ruff

.github/workflows/test.yml

@@ -36,7 +36,7 @@ jobs:
         uses: actions/[email protected]
       - id: changes
         name: Check for file changes
-        uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
+        uses: dorny/[email protected].2
         with:
           base: ${{ github.ref }}
           token: ${{ github.token }}
@@ -51,14 +51,14 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        python-version: [ "3.11", "3.12" ]
-        django-version: [ "3.2", "4.2", "5.0", "5.1" ]
+        python-version: [ "3.11", "3.12", "3.13" ]
+        django-version: [ "3.2", "4.2", "5.1" ]
       fail-fast: true
     needs: [ changes ]
     if: needs.changes.outputs.run_tests || needs.changes.outputs.lint
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4
 
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5
@@ -67,13 +67,13 @@ jobs:
           architecture: 'x64'
 
       - name: Cache virtualenv
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version}}-${{ hashFiles('uv.lock') }}
           path: .venv
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v4
+        uses: astral-sh/setup-uv@v5
 
       - name: Install the project
         run:  |
@@ -83,8 +83,9 @@ jobs:
       - name: lint
         if: needs.changes.outputs.lint
         run: |
-          uv run isort src/ --check-only
-          uv run flake8 src/
+          uv pip install ruff
+          uv run ruff check src tests
+          uv run ruff format --check src tests
 
       - name: Test
         if: needs.changes.outputs.run_tests
@@ -99,7 +100,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         if: ${{ always() }}
         continue-on-error: true
         with:

.pre-commit-config.yaml

@@ -0,0 +1,13 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.4
+    hooks:
+      - id: ruff
+      - id: ruff-format
+        args:
+          - --check

pyproject.toml

@@ -17,6 +17,7 @@ classifiers = [
     "Intended Audience :: Developers",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
 ]
 dependencies = [
     "celery",

ruff.toml

@@ -0,0 +1,81 @@
+target-version = "py313"
+line-length = 120
+
+[lint.isort]
+case-sensitive = true
+
+[lint]
+select = [
+    "A", # prevent using keywords that clobber python builtins
+#    "ANN", # flake8 annotations
+    "B", # bugbear: security warnings
+    "BLE", # blind exceptions
+    "C4", # flake8-comprehensions
+    "C90", # McCabe complexity
+    "COM", # flake8-commas
+    "D", # pydocstyle
+    "DJ", # flake8-django
+    "E", # pycodestylex
+    "E4", "E7", "E9",
+    "ERA", # eradicate
+    "F", # pyflakes
+    "FLY", # flynt
+    "FURB", # refurb
+    "I", # isort
+    "ICN", # flake8-import-conventions
+    "ISC", # implicit string concatenation
+    "N", # Pep* naming
+    "PERF", # perflint
+    "PIE", # flake8-pie
+    "PL", # PyLint
+    "PT", # flake8-pytest-style
+    "Q", # flake8-quotes
+    "R", # PyLint Refactor
+    "RET", # flake8-return
+    "S", # bandit,
+    "SIM", # flake8-simplify
+    "T10", # flake8-debugger
+    "T20", # flake8-print
+    "TC", # flake8-type-checking
+    "UP", # pyupgrade
+    "W", # pycodestyle warnings
+    "YTT", # flake8 2020
+]
+extend-select = ["UP", ]
+ignore = [
+    "ANN401",
+    "B904",  # raise-without-from-inside-except: syntax not compatible with py2
+    "COM812",
+    "D100", # Missing docstring in public module
+    "D101", # Missing docstring in public class
+    "D102", #  Missing docstring in public method
+    "D103", #  Missing docstring in public function
+    "D104", #  Missing docstring in public package
+    "D105", # Missing docstring in magic method
+    "D106",  # Missing docstring in public nested class
+    "D107",  # Missing docstring in `__init__`
+    "D203", # one-blank-line-before-class
+#    "D212", # multi-line-summary-first-line
+    "D213", # multi-line-summary-second-line
+    "E731",  # lambda-assignment: lambdas are substential in maintenance of py2/3 codebase
+    "ISC001",  # conflicts with ruff format command
+    "RUF005",  # collection-literal-concatenation: syntax not compatible with py2
+    "RUF012", # mutable-class-default: typing is not available for py2
+    "I001", # unsorted imports https://docs.astral.sh/ruff/rules/unsorted-imports/#unsorted-imports-i001
+    "UP037", # [*] Remove quotes from type annotation
+    "UP035", # Import from `collections.abc` instead: `Sequence`
+    "UP031", # Use format specifiers instead of percent format
+    "SIM108", # Use ternary operator instead of...
+    "PLR2004", # Magic value used in comparison
+    "DJ001", # Avoid using `null=True` on string-based fields such as `CharField`
+]
+
+[format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+
+[lint.per-file-ignores]
+"tests/**.py" = ["S101", "PLR2004", "S", "SIM117", "D", "UP", "PLR0913", "ANN", "N999"]
+"src/**/versioning/**.py" = ["N999", ]

