move ruff and bandit checks to pre-commit (spacetelescope#8646)

Co-authored-by: Brett Graham <[email protected]>
mairanteodoro · Jul 15, 2024 · dd76184 · dd76184
1 parent f20f15f
commit dd76184
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 22 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,13 +20,17 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    - uses: pre-commit/[email protected]
   check:
     uses: OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@v1
     with:
       default_python: "3.12"
       envs: |
-        - linux: check-style
-        - linux: check-security
         - linux: check-dependencies
   crds_contexts:
     uses: spacetelescope/crds/.github/workflows/contexts.yml@master

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,29 @@
+exclude: ".*\\.asdf$"
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-case-conflict
+      - id: check-yaml
+        args: ["--unsafe"]
+      - id: check-toml
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: debug-statements
+      - id: detect-private-key
+      # - id: end-of-file-fixer
+      # - id: trailing-whitespace
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: 'v0.5.2'
+    hooks:
+      - id: ruff
+        args: ["--fix"]
+      # - id: ruff-format
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.9
+    hooks:
+      - id: bandit
+        args: ["-r", "-ll", "-x", "jwst/*test*,jwst/**/*test*,jwst/fits_generator", "jwst"]
diff --git a/jwst/msaflagopen/tests/test_msa_open.py b/jwst/msaflagopen/tests/test_msa_open.py
@@ -103,7 +103,7 @@ def test_create_slitlets():
 
     for slit in result:
         # Test the returned data type and fields.
-        assert type(slit) == Slit
+        assert isinstance(slit, Slit)
         assert slit._fields == slit_fields
 
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -284,7 +284,7 @@ exclude = [
     "build",
 ]
 lint.ignore = [
-    "E741",
+    "E741", # ambiguous variable name (O/0, l/I, etc.)
 ]
 line-length = 130
 

diff --git a/tox.ini b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 envlist =
-    check-{style,security,dependencies}
+    check-dependencies
     test{,-oldestdeps,-stdevdeps,-devdeps,-sdpdeps}{,-pyargs,-warnings,-regtests,-cov}-xdist
     build-{docs,dist}
 
@@ -13,22 +13,6 @@ envlist =
 #     tox -l -v
 #
 
-[testenv:check-style]
-description = check code style, e.g. with flake8
-skip_install = true
-deps =
-    ruff
-commands =
-    ruff check . {posargs}
-
-[testenv:check-security]
-description = run bandit to check security compliance
-skip_install = true
-deps =
-    bandit>=1.7
-commands =
-    bandit -r -ll -x jwst/*test*,jwst/**/*test*,jwst/fits_generator jwst
-
 [testenv:check-dependencies]
 description = verify that install_requires in setup.cfg has correct dependencies
 # `extras` needs to be empty to check modules without additional dependencies
@@ -92,4 +76,3 @@ description = invoke sphinx-build to build the HTML docs
 extras = docs
 commands =
     sphinx-build -W docs docs/_build
-