{"id":19652676,"url":"https://github.com/advanced-security/python-lint-code-scanning-action","last_synced_at":"2025-04-28T17:30:45.143Z","repository":{"id":199271571,"uuid":"691564064","full_name":"advanced-security/python-lint-code-scanning-action","owner":"advanced-security","description":"Lint and type check Python with your choice of popular linters, and upload results to GitHub Code Scanning","archived":false,"fork":false,"pushed_at":"2025-03-11T16:40:17.000Z","size":196,"stargazers_count":0,"open_issues_count":3,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T09:51:13.180Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/advanced-security.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-14T12:41:37.000Z","updated_at":"2025-02-13T14:02:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"28c8c2fc-abc8-4f27-8596-cf1138027efd","html_url":"https://github.com/advanced-security/python-lint-code-scanning-action","commit_stats":null,"previous_names":["advanced-security/python-lint-code-scanning-action"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fpython-lint-code-scanning-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fpython-lint-code-scanning-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fpython-lint-code-scanning-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fpython-lint-code-scanning-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/advanced-security","download_url":"https://codeload.github.com/advanced-security/python-lint-code-scanning-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251355234,"owners_count":21576318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T15:11:42.568Z","updated_at":"2025-04-28T17:30:45.134Z","avatar_url":"https://github.com/advanced-security.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Python Linting Action\n\n\u003e [!NOTE]\n\u003e This is an _unofficial_ tool created by Field Security Services, and is not officially supported by GitHub.\n\nThis Action and Python script lets you run one of several Python linters and type checkers, and upload the results to GitHub's Code Scanning, which is part of [Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) (free for open source projects hosted on GitHub).\n\n## Supported linters and type checkers\n\n- Linters:\n  - [Flake8](https://flake8.pycqa.org/en/latest/)\n  - [Pylint](https://www.pylint.org/)\n  - [Ruff](https://beta.ruff.rs/)\n  - [Fixit 2](https://fixit.readthedocs.io/en/stable/) - for Python 3.8 and above\n- Type checkers:\n  - [Mypy](https://mypy.readthedocs.io/en/stable/)\n  - [Pytype](https://github.com/google/pytype/) - for Python 3.10 and below\n  - [Pyright](https://github.com/microsoft/pyright)\n  - [Pyre](https://pyre-check.org/)\n\n## Requirements\n\n- Python 3.8 or higher\n- For Pytype, Python 3.10 or lower\n- For Fixit, Python 3.8 or higher\n- GitHub Actions\n- GitHub Advanced Security (for private repositories)\n\n## Usage\n\n### Actions usage\n\n#### Configure the linters\n\nConfigure the linters using a configuration file in your repository, appropriate to the linter.\n\nMany can use `pyproject.toml`, but not all.\n\nExample `pyproject.toml` and `.flake8` files for linting this repository are included.\n\n#### Call the Action with a workflow\n\nFirst check out the repository with `github/checkout` of a supported version, so the code is available to the workflow.\n\nThe simplest use is to use just one linter at a time:\n\n```yaml\nuses: advanced-security/python-lint-code-scanning-action@v1\nwith:\n  linter: flake8\n```\n\nYou can run it with more than one linter using a matrix:\n\n```yaml\njobs:\n  lint:\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        linter: [flake8, pylint, ruff, mypy, pytype, pyright, fixit, pyre]\n    steps:\n      - uses: advanced-security/python-lint-code-scanning-action@v1\n        with:\n          linter: ${{ matrix.linter }}\n```\n\nSimilarly, you can run it with more than one Python version:\n\n```yaml\njobs:\n  lint:\n\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        python-version: [3.8, 3.9, 3.10, 3.11, 3.12]\n    steps:\n      - uses: advanced-security/python-lint-code-scanning-action@v1\n        with:\n          linter: flake8\n          python-version: ${{ matrix.python-version }}\n```\n\nYou could even combine both.\n\nIf you want to use plugins for one of the linters, you can install that before running the action, e.g.\n\n```yaml\njobs:\n  lint:\n    runs-on: ubuntu-latest\n    steps:\n      - run: python3 -m pip install flake8-bugbear\n      - uses: advanced-security/python-lint-code-scanning-action@v1\n        with:\n          linter: flake8\n```\n\nPin the version of a linter, e.g. if the latest version is incompatible with this Action.