Merge pull request #142 from unicef/feature/ruffing

Switch to Ruff

.bumpversion.cfg

@@ -9,15 +9,15 @@ parse = ^
 	(-?(?P<prekind>(rc|final))
 	(?P<pre>\d+)  # pre-release version num
 	)?
-serialize = 
+serialize =
 	{major}.{minor}.{patch}-{prekind}{pre}
 	{major}.{minor}.{patch}
 
 [bumpversion:file:pyproject.toml]
 
 [bumpversion:part:prekind]
 optional_value = _
-values = 
+values =
 	_
 	rc
 	_

.github/actions/delete_docker/action.yml

@@ -1,4 +1,3 @@
-# ref: https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action
 name: 'Delete Docker Image'
 description: 'Delete Docker Image from Registry'
 inputs:
@@ -19,12 +18,6 @@ inputs:
     required: false
     default: "https://hub.docker.com/v2"
 
-
-outputs:
-  checksum: # id of output
-    description: 'The time we greeted you'
-    value: ${{ steps.calc.outputs.checksum }}
-
 runs:
   using: 'composite'
   steps:
@@ -35,38 +28,17 @@ runs:
         name=${{ inputs.image }}
         tag=${{ inputs.tag }}
 
-        echo "::notice:: 111111111 Deleting Image ${name}:${tag}"
-      
-        TOKEN=$(\
-        curl \
-        --silent \
-        --header "Content-Type: application/json" \
-        --request POST \
-        --data '{"username": "'${{ inputs.username }}'", "password": "'${{ inputs.password }}'" }' \
-         ${registry}/users/login/ \
-         | jq -r .token\
-       )
-            
-       curl -X DELETE \
-         --header "Authorization: JWT ${TOKEN}" \
-         --header "Accept: application/json" \
-         ${registry}/repositories/${name}/tags/${tag}
-      
+        echo "::notice:: Deleting Image ${name}:${tag}"
+
+        TOKEN=$(curl \
+            --silent \
+            --header "Content-Type: application/json" \
+            --request POST \
+            --data '{"username": "'${{ inputs.username }}'", "password": "'${{ inputs.password }}'" }' \
+            ${registry}/users/login/ \
+            | jq -r .token)
 
-#        echo "::notice:: curl $auth -sI -k \
-#            -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' \
-#            https://${registry}/v2/${name}/manifests/${tag}"
-#
-#        echo "::notice:: 111111111 $auth"
-#
-#        digest=$(curl $auth -sI -k \
-#            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-#            "https://${registry}/v2/${name}/manifests/${tag}")
-#        echo "::notice:: 111111111 ${digest}"
-#
-#        curl $auth -X DELETE -sI -k "https://${registry}/v2/${name}/manifests/$(
-#          curl $auth -sI -k \
-#            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-#            "https://${registry}/v2/${name}/manifests/${tag}" \
-#            | tr -d '\r' | sed -En 's/^Docker-Content-Digest: (.*)/\1/pi'
-#        )"
+        curl -X DELETE \
+          --header "Authorization: JWT ${TOKEN}" \
+          --header "Accept: application/json" \
+          ${registry}/repositories/${name}/tags/${tag}

.github/actions/docker_build/action.yml

@@ -84,7 +84,7 @@ runs:
       run: |
         build_date=$(date +"%Y-%m-%d %H:%M")
         echo "BUILD_DATE=$build_date" >> $GITHUB_ENV
-        
+
         if [[ "${{inputs.target}}" == "dist" ]]; then
           echo "TAG_PREFIX=" >> $GITHUB_ENV
         else
@@ -113,7 +113,7 @@ runs:
     - name: "Check Image"
       id: image_status
       shell: bash
-      run: | 
+      run: |
         set +e
         echo "::notice::ℹ Checking checksum for ${{ steps.image_name.outputs.name }}"
         image_checksum=$(regctl image inspect \
@@ -124,7 +124,7 @@ runs:
         code_checksum="${{ inputs.code_checksum }}"
         if [[ "${{ contains(github.event.head_commit.message, 'ci:all') }}" == "true" ]];then
           echo "::warning::🤔 Forced rebuild"
-          echo "updated=false" >> $GITHUB_OUTPUT        
+          echo "updated=false" >> $GITHUB_OUTPUT
         elif [[ -z "$image_checksum"  ]]; then
           echo "::warning::🤔 No image checksum found"
           echo "updated=false" >> $GITHUB_OUTPUT
@@ -135,7 +135,7 @@ runs:
           echo "::warning::🤬 Checksum: found '${image_checksum}' expected '${code_checksum}'"
           echo "updated=false" >> $GITHUB_OUTPUT
         fi
-        if [[ "${{inputs.rebuild}}" == "true" ]]; then 
+        if [[ "${{inputs.rebuild}}" == "true" ]]; then
             echo "::warning::⚠ Forced build due input parameter"
         fi
     - name: Set up Docker BuildX
@@ -189,7 +189,7 @@ runs:
       if: (steps.image_status.outputs.updated != 'true' || inputs.rebuild == 'true') && inputs.dryrun != 'true'
       shell: bash
       run: |
-        echo "${{ toJSON(steps.build_push.outputs) }}"        
+        echo "${{ toJSON(steps.build_push.outputs) }}"
         regctl image inspect -p linux/amd64 ${{ steps.image_name.outputs.name }}
         echo "::notice:: Image ${{ steps.meta.outputs.tags }} successfully built and pushed"
         echo "created=true" >> $GITHUB_OUTPUT

