Merge pull request #18 from alex-feel/alex-feel-dev

Move to Python scripts

Author: alex-feel

.github/workflows/lint.yml

@@ -9,134 +9,76 @@ permissions:
   security-events: write
 
 jobs:
-  powershell:
-    name: PowerShell Script Analysis
-    runs-on: windows-latest
-
-    steps:
-    - name: Skip for Release Please
-      if: ${{ startsWith(github.head_ref, 'release-please--branches--') }}
-      run: echo "Skipping PowerShell analysis for Release Please PR"
-
-    - uses: actions/checkout@v5
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-
-    - name: Run PSScriptAnalyzer
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      uses: microsoft/psscriptanalyzer-action@v1.1
-      with:
-        path: ./scripts/windows
-        recurse: true
-        output: results.sarif
-        ignorePattern: '\.git|\.github'
-
-    - name: Upload PSScriptAnalyzer results
-      uses: github/codeql-action/upload-sarif@v3
-      if: ${{ always() && ! startsWith(github.head_ref, 'release-please--branches--') }}
-      with:
-        sarif_file: results.sarif
-
-  shellcheck:
-    name: Shell Script Analysis
+  pre-commit:
+    name: Run Pre-Commit Checks
+    if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
     runs-on: ubuntu-latest
 
     steps:
-    - name: Skip for Release Please
-      if: ${{ startsWith(github.head_ref, 'release-please--branches--') }}
-      run: echo "Skipping Shell Script analysis for Release Please PR"
-
-    - uses: actions/checkout@v5
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-
-    - name: Run ShellCheck
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      uses: ludeeus/action-shellcheck@master
-      with:
-        scandir: './scripts'
-        ignore_paths: 'scripts/windows'
-        severity: warning
-
-  markdown:
-    name: Markdown Lint
-    runs-on: ubuntu-latest
+      - name: Checkout code
+        uses: actions/checkout@v5
 
-    steps:
-    - name: Skip for Release Please
-      if: ${{ startsWith(github.head_ref, 'release-please--branches--') }}
-      run: echo "Skipping Markdown lint for Release Please PR"
-
-    - uses: actions/checkout@v5
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-
-    - name: Run markdownlint
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      uses: DavidAnson/markdownlint-cli2-action@v20
-      with:
-        globs: |
-          **/*.md
-          !node_modules/**
-          !CHANGELOG.md
-
-  json-yaml:
-    name: JSON/YAML Validation
-    runs-on: ubuntu-latest
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - name: Set up Node.js for markdownlint
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install markdownlint-cli2
+        run: npm install -g markdownlint-cli2
+
+      - name: Run pre-commit hooks (except PSScriptAnalyzer)
+        run: |
+          # Skip PSScriptAnalyzer as it requires Windows
+          SKIP=psscriptanalyzer pre-commit run --all-files --show-diff-on-failure
+
+  powershell:
+    name: PowerShell Script Analysis
+    if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
+    runs-on: windows-latest
 
     steps:
-    - name: Skip for Release Please
-      if: ${{ startsWith(github.head_ref, 'release-please--branches--') }}
-      run: echo "Skipping JSON/YAML validation for Release Please PR"
-
-    - uses: actions/checkout@v5
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-
-    - name: Validate JSON files
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      run: |
-        find . -name "*.json" -type f -not -path "./node_modules/*" | while read file; do
-          echo "Validating $file"
-          python -m json.tool "$file" > /dev/null || exit 1
-        done
-        echo "All JSON files are valid"
-
-    - name: Setup Python
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.x'
-
-    - name: Validate YAML files
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      run: |
-        pip install pyyaml
-        find . -name "*.yml" -o -name "*.yaml" -type f -not -path "./node_modules/*" | while read file; do
-          echo "Validating $file"
-          python -c "import yaml; yaml.safe_load(open('$file'))" || exit 1
-        done
-        echo "All YAML files are valid"
+      - uses: actions/checkout@v5
+
+      - name: Run PSScriptAnalyzer
+        uses: microsoft/psscriptanalyzer-action@v1.1
+        with:
+          path: ./scripts/windows
+          recurse: true
+          output: results.sarif
+          ignorePattern: '\.git|\.github'
+
+      - name: Upload PSScriptAnalyzer results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: results.sarif
 
   security:
     name: Security Scan
+    if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
     runs-on: ubuntu-latest
 
     steps:
-    - name: Skip for Release Please
-      if: ${{ startsWith(github.head_ref, 'release-please--branches--') }}
-      run: echo "Skipping Trivy security scan for Release Please PR"
-
-    - uses: actions/checkout@v5
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-
-    - name: Run Trivy security scanner
-      if: ${{ ! startsWith(github.head_ref, 'release-please--branches--') }}
-      uses: aquasecurity/trivy-action@master
-      with:
-        scan-type: 'fs'
-        scan-ref: '.'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-
-    - name: Upload Trivy results to GitHub Security
-      uses: github/codeql-action/upload-sarif@v3
-      if: ${{ always() && ! startsWith(github.head_ref, 'release-please--branches--') }}
-      with:
-        sarif_file: 'trivy-results.sarif'
+      - uses: actions/checkout@v5
+
+      - name: Run Trivy security scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'