\n\n\u003e [!NOTE]\n\u003e Remember to put quotes around version strings so they are not interpreted as floating point numbers.\n\n```yaml\njobs:\n  lint:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: advanced-security/python-lint-code-scanning-action@v1\n        with:\n          linter: ruff\n          ruff-version: \"0.7.2\"\n```\n\n### Command line usage\n\nFirst install the Flake8 SARIF formatter, if you are using Flake8:\n\n```bash\npython3 -m pip install flake8-sarif-formatter\n```\n\nThen run the linter, which must already be installed in your environment:\n\n```bash\npython3 ./python_lint.py \u003clinter\u003e [\u003clinter\u003e ...] [\u003coptions\u003e]\n```\n\nThe linter/type checker can be one or more of `flake8`, `pylint`, `ruff`, `mypy`, `pytype`, `pyright`, `fixit`, `pyre`.\n\n## FAQ\n\n### Why not use existing Python linting Actions?\n\nThey don't all produce SARIF, and they don't upload to Code Scanning.\n\n### Why not use MegaLinter or Super-linter?\n\nThey aggregate lots of linters, for a lot of languages, but do not focus on producing output in SARIF, nor on Python.\n\nAlthough MegaLinter has a [SARIF output formatter](https://megalinter.io/latest/reporters/SarifReporter/), only those linters natively able to produce SARIF are usable this way.\n\nThis Action is specialised for useful linters for Python, and produces SARIF.\n\n### Why not create N different Actions?\n\nIt's far more convenient to have one Action that can run all of the popular linters, so you can configure it once and then run it with different linters.\n\n### Could you let me configure the linters using the Action's inputs?\n\nNo, because the configuration files are specific to each linter. Providing convenience abstractions over the inputs for all of the linters would be significantly more work than just using the configuration files.\n\nIt's possible that a future release might allow you to specify some very common shared options, such as line-length, but for now that's not been tackled.\n\n### Why not add SARIF output directly to the linters, and then call them?\n\nGood idea. That's something to consider for the future. For now it was quicker and easier to call the linters and process their output into SARIF, vs raising PRs against each linter.\n\n### You really should provide some sensible defaults for the linters\n\nWow, so opinionated! We decided not to be opinionated 😁. Linting is very individual, and deciding on defaults beyond those of the tools themselves could prove to be a thankless task. Hopefully if you want to use these linters then you'll be able to configure them to your liking.\n\n### What about tool X?\n\nLots of linters are wrapped up or replicated by these linters.\n\n`pydocstyle` can be run using a plugin to Flake8, and `mccabe` is included in Flake8.\n\nIf there's one you really need that isn't runnable, please raise an issue or a PR to include it.\n\n### Why can't I run all of the linters in one go?\n\nActions lets you do a matrix job, which does great work in parallelising things.\n\nWe could use Python multi-processing to run them all in parallel, but that doesn't make such sense on standard GitHub runners.\n\nIf you want to run them all at once you can call the underlying script with multiple linters, but that feature is really just to make testing easier, since they run in series.\n\n### Why do I see an error, but the run is not marked as having failed?\n\nThis avoids errors with a single linter resulting in the whole run being marked as \"in error\". It is the Code Scanning results that are of interest, not whether every linter ran successfully.\n\nYou should check for errors in the Actions log and resolve them. It might be better to have an option to report failure if a linter does not run properly - raise an issue or a PR if you want that.\n\n## License\n\nThis project is licensed under the terms of the MIT open source license. Please refer to the [LICENSE](LICENSE) for the full terms.\n\n## Maintainers\n\nSee [CODEOWNERS](CODEOWNERS) for the list of maintainers.\n\n## Support\n\n\u003e [!NOTE]\n\u003e This is an _unofficial_ tool created by Field Security Services, and is not officially supported by GitHub.\n\nSee the [SUPPORT](SUPPORT.md) file.\n\n## Background\n\nSee the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fpython-lint-code-scanning-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvanced-security%2Fpython-lint-code-scanning-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fpython-lint-code-scanning-action/lists"}