Lint: Migrate from black/pylint to ruff #2850
Conversation
- Remove black, black_auto, pylint, and linter workflows - Remove pylint.json and yamllint.json matchers - Add ruff.yml workflow for linting - Add .pre-commit-config.yaml for local development - Add .yamllint configuration for YAML linting - Replace [tool.black] and [tool.pylint] with [tool.ruff] in pyproject.toml - Update Makefile lint/reformat targets to use ruff - Update CONTRIBUTING.md with ruff and pre-commit documentation The ruff config ignores many rules to avoid code changes - these can be enabled incrementally in follow-up PRs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Lint Code | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout Code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Run Ruff linter | ||
| uses: astral-sh/ruff-action@v1 | ||
| with: | ||
| args: "check slither/ tests/ scripts/" | ||
|
|
||
| # Formatting check disabled to avoid changes to existing code | ||
| # - name: Run Ruff formatter check | ||
| # run: | | ||
| # echo "::group::Checking formatting with Ruff" | ||
| # ruff format --check slither/ tests/ scripts/ || FORMAT_EXIT=$? | ||
| # echo "::endgroup::" | ||
| # if [ "${FORMAT_EXIT:-0}" -ne 0 ]; then | ||
| # echo "❌ Formatting check failed. Run 'make reformat' or 'ruff format' locally to fix formatting." | ||
| # exit $FORMAT_EXIT | ||
| # fi | ||
| # echo "✅ Formatting check passed" | ||
|
|
||
| - name: Set up Python for yamllint | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.12" | ||
|
|
||
| - name: Install and run yamllint | ||
| run: | | ||
| # Use uv for fast installation | ||
| curl -LsSf https://astral.sh/uv/install.sh | sh | ||
| export PATH="$HOME/.local/bin:$PATH" | ||
| uv tool install yamllint | ||
| echo "::group::Running yamllint" | ||
| uvx yamllint .github/ || YAML_EXIT=$? | ||
| echo "::endgroup::" | ||
| if [ "${YAML_EXIT:-0}" -ne 0 ]; then | ||
| echo "❌ YAML linting failed. Fix the YAML syntax errors shown above." | ||
| exit $YAML_EXIT | ||
| fi | ||
| echo "✅ YAML linting passed" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
In general, the fix is to explicitly configure GITHUB_TOKEN permissions for the workflow or for the specific job, instead of relying on repository defaults. For a lint-only job that just checks code and YAML, contents: read is typically sufficient. This satisfies the principle of least privilege and the CodeQL recommendation.
For this specific workflow, the simplest and safest fix without changing functionality is to add a permissions block to the lint job, because that is the job CodeQL flagged. We can set contents: read, which allows the job to read repository contents (needed for actions/checkout@v4 to function) but prevents writes. No other permissions appear necessary for running Ruff and yamllint. Concretely, in .github/workflows/ruff.yml, under jobs: lint:, insert:
permissions:
contents: readat an appropriate indentation level between name: Lint Code and runs-on: ubuntu-latest. No additional imports or external libraries are needed; this is purely a YAML configuration change.
| @@ -24,6 +24,8 @@ | ||
| jobs: | ||
| lint: | ||
| name: Lint Code | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: |
Summary
Migrate from black/pylint to ruff for linting and code formatting.
Changes
Removed
.github/workflows/black.yml- black check workflow.github/workflows/black_auto.yml- auto-fix workflow.github/workflows/pylint.yml- pylint check workflow.github/workflows/linter.yml- super-linter workflow.github/workflows/matchers/pylint.json- pylint error matcher.github/workflows/matchers/yamllint.json- yamllint error matcherAdded
.github/workflows/ruff.yml- ruff check workflow.pre-commit-config.yaml- pre-commit hooks for local development.yamllint- yamllint configurationModified
pyproject.toml- replaced[tool.black]and[tool.pylint]with[tool.ruff]Makefile- updatedlintandreformattargets to use ruffCONTRIBUTING.md- updated linter documentation and added pre-commit sectionNotes
Test plan
ruff check slither/passesyamllint .github/passes🤖 Generated with Claude Code