Python
/
ruff
mirror of https://github.com/astral-sh/ruff
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `actionlint` as a pre-commit hook (with shellcheck integration) (#15021)

This commit is contained in:
Alex Waygood 2024-12-16 17:32:49 +00:00 committed by GitHub
parent 50739f91dc
commit 712c886749
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 61 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/actionlint.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
# Configuration for the actionlint tool, which we run via pre-commit
# to verify the correctness of the syntax in our GitHub Actions workflows.
self-hosted-runner:
# Various runners we use that aren't recognized out-of-the-box by actionlint:
labels:
- depot-ubuntu-latest-8
- depot-ubuntu-22.04-16
- windows-latest-xlarge

8
.github/workflows/build-binaries.yml vendored
View File

@ -53,7 +53,7 @@ jobs:
args: --out dist args: --out dist
- name: "Test sdist" - name: "Test sdist"
run: | run: |
pip install dist/${PACKAGE_NAME}-*.tar.gz --force-reinstall pip install dist/"${PACKAGE_NAME}"-*.tar.gz --force-reinstall
"${MODULE_NAME}" --help "${MODULE_NAME}" --help
python -m "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help
- name: "Upload sdist" - name: "Upload sdist"
@ -125,7 +125,7 @@ jobs:
args: --release --locked --out dist args: --release --locked --out dist
- name: "Test wheel - aarch64" - name: "Test wheel - aarch64"
run: | run: |
pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
ruff --help ruff --help
python -m ruff --help python -m ruff --help
- name: "Upload wheels" - name: "Upload wheels"
@ -186,7 +186,7 @@ jobs:
if: ${{ !startsWith(matrix.platform.target, 'aarch64') }} if: ${{ !startsWith(matrix.platform.target, 'aarch64') }}
shell: bash shell: bash
run: | run: |
python -m pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall python -m pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
"${MODULE_NAME}" --help "${MODULE_NAME}" --help
python -m "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help
- name: "Upload wheels" - name: "Upload wheels"
@ -236,7 +236,7 @@ jobs:
- name: "Test wheel" - name: "Test wheel"
if: ${{ startsWith(matrix.target, 'x86_64') }} if: ${{ startsWith(matrix.target, 'x86_64') }}
run: | run: |
pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
"${MODULE_NAME}" --help "${MODULE_NAME}" --help
python -m "${MODULE_NAME}" --help python -m "${MODULE_NAME}" --help
- name: "Upload wheels" - name: "Upload wheels"

3
.github/workflows/build-docker.yml vendored
View File

@ -142,6 +142,7 @@ jobs:
# The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
# The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...` # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
run: | run: |
# shellcheck disable=SC2046
docker buildx imagetools create \ docker buildx imagetools create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf "${RUFF_BASE_IMG}@sha256:%s " *) $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
@ -286,6 +287,8 @@ jobs:
# The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...` # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
run: | run: |
readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done
# shellcheck disable=SC2046
docker buildx imagetools create \ docker buildx imagetools create \
"${annotations[@]}" \ "${annotations[@]}" \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \

