# yaml-language-server: $schema=https://json.schemastore.org/github-action.json # permissions: # - contents: write # Required for committing and pushing lint fixes # - security-events: write # Required for uploading SARIF reports --- name: Python Lint and Fix description: 'Lints and fixes Python files, commits changes, and uploads SARIF report.' author: 'Ismo Vuorinen' branding: icon: 'code' color: 'yellow' inputs: python-version: description: 'Python version to use' required: false default: '3.11' flake8-version: description: 'Flake8 version to use' required: false default: '7.0.0' autopep8-version: description: 'Autopep8 version to use' required: false default: '2.0.4' max-retries: description: 'Maximum number of retry attempts for installations and linting' required: false default: '3' working-directory: description: 'Directory containing Python files to lint' required: false default: '.' fail-on-error: description: 'Whether to fail the action if linting errors are found' required: false default: 'true' token: description: 'GitHub token for authentication' required: false username: description: 'GitHub username for commits' required: false default: 'github-actions' email: description: 'GitHub email for commits' required: false default: 'github-actions@github.com' outputs: lint-result: description: 'Result of the linting process (success/failure)' value: ${{ steps.lint.outputs.result }} fixed-files: description: 'Number of files that were fixed' value: ${{ steps.fix.outputs.fixed_count }} error-count: description: 'Number of errors found' value: ${{ steps.lint.outputs.error_count }} runs: using: composite steps: - name: Validate Inputs id: validate uses: ivuorinen/actions/validate-inputs@0fa9a68f07a1260b321f814202658a6089a43d42 with: action-type: 'python-lint-fix' token: ${{ inputs.token }} email: ${{ inputs.email }} username: ${{ inputs.username }} python-version: ${{ inputs.python-version }} flake8-version: ${{ inputs.flake8-version }} autopep8-version: ${{ inputs.autopep8-version }} working-directory: ${{ inputs.working-directory }} max-retries: ${{ inputs.max-retries }} fail-on-error: ${{ inputs.fail-on-error }} - name: Checkout Repository uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta with: token: ${{ inputs.token || github.token }} - name: Detect Python Version id: python-version uses: ivuorinen/actions/language-version-detect@0fa9a68f07a1260b321f814202658a6089a43d42 with: language: 'python' default-version: ${{ inputs.python-version }} - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ steps.python-version.outputs.detected-version }} cache: 'pip' cache-dependency-path: | **/requirements.txt **/requirements-dev.txt **/pyproject.toml **/setup.py - name: Check for Python Files id: check-files shell: sh env: WORKING_DIRECTORY: ${{ inputs.working-directory }} run: | set -eu cd "$WORKING_DIRECTORY" if ! find . -name "*.py" -type f -not -path "*/\.*" | grep -q .; then echo "No Python files found. Skipping lint and fix." printf '%s\n' "result=skipped" >> "$GITHUB_OUTPUT" exit 0 fi printf '%s\n' "result=found" >> "$GITHUB_OUTPUT" - name: Cache Python Dependencies if: steps.check-files.outputs.result == 'found' id: cache-pip uses: ivuorinen/actions/common-cache@0fa9a68f07a1260b321f814202658a6089a43d42 with: type: 'pip' paths: '~/.cache/pip' key-files: 'requirements*.txt,pyproject.toml,setup.py,setup.cfg' key-prefix: 'python-lint-fix' - name: Install Dependencies if: steps.check-files.outputs.result == 'found' && steps.cache-pip.outputs.cache-hit != 'true' id: install shell: sh env: MAX_RETRIES: ${{ inputs.max-retries }} FLAKE8_VERSION: ${{ inputs.flake8-version }} AUTOPEP8_VERSION: ${{ inputs.autopep8-version }} run: | set -eu # Create virtual environment python -m venv .venv . .venv/bin/activate # Install dependencies (pip has built-in retry logic) pip install "flake8==$FLAKE8_VERSION" pip install flake8-sarif==0.6.0 pip install "autopep8==$AUTOPEP8_VERSION" # Verify installations flake8 --version || exit 1 autopep8 --version || exit 1 - name: Activate Virtual Environment (Cache Hit) if: steps.check-files.outputs.result == 'found' && steps.cache-pip.outputs.cache-hit == 'true' shell: sh env: FLAKE8_VERSION: ${{ inputs.flake8-version }} AUTOPEP8_VERSION: ${{ inputs.autopep8-version }} run: | set -eu # Create virtual environment if it doesn't exist from cache if [ ! -d ".venv" ]; then python -m venv .venv . .venv/bin/activate pip install "flake8==$FLAKE8_VERSION" "flake8-sarif==0.6.0" "autopep8==$AUTOPEP8_VERSION" fi - name: Run flake8 if: steps.check-files.outputs.result == 'found' id: lint shell: sh env: WORKING_DIRECTORY: ${{ inputs.working-directory }} FAIL_ON_ERROR: ${{ inputs.fail-on-error }} run: | set -eu . .venv/bin/activate cd "$WORKING_DIRECTORY" # Create temporary directory for reports mkdir -p reports # Run flake8 with error handling error_count=0 if ! flake8 --format=sarif --output-file=reports/flake8.sarif .; then error_count=$(grep -c "level\": \"error\"" reports/flake8.sarif || echo 0) echo "Found $error_count linting errors" printf '%s\n' "error_count=$error_count" >> "$GITHUB_OUTPUT" if [ "$FAIL_ON_ERROR" = "true" ]; then echo "::error::Linting failed with $error_count errors" printf '%s\n' "result=failure" >> "$GITHUB_OUTPUT" exit 1 fi fi printf '%s\n' "result=success" >> "$GITHUB_OUTPUT" printf '%s\n' "error_count=$error_count" >> "$GITHUB_OUTPUT" - name: Run autopep8 Fix if: steps.check-files.outputs.result == 'found' id: fix shell: sh env: WORKING_DIRECTORY: ${{ inputs.working-directory }} run: | set -eu . .venv/bin/activate cd "$WORKING_DIRECTORY" # Create temporary file for tracking changes touch /tmp/changed_files # Run autopep8 with change detection find . -name "*.py" -type f -not -path "*/\.*" | while read -r file; do if autopep8 --diff "$file" | grep -q '^[+-]'; then autopep8 --in-place "$file" echo "$file" >> /tmp/changed_files fi done # Count fixed files fixed_count=$(wc -l < /tmp/changed_files || echo 0) echo "Fixed $fixed_count files" printf '%s\n' "fixed_count=$fixed_count" >> "$GITHUB_OUTPUT" # Cleanup rm /tmp/changed_files - name: Commit Fixes if: ${{ fromJSON(steps.fix.outputs.fixed_count) > 0 }} uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b # v5.0.1 with: commit_message: 'style: apply python lint fixes' commit_user_name: ${{ inputs.username }} commit_user_email: ${{ inputs.email }} file_pattern: '*.py' - name: Upload SARIF Report if: steps.check-files.outputs.result == 'found' uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 with: sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif category: 'python-lint' - name: Cleanup if: always() shell: sh run: |- set -eu # Remove virtual environment rm -rf .venv # Remove temporary files rm -rf reports