diff --git a/README.md b/README.md
index 47d6837d5c5f56a11f6c855e7686fbb80ff84f31..7147a36836aee04b20efe9fecec852dce6a117a2 100644
--- a/README.md
+++ b/README.md
@@ -282,6 +282,17 @@ This job **disabled by default** and runs [isort](https://pycqa.github.io/isort/
| ---------------- | ----------------------------------------------------------------------- | ----------------- |
| `isort-enabled` / `PYTHON_ISORT_ENABLED` | Set to `true` to enable isort job | _none_ (disabled) |
+### `py-ruff` job
+
+This job **disabled by default** and runs [Ruff](https://docs.astral.sh/ruff/) on the repo. It is bound to the build stage.
+
+| Input / Variable | Description | Default value |
+| ---------------- | ----------------------------------------------------------------------- | ----------------- |
+| `ruff-enabled` / `RUFF_ENABLED` | Set to `true` to enable ruff job | _none_ (disabled) |
+| `ruff-args` / `RUFF_ARGS` | Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface) | _none_ |
+| `ruff-ext-exclude` / `RUFF_EXT_EXCLUDE` | Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files | _.venv,.cache_ |
+
+:warning: Ruff can replace isort, Black, Bandit, Pylint and much more. [More info](https://github.com/astral-sh/ruff/blob/main/docs/faq.md#which-tools-does-ruff-replace).
### SonarQube analysis
@@ -504,7 +515,7 @@ The variant requires the additional configuration parameters:
| Input / Variable | Description | Default value |
| ----------------- | -------------------------------------- | ----------------- |
-| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token | `$CI_SERVER_URL` |
+| `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_ | `$CI_SERVER_URL` |
| `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
| `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |
diff --git a/kicker.json b/kicker.json
index 128cce4878a3c4949cd9c141da58b31e864c9c71..84ed9a0f2c8c2f702261e2f76ad385995cc0931e 100644
--- a/kicker.json
+++ b/kicker.json
@@ -252,6 +252,24 @@
"name": "isort",
"description": "Check imports order with [isort](https://pycqa.github.io/isort)",
"enable_with": "PYTHON_ISORT_ENABLED"
+ },
+ {
+ "id": "ruff",
+ "name": "Ruff",
+ "description": "An extremely fast Python linter and code formatter, written in Rust. [Ruff](https://docs.astral.sh/ruff/)",
+ "enable_with": "RUFF_ENABLED",
+ "variables": [
+ {
+ "name": "RUFF_ARGS",
+ "description": "Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)",
+ "advanced": true
+ },
+ {
+ "name": "RUFF_EXT_EXCLUDE",
+ "description": "Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files",
+ "advanced": true
+ }
+ ]
}
],
"variants": [
@@ -299,7 +317,7 @@
"variables": [
{
"name": "GCP_OIDC_AUD",
- "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_",
+ "description": "The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))_",
"default": "$CI_SERVER_URL",
"advanced": true
},
diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml
index 0bd873adfc3a8f63d6182f73ef027708d7a3615e..b2e2becf544c29c1f339fa79973de1c315db12c8 100644
--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -155,6 +155,16 @@ spec:
description: Enable isort
type: boolean
default: false
+ ruff-enabled:
+ description: Enable Ruff
+ type: boolean
+ default: false
+ ruff-args:
+ description: Additional [Ruff Linter CLI options](https://docs.astral.sh/ruff/configuration/#full-command-line-interface)
+ default: ""
+ ruff-ext-exclude:
+ description: Define [extend-exclude](https://docs.astral.sh/ruff/settings/#extend-exclude) files
+ default: ""
---
# default workflow rules: Merge Request pipelines
workflow:
@@ -270,6 +280,9 @@ variables:
PYTHON_BLACK_ENABLED: $[[ inputs.black-enabled ]]
PYTHON_ISORT_ENABLED: $[[ inputs.isort-enabled ]]
+ RUFF_ENABLED: $[[ inputs.ruff-enabled ]]
+ RUFF_ARGS: $[[ inputs.ruff-args ]]
+ RUFF_EXT_EXCLUDE: $[[ inputs.ruff-ext-exclude ]]
.python-scripts: &python-scripts |
@@ -897,6 +910,33 @@ py-isort:
when: never
- !reference [.test-policy, rules]
+py-ruff:
+ extends: .python-base
+ stage: build
+ script:
+ - mkdir -p -m 777 reports
+ - |
+ if [[ ${BANDIT_ENABLED} == "true" || ${PYLINT_ENABLED} == "true" || ${PYTHON_ISORT_ENABLED} == "true" || ${PYTHON_BLACK_ENABLED} == "true" ]]; then
+ log_warn "Ruff can replace isort, Black, Bandit, Pylint"
+ fi
+ # Ruff is self dependent tool (written in Rust), so is can be install alone without project dependency (so not need _pip and _run)
+ - pip install ${PIP_OPTS} ruff
+ - ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format gitlab --output-file reports/ruff.gitlab.json || ruff check . ${RUFF_ARGS} ${RUFF_EXCLUDE:---extend-exclude .venv,.cache} --output-format grouped
+
+ artifacts:
+ name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+ expire_in: 1 day
+ when: always
+ reports:
+ codequality: $PYTHON_PROJECT_DIR/reports/ruff.gitlab.json
+ paths:
+ - "$PYTHON_PROJECT_DIR/reports/ruff.gitlab.json"
+ rules:
+ # exclude if $RUFF_ENABLED not set
+ - if: '$RUFF_ENABLED != "true"'
+ when: never
+ - !reference [.test-policy, rules]
+
###############################################################################################
# test stage #
###############################################################################################