20
.github/workflows/ci.yaml vendored
View File

@ -438,7 +438,7 @@ jobs:
ruff-ecosystem check ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown | tee ecosystem-result-check-stable ruff-ecosystem check ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown | tee ecosystem-result-check-stable
cat ecosystem-result-check-stable > $GITHUB_STEP_SUMMARY cat ecosystem-result-check-stable > "$GITHUB_STEP_SUMMARY"
echo "### Linter (stable)" > ecosystem-result echo "### Linter (stable)" > ecosystem-result
cat ecosystem-result-check-stable >> ecosystem-result cat ecosystem-result-check-stable >> ecosystem-result
echo "" >> ecosystem-result echo "" >> ecosystem-result
@ -454,7 +454,7 @@ jobs:
ruff-ecosystem check ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown --force-preview | tee ecosystem-result-check-preview ruff-ecosystem check ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown --force-preview | tee ecosystem-result-check-preview
cat ecosystem-result-check-preview > $GITHUB_STEP_SUMMARY cat ecosystem-result-check-preview > "$GITHUB_STEP_SUMMARY"
echo "### Linter (preview)" >> ecosystem-result echo "### Linter (preview)" >> ecosystem-result
cat ecosystem-result-check-preview >> ecosystem-result cat ecosystem-result-check-preview >> ecosystem-result
echo "" >> ecosystem-result echo "" >> ecosystem-result
@ -470,7 +470,7 @@ jobs:
ruff-ecosystem format ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown | tee ecosystem-result-format-stable ruff-ecosystem format ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown | tee ecosystem-result-format-stable
cat ecosystem-result-format-stable > $GITHUB_STEP_SUMMARY cat ecosystem-result-format-stable > "$GITHUB_STEP_SUMMARY"
echo "### Formatter (stable)" >> ecosystem-result echo "### Formatter (stable)" >> ecosystem-result
cat ecosystem-result-format-stable >> ecosystem-result cat ecosystem-result-format-stable >> ecosystem-result
echo "" >> ecosystem-result echo "" >> ecosystem-result
@ -486,7 +486,7 @@ jobs:
ruff-ecosystem format ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown --force-preview | tee ecosystem-result-format-preview ruff-ecosystem format ./ruff ${{ steps.ruff-target.outputs.download-path }}/ruff --cache ./checkouts --output-format markdown --force-preview | tee ecosystem-result-format-preview
cat ecosystem-result-format-preview > $GITHUB_STEP_SUMMARY cat ecosystem-result-format-preview > "$GITHUB_STEP_SUMMARY"
echo "### Formatter (preview)" >> ecosystem-result echo "### Formatter (preview)" >> ecosystem-result
cat ecosystem-result-format-preview >> ecosystem-result cat ecosystem-result-format-preview >> ecosystem-result
echo "" >> ecosystem-result echo "" >> ecosystem-result
@ -570,13 +570,13 @@ jobs:
key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
- name: "Run pre-commit" - name: "Run pre-commit"
run: | run: |
echo '```console' > $GITHUB_STEP_SUMMARY echo '```console' > "$GITHUB_STEP_SUMMARY"
# Enable color output for pre-commit and remove it for the summary # Enable color output for pre-commit and remove it for the summary
SKIP=cargo-fmt,clippy,dev-generate-all pre-commit run --all-files --show-diff-on-failure --color=always | \ SKIP=cargo-fmt,clippy,dev-generate-all pre-commit run --all-files --show-diff-on-failure --color=always | \
tee >(sed -E 's/\x1B\[([0-9]{1,2}(;[0-9]{1,2})*)?[mGK]//g' >> $GITHUB_STEP_SUMMARY) >&1 tee >(sed -E 's/\x1B\[([0-9]{1,2}(;[0-9]{1,2})*)?[mGK]//g' >> "$GITHUB_STEP_SUMMARY") >&1
exit_code=${PIPESTATUS[0]} exit_code="${PIPESTATUS[0]}"
echo '```' >> $GITHUB_STEP_SUMMARY echo '```' >> "$GITHUB_STEP_SUMMARY"
exit $exit_code exit "$exit_code"
docs: docs:
name: "mkdocs" name: "mkdocs"
@ -637,7 +637,7 @@ jobs:
- name: "Run checks" - name: "Run checks"
run: scripts/formatter_ecosystem_checks.sh run: scripts/formatter_ecosystem_checks.sh
- name: "Github step summary" - name: "Github step summary"
run: cat target/formatter-ecosystem/stats.txt > $GITHUB_STEP_SUMMARY run: cat target/formatter-ecosystem/stats.txt > "$GITHUB_STEP_SUMMARY"
- name: "Remove checkouts from cache" - name: "Remove checkouts from cache"
run: rm -r target/formatter-ecosystem run: rm -r target/formatter-ecosystem

1
.github/workflows/daily_fuzz.yaml vendored
View File

@ -46,6 +46,7 @@ jobs:
run: cargo build --locked run: cargo build --locked
- name: Fuzz - name: Fuzz
run: | run: |
# shellcheck disable=SC2046
( (
uvx \ uvx \
--python=3.12 \ --python=3.12 \

8
.github/workflows/pr-comment.yaml vendored
View File

@ -30,7 +30,7 @@ jobs:
run: | run: |
if [[ -f pr-number ]] if [[ -f pr-number ]]
then then
echo "pr-number=$(<pr-number)" >> $GITHUB_OUTPUT echo "pr-number=$(<pr-number)" >> "$GITHUB_OUTPUT"
fi fi
- uses: dawidd6/action-download-artifact@v7 - uses: dawidd6/action-download-artifact@v7
@ -66,9 +66,9 @@ jobs:
cat pr/ecosystem/ecosystem-result >> comment.txt cat pr/ecosystem/ecosystem-result >> comment.txt
echo "" >> comment.txt echo "" >> comment.txt
echo 'comment<<EOF' >> $GITHUB_OUTPUT echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
cat comment.txt >> $GITHUB_OUTPUT cat comment.txt >> "$GITHUB_OUTPUT"
echo 'EOF' >> $GITHUB_OUTPUT echo 'EOF' >> "$GITHUB_OUTPUT"
- name: Find existing comment - name: Find existing comment
uses: peter-evans/find-comment@v3 uses: peter-evans/find-comment@v3

