feat(ci,test): add Ruff linter to CI pipeline and update tests

- Added Ruff linter to GitHub Actions matrix in `.github/workflows/test.yaml`.
- Updated README.md with instructions for Ruff.
- Created `ruff` feature with `devcontainer-feature.json` and `install.sh`.
- Added Ruff linter version check to `all-tools.sh`.
- Created Ruff-specific version test script and scenario.
- Updated `scenarios.json` to include Ruff-specific test scenarios.

Author: jsburckhardt

.github/workflows/test.yaml

@@ -13,17 +13,18 @@ jobs:
     strategy:
       matrix:
         features:
-          - flux
-          - notation
+          - copa
           - crane
-          - skopeo
-          - kyverno
           - cyclonedx
-          - copa
+          - flux
           - gic
-          - uv
           - gitleaks
           - jnv
+          - kyverno
+          - notation
+          - ruff
+          - skopeo
+          - uv
         baseImage:
           - debian:latest
           - ubuntu:latest

README.md

@@ -16,10 +16,11 @@ This repository contains a _collection_ of Features.
 | cyclonedx | https://cyclonedx.org/ | cyclonedx is a command-line tool for working with Software Bill of Materials (SBOM). |
 | Copacelic | https://project-copacetic.github.io/copacetic/website/ | Project Copacetic: Directly patch container image vulnerabilities. Copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images given the vulnerability scanning results from popular tools like Trivy. |
 | Gic | https://github.com/jsburckhardt/gic | Reducing cognitive load by automating commit message generation, allowing developers to focus on coding instead of crafting messages. |
-| UV/UVX | https://docs.astral.sh/uv/ | An extremely fast Python package and project manager, written in Rust. A single tool to replace pip, pip-tools, pipx, poetry, pyenv, virtualenv, and more. |
 | Gitleaks | https://gitleaks.io/ | Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. |
 | Zarf | https://zarf.dev/ | Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments. |
 | jnv | https://github.com/ynqa/jnv | jnv is designed for navigating JSON, offering an interactive JSON viewer and jq filter editor. |
+| UV/UVX | https://docs.astral.sh/uv/ | An extremely fast Python package and project manager, written in Rust. A single tool to replace pip, pip-tools, pipx, poetry, pyenv, virtualenv, and more. |
+| Ruff | https://docs.astral.sh/ruff/ | An extremely fast Python linter and code formatter, written in Rust. |
 
 
 
@@ -37,7 +38,7 @@ Running `flux` inside the built container will print the help menu of flux.
 ```
 
 ```bash
-$ flux
+flux
 ```
 
 ### `notation`
@@ -54,7 +55,7 @@ Running `notation` inside the built container will print the help menu of notati
 ```
 
 ```bash
-$ notation
+notation
 ```
 
 ### `crane`
@@ -71,7 +72,7 @@ Running `crane` inside the built container will print the help menu of crane.
 ```
 
 ```bash
-$ crane
+crane
 ```
 
 ### `skopeo`
@@ -88,7 +89,7 @@ Running `skopeo` inside the built container will print the help menu of skopeo.
 ```
 
 ```bash
-$ skopeo
+skopeo
 ```
 
 ### `kyverno`
@@ -105,7 +106,7 @@ Running `kyverno` inside the built container will print the help menu of kyverno
 ```
 
 ```bash
-$ kyverno
+kyverno
 ```
 
 ### `cyclonedx cli`
@@ -122,7 +123,7 @@ Running `cyclonedx` inside the built container will print the help menu of cyclo
 ```
 
 ```bash
-$ cyclonedx --version
+cyclonedx --version
 ```
 
 ### `Copacetic cli`
@@ -139,7 +140,7 @@ Running `copa` inside the built container will print the help menu of copa.
 ```
 
 ```bash
-$ copa
+copa
 ```
 
 ### `Gic`
@@ -156,7 +157,7 @@ Running `Gic` inside the built container will print the help menu of gic.
 ```
 
 ```bash
-$ gic --version
+gic --version
 ```
 
 ### `Gitleaks`
@@ -173,7 +174,7 @@ Running `gitleaks` inside the built container will print the help menu of gitlea
 ```
 
 ```bash
-$ gitleaks
+gitleaks
 ```
 
 ### `Zarf`
@@ -190,7 +191,7 @@ Running `zarf` inside the built container will print the help menu of zarf.
 ```
 
 ```bash
-$ zarf
+zarf
 ```
 
 ### `jnv`
@@ -207,12 +208,12 @@ Running `jnv -h` inside the built container will print the help menu of jnv.
 ```
 
 ```bash
-$ jnv -h
+jnv -h
 ```
 
 ### `UV/UVX`
 
-Running `uv` or `uvx` inside the built container will print the help menu of gic.
+Running `uv` or `uvx` inside the built container will print the help menu of uv/uvx.
 
