ci: add precommit dependabot ruff (#673)

python-semantic-release · Aug 13, 2023 · 2ad5c41 · 2ad5c41
1 parent d70fe75
commit 2ad5c41
Show file tree

Hide file tree

Showing 87 changed files with 1,466 additions and 1,119 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,16 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "18:00"
+    commit-message:
+      prefix: "fix(deps)"
+      include: "scope"
+    labels:
+      - dependencies
+    open-pull-requests-limit: 10
+    rebase-strategy: auto
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -5,15 +5,16 @@ on:
   push:
     branches:
       - master
-      - "8.0.x"
+      - main
+      - "pre/*"
 
 jobs:
   test:
     name: Python ${{ matrix.python-version }} tests
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ "3.7", "3.8", "3.9", "3.10", "3.11" ]
+        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
 
     steps:
       - uses: actions/checkout@v3
@@ -38,7 +39,7 @@ jobs:
       - name: pytest
         run: PYTHONHASHSEED=123345 python -m pytest -v tests
 
-  mypy:
+  lint:
     runs-on: ubuntu-latest
 
     steps:
@@ -47,16 +48,21 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: 3.8
-      - name: Install mypy & stubs packages
-        run: python -m pip install .[mypy]
+      - name: Install mypy & dev packages
+        run: |
+          python -m pip install ".[dev, mypy]"
+      - name: ruff
+        run: |
+          python -m ruff check . --config pyproject.toml --diff --show-source
       - name: mypy
-        run: python -m mypy --ignore-missing-imports semantic_release
+        run: |
+          python -m mypy --ignore-missing-imports semantic_release
 
   beautify:
     name: Beautify
     runs-on: ubuntu-latest
     concurrency: push
-    needs: [ test, mypy ]
+    needs: [test, lint]
     outputs:
       new_sha: ${{ steps.sha.outputs.SHA }}
     permissions:
@@ -78,13 +84,6 @@ jobs:
       - name: Beautify with Black
         run: python -m black .
 
-      - name: Install isort
-        run: python -m pip install "isort >=5,<6"
-        # https://pycqa.github.io/isort/docs/upgrade_guides/5.0.0.html
-        # removed deprecated "-rc" and "-y" arguments
-      - name: Sort imports
-        run: python -m isort .
-
       - name: Commit and push changes
         uses: github-actions-x/commit@v2.9
         with:
@@ -103,7 +102,7 @@ jobs:
     name: Semantic Release
     runs-on: ubuntu-latest
     concurrency: push
-    needs: [ test, mypy, beautify ]
+    needs: [test, lint, beautify]
     if: github.repository == 'python-semantic-release/python-semantic-release'
     permissions:
       # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#metadata

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -36,7 +36,7 @@ jobs:
       - name: pytest
         run: PYTHONHASHSEED=123345 python -m pytest -v tests
 
-  mypy:
+  lint:
     runs-on: ubuntu-latest
 
     steps:
@@ -45,8 +45,12 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: 3.8
-      - name: Install mypy & stubs packages
-        run: python -m pip install .[mypy]
+      - name: Install mypy & dev packages
+        run: |
+          python -m pip install ".[dev, mypy]"
+      - name: ruff
+        run: |
+          python -m ruff check . --config pyproject.toml --diff --show-source
       - name: mypy
         run: python -m mypy --ignore-missing-imports semantic_release
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,117 @@
+---
+default_language_version:
+  python: python3.8
+
+repos:
+  # Meta hooks
+  - repo: meta
+    hooks:
+      - id: check-hooks-apply
+      - id: check-useless-excludes
+
+  # Security & credential scanning/alerting
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: debug-statements
+      - id: detect-aws-credentials
+        args: [ "--allow-missing-credentials" ]
+      - id: detect-private-key
+      - id: check-builtin-literals
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+      - id: check-yaml
+      - id: check-toml
+      - id: check-case-conflict
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-merge-conflict
+      - id: mixed-line-ending
+      - id: check-ast
+
+  # Formatters that may modify source files automatically
+  - repo: https://github.com/psf/black
+    rev: 23.7.0
+    hooks:
+      - id: black
+  - repo: https://github.com/adamchainz/blacken-docs
+    rev: 1.15.0
+    hooks:
+      - id: blacken-docs
+        additional_dependencies: [ "black==23.7.0" ]
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.9.0
+    hooks:
+      - id: pyupgrade
+        args: [ "--py37-plus", "--keep-runtime-typing" ]
+
+  # Linters and validation
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.0.282
+    hooks:
+      - id: ruff
+        args:
+          - "--fix"
+          - "--exit-non-zero-on-fix"
+          - "--statistics"
+          - "--format=text"
+          - "."
+        pass_filenames: false
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: "v1.4.1"
+    hooks:
+      - id: mypy
+        args: [ "--config-file", "pyproject.toml" ]
+        additional_dependencies:
+          - "pydantic>1.10.11,<2"
+          - "types-requests"
+        log_file: "mypy.log"
+        files: "^semantic_release/.*"
+        pass_filenames: false
+
+  - repo: https://github.com/pre-commit/pygrep-hooks
+    rev: v1.10.0
+    hooks:
+      # - id: python-use-type-annotations
+      - id: python-check-blanket-noqa
+      - id: python-check-blanket-type-ignore
+      - id: python-check-mock-methods
+      - id: python-no-eval
+      - id: python-no-log-warn
+      - id: rst-backticks
+      - id: rst-directive-colons
+      - id: rst-inline-touching-normal
+
+  - repo: https://github.com/jendrikseipp/vulture
+    rev: "v2.7"
+    hooks:
+      - id: vulture
+        args:
+          - --min-confidence
+          - "100"
+          - --sort-by-size
+          - "semantic_release"
+          - "tests"
+
+  - repo: https://github.com/pycqa/bandit
+    rev: 1.7.5
+    hooks:
+      - id: bandit
+        args:
+          - "-c"
+          - "pyproject.toml"
+          - "--quiet"
+          - "semantic_release/"
+        # Needed if using pyproject.toml for config
+        additional_dependencies: [ "bandit[toml]" ]
+        pass_filenames: false
+
+  # GHA linting
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: "0.23.3"
+    hooks:
+      - id: check-github-workflows
+      - id: check-readthedocs
+      - id: check-dependabot