20
.github/workflows/publish-docs.yml vendored
View File

@ -44,8 +44,8 @@ jobs:
# Use version as display name for now # Use version as display name for now
display_name="$version" display_name="$version"
echo "version=$version" >> $GITHUB_ENV echo "version=$version" >> "$GITHUB_ENV"
echo "display_name=$display_name" >> $GITHUB_ENV echo "display_name=$display_name" >> "$GITHUB_ENV"
- name: "Set branch name" - name: "Set branch name"
run: | run: |
@ -55,8 +55,8 @@ jobs:
# characters disallowed in git branch names with hyphens # characters disallowed in git branch names with hyphens
branch_display_name="$(echo "${display_name}" | tr -c '[:alnum:]._' '-' | tr -s '-')" branch_display_name="$(echo "${display_name}" | tr -c '[:alnum:]._' '-' | tr -s '-')"
echo "branch_name=update-docs-$branch_display_name-$timestamp" >> $GITHUB_ENV echo "branch_name=update-docs-$branch_display_name-$timestamp" >> "$GITHUB_ENV"
echo "timestamp=$timestamp" >> $GITHUB_ENV echo "timestamp=$timestamp" >> "$GITHUB_ENV"
- name: "Add SSH key" - name: "Add SSH key"
if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }} if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
@ -112,7 +112,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }} GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }}
run: | run: |
# set the PR title # set the PR title
pull_request_title="Update ruff documentation for "${display_name}"" pull_request_title="Update ruff documentation for ${display_name}"
# Delete any existing pull requests that are open for this version # Delete any existing pull requests that are open for this version
# by checking against pull_request_title because the new PR will # by checking against pull_request_title because the new PR will
@ -124,10 +124,12 @@ jobs:
git push origin "${branch_name}" git push origin "${branch_name}"
# create the PR # create the PR
gh pr create --base main --head "${branch_name}" \ gh pr create \
--title "$pull_request_title" \ --base=main \
--body "Automated documentation update for "${display_name}"" \ --head="${branch_name}" \
--label "documentation" --title="${pull_request_title}" \
--body="Automated documentation update for ${display_name}" \
--label="documentation"
- name: "Merge Pull Request" - name: "Merge Pull Request"
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}

2
.github/workflows/sync_typeshed.yaml vendored
View File

@ -59,7 +59,7 @@ jobs:
run: | run: |
cd ruff cd ruff
git push --force origin typeshedbot/sync-typeshed git push --force origin typeshedbot/sync-typeshed
gh pr list --repo $GITHUB_REPOSITORY --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr gh pr list --repo "$GITHUB_REPOSITORY" --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr
gh pr create --title "Sync vendored typeshed stubs" --body "Close and reopen this PR to trigger CI" --label "internal" gh pr create --title "Sync vendored typeshed stubs" --body "Close and reopen this PR to trigger CI" --label "internal"
create-issue-on-failure: create-issue-on-failure:

18
.pre-commit-config.yaml
View File

@ -100,5 +100,23 @@ repos:
hooks: hooks:
- id: check-github-workflows - id: check-github-workflows
# `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
# Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
- repo: https://github.com/rhysd/actionlint
rev: v1.7.4
hooks:
- id: actionlint
# `release.yml` is autogenerated by `dist`; issues need to be fixed there
# (https://opensource.axo.dev/cargo-dist/)
exclude: .github/workflows/release.yml
args:
- "-ignore=SC2129" # ignorable stylistic lint from shellcheck
- "-ignore=SC2016" # another shellcheck lint: seems to have false positives?
additional_dependencies:
# actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
# and checks these with shellcheck. This is arguably its most useful feature,
# but the integration only works if shellcheck is installed
- "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0"
ci: ci:
skip: [cargo-fmt, dev-generate-all] skip: [cargo-fmt, dev-generate-all]