ruff-pre-commit icon indicating copy to clipboard operation
ruff-pre-commit copied to clipboard
verified publisher icon charliermarsh

Airgapped ruff-pre-commit.

Open remchuk opened this issue 1 year ago • 12 comments

I would rather open a discussion but an issue will do.

I want to run ruff-pre-commit in my airgapped gitlab.

Now it should work flowlessly, but looking at the code I see many Installs, and variables that access a github.

Is it possible to just download this repo and upload it into my airgapped gitlab and use it?

Is it something planned?

remchuk avatar Jan 21 '25 14:01 remchuk

I'm not very familiar with how gitlab works but did you follow the pre-commit GitLab setup instructions? That it's downloading files is expected but the caching should help reduce the need to do so for subsequent runs.

We don't plan on releasing a dedicated pre-commit for GitLab

MichaReiser avatar Jan 21 '25 15:01 MichaReiser

there are many places like:

            --notes "See: https://github.com/astral-sh/ruff/releases/tag/${TAG_NAME/v}" \
            --latest
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

which seems to be directly trying to access the WAN github, or use github variables. I wanted to run them as pre-commit rather then triggering a gitlab CI and fails a pipeline.

remchuk avatar Jan 21 '25 15:01 remchuk

Can you share an example of how you're using the pre-commit in your GitLab CI pipeline?

MichaReiser avatar Jan 21 '25 15:01 MichaReiser

I'm not, I want to start using, I only truly need ruff and mypy.

remchuk avatar Jan 21 '25 15:01 remchuk

Hmm okay, I don't think I understand what you're looking for. You said that you want to run pre-commit on GitLab but it seems you're not? Did you try pre-commit's GitLab setup instructions that I linked above?

MichaReiser avatar Jan 21 '25 15:01 MichaReiser

You are correct. I installed the pre-commit and downloaded the repo of ruff-pre-commit into our airgapped env, the real problem is converting this project to gitlab.

looks like there isn't a proper way to do this in our airgapped gitlab.

trying to run this:

pre-commit:
  stage: pre-commit
  image: <my-image>
  variables:
    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
  cache:
    paths:
      - ${PRE_COMMIT_HOME}

but even before that. I have created a .pre-commit-config.yaml with the following:

repos:
- repo: <reupload of this repo in gitlab>
  # Ruff version.
  rev: v0.9.2
  hooks:
    # Run the linter.
    - id: ruff
      args: [ --fix ]
    # Run the formatter.
    - id: ruff-format

then I ran, pre-commit install, but when running pre-commit run --all-files I receive: an unexpected error has occured: CalledProccessError: command : ('/usr/bin/git', 'fetch', 'origin', '--tags') fatal unable to access 'my gitlab repo': server certificate verification faild. CAfile: none CRLfile: None

Now I suppose something is probably missing.

remchuk avatar Jan 21 '25 16:01 remchuk

This overall looks correct and this seems like an issue with your git client not being able to authenticate against your gitlab repository. I'm not sure how I can help you with that.

MichaReiser avatar Jan 21 '25 17:01 MichaReiser

That something I probably have to check. I'll try something and see if it works.

I really want to thank you for such quick responses and in depth answers. You such a great developer and maintainer.

Do you think that simply taking this repo and changing the .github to .gitlab and uploading it to the gitlab will suffice?

remchuk avatar Jan 21 '25 17:01 remchuk

Thanks for the kind words

Do you think that simply taking this repo and changing the .github to .gitlab and uploading it to the gitlab will suffice?

I don't think this should be necessary. Pre-commit itself should be independent from where or how you host your repository and it should take care of installing individual checks.

Have you tried using the normal repo url instead of uploading this to gitlab?

repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
  rev: v0.9.2
  hooks:
    # Run the linter.
    - id: ruff
      args: [ --fix ]
    # Run the formatter.
    - id: ruff-format

MichaReiser avatar Jan 21 '25 17:01 MichaReiser

It is airgapped.

I have no access to the Internet. Therefore no way of accessing it.

Sadly in our airgapped env we don't have a github, only enterprised gitlab

remchuk avatar Jan 21 '25 21:01 remchuk

Oh, I assumed airgapped was your repository but airgapped means something else. I don't know enough about airgapped to support you here and yes, maybe you have to fork this repository into your own Gitlab but just forking is probably not enough because you also need a way to retrieve the ruff binary.

Whatever you choose to do is probably going to be specific to your environment. Hve you considered running ruff in a docker container (that you can build and publish once?) You can also try to run ruff using uv (or install with pip). I think there's even a uv-pre-commit project and maybe you can use of its caching feature.

MichaReiser avatar Jan 22 '25 07:01 MichaReiser

In an air-gapped environment you probably want to install your allow-listed tools system-wide and use those in your pre-commit configuration. I'd suggest you look into local hooks in combination with language: system for this.

Example

repos:
- repo: local
  hooks:
  - id: statix
    name: statix
    language: system
    entry: nix-shell
    args: [-p, statix, '--run', 'statix check']
    pass_filenames: false
    types: [nix]
- repo: local
  hooks:
  - id: deadnix
    name: deadnix
    language: system
    entry: nix-shell
    args: [-p, deadnix, '--run', 'deadnix --fail']
    pass_filenames: false
    types: [nix]

The above configuration runs a local command each on my NixOS Linux box. Nothing is downloaded to install, update or run the commands.

You may try the same approach with a locally installed ruff binary. You will likely not need, let alone be able to use, the ruff-pre-commit project for that solution.

bittner avatar Apr 25 '25 13:04 bittner