description: Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface) + default: "" + ruff-ext-exclude: + description: Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files + default: "" --- # default workflow rules: Merge Request pipelines workflow: @@ -270,6 +280,9 @@ variables: PYTHON_BLACK_ENABLED: $[[ inputs.black-enabled ]] PYTHON_ISORT_ENABLED: $[[ inputs.isort-enabled ]] + RUFF_ENABLED: $[[ inputs.ruff-enabled ]] + RUFF_ARGS: $[[ inputs.ruff-args ]] + RUFF_EXT_EXCLUDE: $[[ inputs.ruff-ext-exclude ]] .python-scripts: &python-scripts | @@ -897,6 +910,33 @@ py-isort: when: never - !reference [.test-policy, rules] +py-ruff: + extends: .python-base + stage: build + script: + - mkdir -p -m 777 reports + - | + if [[ ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" || ${PYTHON_BLACK_ENABLED} == "true" ]]; then + log_warn "Ruff can replace isort, Black, Bandit, Pylint" + fi + # Ruff is self dependent tool (written in Rust), so is can be install alone without project dependency (so not need _pip and _run) + - pip install ${PIP_OPTS} ruff + - ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format gitlab --output-file reports/ruff.gitlab.json || ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format grouped + + artifacts: + name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" + expire_in: 1 day + when: always + reports: + codequality: $PYTHON_PROJECT_DIR/reports/ruff.gitlab.json + paths: + - "$PYTHON_PROJECT_DIR/reports/ruff.gitlab.json" + rules: + # exclude if $RUFF_ENABLED not set + - if: '$RUFF_ENABLED != "true"' + when: never + - !reference [.test-policy, rules] + ############################################################################################### # test stage # ###############################################################################################