src/unicef_security/admin.py

@@ -1,5 +1,5 @@
 import logging
-from typing import Any, Optional
+from typing import Any
 
 from django import forms
 from django.contrib import messages
@@ -38,9 +38,9 @@ def lookups(self, request, model_admin):
 
     def queryset(self, request, queryset):
         if self.value() == "unicef":
-            return queryset.filter(email__endswith=UNICEF_EMAIL)
+            queryset = queryset.filter(email__endswith=UNICEF_EMAIL)
         elif self.value() == "external":
-            return queryset.exclude(email__endswith=UNICEF_EMAIL)
+            queryset = queryset.exclude(email__endswith=UNICEF_EMAIL)
         return queryset
 
 
@@ -95,14 +95,12 @@ class UserAdminPlus(ExtraButtonsMixin, UserAdmin):
     )
     readonly_fields = ("azure_id", "job_title", "display_name")
 
-    def get_fieldsets(self, request: HttpRequest, obj: Optional[Any] = None) -> Any:
+    def get_fieldsets(self, request: HttpRequest, obj: Any | None = None) -> tuple:
         if not obj:
             return self.add_fieldsets
         fieldsets = super().get_fieldsets(request, obj)
         if request.user.is_superuser:
-            fieldsets = fieldsets + (
-                (_("Admin"), {"fields": ("is_staff", "is_superuser")}),
-            )
+            fieldsets = fieldsets + ((_("Admin"), {"fields": ("is_staff", "is_superuser")}),)
         return fieldsets
 
     def is_linked(self, obj):
@@ -116,7 +114,7 @@ def sync_user(self, request, pk):
         try:
             synchronizer = Synchronizer()
             synchronizer.sync_user(obj)
-        except BaseException as e:
+        except ValueError as e:
             self.message_user(request, str(e), messages.ERROR)
 
         self.message_user(request, "User synchronized")
@@ -143,14 +141,13 @@ def link_user_data(self, request, pk):
                     synchronizer.sync_user(obj, data["id"])
                     self.message_user(request, "User linked")
                     return None
-                else:
-                    ctx["message"] = "Select one entry to link"
+                ctx["message"] = "Select one entry to link"
 
             data = synchronizer.search_users(obj)
             ctx["data"] = data
             return TemplateResponse(request, "admin/link_user.html", ctx)
 
-        except BaseException as e:
+        except ValueError as e:
             self.message_user(request, str(e), messages.ERROR)
 
     @button()
@@ -173,9 +170,7 @@ def load(self, request):
                 emails = form.cleaned_data["emails"].split()
                 total_results = SyncResult()
                 for email in emails:
-                    result = synchronizer.fetch_users(
-                        "startswith(mail,'%s')" % email, callback=default_group
-                    )
+                    result = synchronizer.fetch_users("startswith(mail,'%s')" % email, callback=default_group)
                     total_results += result
                 self.message_user(
                     request,
@@ -191,13 +186,11 @@ def load(self, request):
     @button(permissions=is_superuser)
     def ad(self, request, pk):
         obj = self.get_object(request, pk)
-        context = dict()
+        context = dict
         try:
             synchronizer = Synchronizer()
             context = synchronizer.get_user(obj.username)
-        except BaseException as e:
+        except ValueError as e:
             self.message_user(request, str(e), messages.ERROR)
 
-        return TemplateResponse(
-            request, "admin/ad.html", {"ctx": context, "opts": self.model._meta}
-        )
+        return TemplateResponse(request, "admin/ad.html", {"ctx": context, "opts": self.model._meta})

src/unicef_security/config.py

@@ -19,8 +19,6 @@
 
 AZURE_POLICY = get_setting(["SOCIAL_AUTH_POLICY", "TENANT_POLICY"])
 AZURE_TENANT_NAME = get_setting(["SOCIAL_AUTH_TENANT_NAME", "TENANT_NAME"])
-AZURE_RESET_POLICY = get_setting(
-    ["SOCIAL_AUTH_PASSWORD_RESET_POLICY", "PASSWORD_RESET_POLICY"]
-)
+AZURE_RESET_POLICY = get_setting(["SOCIAL_AUTH_PASSWORD_RESET_POLICY", "PASSWORD_RESET_POLICY"])
 
 UNICEF_EMAIL = os.environ.get("UNICEF_EMAIL", "@unicef.org")