[CHIA-1553] Replace pylint with ruff #18759
Conversation
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
github-actions
bot
added
the
merge_conflict
Quexington
force-pushed
the
quex.replace_pylint_with_ruff
branch
from
e8ca12b
to
fcd342e
Compare
github-actions
bot
removed
the
merge_conflict
Quexington
force-pushed
the
quex.replace_pylint_with_ruff
branch
from
fcd342e
to
4829ecb
Compare
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected] |
Quexington
added
the
Added
github-actions
bot
added
the
merge_conflict
Quexington
force-pushed
the
quex.replace_pylint_with_ruff
branch
from
4829ecb
to
6b4e8eb
Compare
Quexington
force-pushed
the
quex.replace_pylint_with_ruff
branch
from
6b4e8eb
to
ac00bdb
Compare
github-actions
bot
removed
the
merge_conflict
|
@SocketSecurity ignore pypi/[email protected] |
|
Pff.. chicken |
github-actions
bot
added
the
merge_conflict
github-actions
bot
removed
the
merge_conflict
|
|
Coverage diff exemption |
Blatant plagiarism of #18649 with less emojis and politics :)
Ruff is a python linter and formatter written entirely in Rust that aims to reimplement many of the most popular tools in a way where they can run hundreds of times faster. It's used to lint the source of many major projects like Mypy, Poetry, PyInstaller, pytest, and even Pylint, which this PR hopes to replace.
The introduced scope of ruff here is very limited compared to what it can do. We're only replacing pylint in this PR even though this tool could in theory absorb 4 or 5 more of our pre-commit jobs (and run them all in a fraction of the time). The reason for targeting pylint is two-fold: 1) pylint cannot run in pre-commit because it's so slow. This often results in unexpected CI failures that devs would have much rather caught at commit time. 2) pylint at once wants to check type related information and at the same time is pretty bad at it. This is a known issue in pylint that results in many false positives and while they're working to improve it, they are slow to respond to false positive issues and have seeming architectural issues that prevent them from addressing some of the more annoying failures like with respect to wrappers and dataclasses.
Ruff does not have exact 1:1 parity with pylint, however, they are working in that direction: astral-sh/ruff#970. They also don't attempt type inference that they're bad at, which means we're trading some linting coverage for less false positives and
pylint: disable=statements in our codebase.In terms of Ruff ergonomics, many errors can be fixed automatically (and are by pre-commit) and errors that cannot be fixed give much more descriptive formatting to help developers solve them. Ignoring ruff errors works like flake8 (because it can replace it) by saying
# noqa: <error code>.