.pre-commit-config.yaml

@@ -1,7 +1,24 @@
 repos:
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.12.7
+  hooks:
+    - id: ruff-check
+      name: Ruff (lint + autofix)
+      description: Fast Python linter (Flake8, isort, quotes, etc.) with --fix enabled
+      args: [--fix]
+
 - repo: https://github.com/pre-commit/pre-commit-hooks
   rev: v5.0.0
   hooks:
+    - id: check-json
+      name: Check JSON
+      description: Verify JSON syntax
+      exclude: ^CHANGELOG\.md$
+
+    - id: check-yaml
+      name: Check YAML
+      description: Verify YAML syntax
+
     - id: end-of-file-fixer
       name: End-of-file fixer (non-Python)
       description: Ensures every *non-Python* file is empty or ends with a single newline
@@ -12,6 +29,10 @@ repos:
       description: Trims trailing whitespace in non-Python text files
       exclude: ^.*\.(pyi?|py)$
 
+    - id: check-shebang-scripts-are-executable
+      name: Check shebang scripts
+      description: Check that text files with a shebang are executable
+
 - repo: local
   hooks:
     - id: markdownlint

ruff.toml

@@ -0,0 +1,83 @@
+# Enable preview features
+preview = true
+# General settings
+src = ["scripts", "app"]
+target-version = "py312"
+line-length = 127
+extend-include = ["scripts/**/*.py", "tests/**/*.py"]
+
+[lint]
+# Enable rule groups
+select = [
+    "FAST",  # FastAPI
+    "YTT",  # flake8-2020
+    "ANN",  # flake8-annotations
+    "ASYNC",  # flake8-async
+    "B",  # flake8-bugbear
+    "COM",  # flake8-commas
+    "C4",  # flake8-comprehensions
+    "DTZ",  # flake8-datetimez
+    "T10",  # flake8-debugger
+    "EXE",  # flake8-executable
+    "FIX",  # flake8-fix-me
+    "FA",  # flake8-future-annotations
+    "INT",  # flake8-gettext
+    "ISC",  # flake8-implicit-str-concat
+    "ICN",  # flake8-import-conventions
+    "LOG",  # flake8-logging
+    "PIE",  # flake8-pie
+    "PYI",  # flake8-pyi
+    "PT",  # flake8-pytest-style
+    "Q",  # flake8-quotes
+    "RSE",  # flake8-raise
+    "RET",  # flake8-return
+    "SIM",  # flake8-simplify
+    "SLOT",  # flake8-slots
+    "TID",  # flake8-tidy-imports
+    # "TC",  # flake8-type-checking
+    "ARG",  # flake8-unused-arguments
+    "FLY",  # flynt
+    "I",  # isort
+    "NPY",  # NumPy-specific rules
+    "PD",  # pandas-vet
+    "N",  # pep8-naming
+    "PERF",  # Perflint
+    "E", "W",  # pycodestyle
+    "DOC",  # pydoclint
+    "F",  # Pyflakes
+    "PGH",  # pygrep-hooks
+    "UP",  # pyupgrade
+    "FURB",  # refurb
+]
+
+[lint.flake8-annotations]
+allow-star-arg-any = true
+ignore-fully-untyped = true
+
+[lint.flake8-bugbear]
+extend-immutable-calls = [
+    "fastapi.Depends",
+    "fastapi.params.Depends",
+    "fastapi.Query",
+    "fastapi.params.Query",
+    "fastapi.params.Body",
+]
+
+[lint.flake8-import-conventions.aliases]
+streamlit = "st"
+
+[lint.flake8-quotes]
+docstring-quotes = "double"
+inline-quotes = "single"
+multiline-quotes = "single"
+
+[lint.flake8-type-checking]
+quote-annotations = true
+strict = false
+
+[lint.isort]
+known-first-party = ["app"]
+force-single-line = true
+
+[lint.pydoclint]
+ignore-one-line-docstrings = true