.github/actions/last_commit/action.yml

@@ -13,19 +13,19 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - name: Setup Environment (PR)  
-      if: ${{ github.event_name == 'pull_request' }}  
-      shell: bash  
-      run: |  
+    - name: Setup Environment (PR)
+      if: ${{ github.event_name == 'pull_request' }}
+      shell: bash
+      run: |
         echo "LAST_COMMIT_SHA=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
-    - name: Setup Environment (Push)  
-      if: ${{ github.event_name == 'push' }}  
+    - name: Setup Environment (Push)
+      if: ${{ github.event_name == 'push' }}
       shell: bash
-      run: |  
+      run: |
         echo "LAST_COMMIT_SHA=${GITHUB_SHA}" >> $GITHUB_ENV
     - id: result
       shell: bash
       run: |
-        raw=${{env.LAST_COMMIT_SHA}} 
+        raw=${{env.LAST_COMMIT_SHA}}
         echo "last_commit_sha=$raw" >> $GITHUB_OUTPUT
         echo "last_commit_short_sha=${raw::8}" >> $GITHUB_OUTPUT

.github/codeql/codeql-config.yml

@@ -1,4 +1,4 @@
 name: 'App CodeQL Config'
 
 paths-ignore:
-  - '**/tests/**'
+  - '**/tests/**'

.github/workflows/lint.yml

@@ -51,41 +51,19 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.draft == false && needs.changes.outputs.lint
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
-      - name: Install requirements
-        run: pip install flake8 pycodestyle
-      - name: Check syntax
-        # Stop the build if there are Python syntax errors or undefined names
-        run: flake8 src/ --count --statistics --max-line-length=127
-
-      - name: Warnings
-        run: flake8 src --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --extend-exclude=""
-  isort:
-    needs: changes
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false && needs.changes.outputs.lint
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-      - name: Install requirements
-        run: pip install isort
-      - name: iSort
-        run: isort src/ --check-only
-  black:
-    needs: changes
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false && needs.changes.outputs.lint
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-      - name: Install requirements
-        run: pip install black
-      - name: Black
-        run: black src/ --check
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+      - name: Install dependencies
+        run: |
+          uv sync
+      - name: Ruff Check
+        run: |
+          uv run ruff check . --output-format=github
+      - name: Ruff format
+        run: |
+          uv run ruff format . --check

.github/workflows/release.yml

@@ -166,8 +166,8 @@ jobs:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    if: needs.deployable.outputs.created == 'true' 
-      || contains(github.event.head_commit.message, 'ci:scan') 
+    if: needs.deployable.outputs.created == 'true'
+      || contains(github.event.head_commit.message, 'ci:scan')
       || contains(github.event.head_commit.message, 'ci:all')
     steps:
       - name: Checkout code

.github/workflows/test.yml

@@ -32,8 +32,8 @@ permissions:
 
 jobs:
   changes:
-    if: (github.event_name != 'pull_request' 
-            || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) 
+    if: (github.event_name != 'pull_request'
+            || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
             || github.event_name == 'create'
     runs-on: ubuntu-latest
     timeout-minutes: 1
@@ -54,20 +54,20 @@ jobs:
           filters: .github/file-filters.yml
       - name: info
         shell: bash
-        run: |         
+        run: |
           github_ref="${{ github.ref }}"
           force_build="${{ contains(github.event.head_commit.message, 'ci:build') || contains(github.event.head_commit.message, 'ci:release')}}"
           force_scan="${{ contains(github.event.head_commit.message, 'ci:scan') }}"
           force_test="${{ contains(github.event.head_commit.message, 'ci:test') }}"
-          
+
           if [[ $force_build == "true" ]]; then
             echo "::notice:: Forced build docker due to commit message"
           elif [[ $force_test == "true" ]]; then
             echo "::notice:: Forced python tests due to commit message"
           elif [[ $force_scan == "true" ]]; then
             echo "::notice:: Forced trivy scan due to commit message"
           fi
-          if [[ $force_build == "true" || "${{steps.changed-files.outputs.run_tests}}" == "true" ]]; then 
+          if [[ $force_build == "true" || "${{steps.changed-files.outputs.run_tests}}" == "true" ]]; then
               echo "BUILD=true" >> $GITHUB_ENV
           fi
 
@@ -102,9 +102,9 @@ jobs:
   test:
     name: Run Test Suite
     needs: [ changes,build ]
-    if: (needs.changes.outputs.run_tests == 'true' 
-        || contains(github.event.head_commit.message, 'ci:test') 
-        || contains(github.event.head_commit.message, 'ci:all') 
+    if: (needs.changes.outputs.run_tests == 'true'
+        || contains(github.event.head_commit.message, 'ci:test')
+        || contains(github.event.head_commit.message, 'ci:all')
         || github.event_name == 'create')
     runs-on: ubuntu-latest
     services:
@@ -160,11 +160,11 @@ jobs:
 
   deployable:
     if:
-      contains(github.ref, '/release/') 
-      || endsWith(github.ref, '/develop') 
-      || endsWith(github.ref, '/master') 
-      || endsWith(github.ref, '/staging') 
-      || contains(github.event.head_commit.message, 'ci:release') 
+      contains(github.ref, '/release/')
+      || endsWith(github.ref, '/develop')
+      || endsWith(github.ref, '/master')
+      || endsWith(github.ref, '/staging')
+      || contains(github.event.head_commit.message, 'ci:release')
       || contains(github.event.head_commit.message, 'ci:all')
 
     name: "Build deployable Docker"
@@ -206,9 +206,9 @@ jobs:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    if: needs.release.outputs.created == 'true' 
-      || contains(github.event.head_commit.message, 'ci:scan') 
-      || contains(github.event.head_commit.message, 'ci:all') 
+    if: needs.release.outputs.created == 'true'
+      || contains(github.event.head_commit.message, 'ci:scan')
+      || contains(github.event.head_commit.message, 'ci:all')
       || github.event_name == 'create'
     steps:
       - name: Checkout code

.pre-commit-config.yaml

@@ -1,30 +1,31 @@
 repos:
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.13.2
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
     hooks:
-      - id: isort
-        stages: [pre-commit]
-  - repo: https://github.com/ambv/black
-    rev: 24.10.0
-    hooks:
-      - id: black
-        args: [--config=pyproject.toml]
-        exclude: "migrations|snapshots"
-        stages: [pre-commit]
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.1.1
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-merge-conflict
+      - id: check-toml
+      - id: check-yaml
+        args: [--unsafe]
+      - id: check-added-large-files
+        args: ["--maxkb=2000"]
+  - repo: https://github.com/pycqa/isort
+    rev: 6.0.0
     hooks:
-      - id: flake8
-        args: [--config=.flake8]
-
-        additional_dependencies: [flake8-bugbear==22.9.23]
-        stages: [ pre-commit ]
+      - id: isort
   - repo: https://github.com/PyCQA/bandit
-    rev: '1.7.10' # Update me!
+    rev: '1.8.3'
     hooks:
       - id: bandit
         args: ["-c", "bandit.yaml"]
   - repo: https://github.com/twisted/towncrier
     rev: 24.8.0
     hooks:
       - id: towncrier-check
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.9.7
+    hooks:
+      - id: ruff
+        alias: autoformat
+        args: [--fix]

CONTRIBUTING.md

@@ -9,25 +9,25 @@
 
 
 
-**WARNING**  
+**WARNING**
 > Hope Deduplication Engine implements **security first** policy. It means that configuration default values are "almost" production compliant.
-> 
-> Es. `DEBUG=False` or `SECURE_SSL_REDIRECT=True`. 
-> 
+>
+> Es. `DEBUG=False` or `SECURE_SSL_REDIRECT=True`.
+>
 > Be sure to run `./manage.py env --check` and  `./manage.py env -g all` to check and display your configuration
- 
+
 
 
 ### 1. Clone repo and install requirements
-    git clone https://github.com/unicef/hope-dedup-engine 
+    git clone https://github.com/unicef/hope-dedup-engine
     pdm venv create 3.11
     pdm install
     pdm venv activate in-project
     pre-commit install
 
 ### 2. configure your environment
 
-Uses `./manage.py env` to check required (and optional) variables to put 
+Uses `./manage.py env` to check required (and optional) variables to put
 
     ./manage.py env --check