 ```jsonc
 {
@@ -224,5 +225,22 @@ Running `uv` or `uvx` inside the built container will print the help menu of gic
 ```
 
 ```bash
-$ uv --version
+uv --version
+```
+
+### `Ruff`
+
+Running `ruff` inside the built container will print the help menu of ruff.
+
+```jsonc
+{
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+        "ghcr.io/jsburckhardt/devcontainer-features/ruff:1": {}
+    }
+}
+```
+
+```bash
+ruff --version
 ```

src/ruff/devcontainer-feature.json

@@ -0,0 +1,13 @@
+{
+  "id": "ruff",
+  "version": "1.0.0",
+  "name": "ruff",
+  "description": "Ruff is a fast Python linter, written in Rust.",
+  "options": {
+    "version": {
+      "type": "string",
+      "description": "Version of ruff to install. Accepts versions with 'v' prefix.",
+      "default": "latest"
+    }
+  }
+}

src/ruff/install.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# Variables
+REPO_OWNER="astral-sh"
+REPO_NAME="ruff"
+BINARY_NAME="ruff"
+
+set -e
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
+    exit 1
+fi
+
+# Clean up
+rm -rf /var/lib/apt/lists/*
+
+check_packages() {
+    if ! dpkg -s "$@" >/dev/null 2>&1; then
+        if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+            echo "Running apt-get update..."
+            apt-get update -y
+        fi
+        apt-get -y install --no-install-recommends "$@"
+    fi
+}
+
+# make sure we have packages
+check_packages curl tar jq ca-certificates
+
+# Function to get the latest version from GitHub API
+get_latest_version() {
+    LATEST_URL="https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/releases/latest"
+    curl -s "$LATEST_URL" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
+}
+
+# Check if a version is passed as an argument
+if [ -z "$VERSION" ] || [ "$VERSION" == "latest" ]; then
+    # No version provided, get the latest version
+    VERSION=$(get_latest_version)
+    echo "No version provided or 'latest' specified, installing the latest version: $VERSION"
+else
+    VERSION=${VERSION#"v"}
+    echo "Installing version from environment variable: $VERSION"
+fi
+
+# Determine the OS and architecture following the naming template
+OS=$(uname | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+
+case "$ARCH" in
+    x86_64)
+        ARCH="x86_64"
+        ;;
+    i686)
+        ARCH="i686"
+        ;;
+    armv7l)
+        ARCH="armv7"
+        ;;
+    aarch64)
+        ARCH="aarch64"
+        ;;
+    powerpc64)
+        ARCH="powerpc64"
+        ;;
+    powerpc64le)
+        ARCH="powerpc64le"
+        ;;
+    s390x)
+        ARCH="s390x"
+        ;;
+    *)
+        echo "Unsupported architecture: $ARCH"
+        exit 1
+        ;;
+esac
+
+# Construct the download URL to match the naming template
+if [[ "$OS" == "darwin" ]]; then
+    OS="apple-darwin"
+elif [[ "$OS" == "linux" ]]; then
+    OS="unknown-linux-gnu"
+else
+    echo "Unsupported OS: $OS"
+    exit 1
+fi
+
+DOWNLOAD_URL="https://github.com/$REPO_OWNER/$REPO_NAME/releases/download/$VERSION/${REPO_NAME}-${ARCH}-${OS}.tar.gz"
+
+# Create a temporary directory for the download
+TMP_DIR=$(mktemp -d)
+cd "$TMP_DIR" || exit
+
+# Download the binary tarball
+echo "Downloading $BINARY_NAME from $DOWNLOAD_URL"
+curl -LO "$DOWNLOAD_URL"
+
+# Extract the tarball
+echo "Extracting the tarball"
+tar -xzf "${REPO_NAME}-${ARCH}-${OS}.tar.gz"
+
+# Move the binary to /usr/local/bin
+echo "Installing $BINARY_NAME"
+mv ${REPO_NAME}-${ARCH}-${OS}/* /usr/local/bin/
+
+
+# Cleanup
+cd - || exit
+rm -rf "$TMP_DIR"
+
+# Verify installation
+echo "Verifying installation"
+$BINARY_NAME --version

test/_global/all-tools.sh

@@ -11,6 +11,7 @@ check "cyclonedx" cyclonedx --version
 check "gitleaks" gitleaks version
 check "gic" gic --version
 check "uv" uv --version
+check "ruff" ruff --version
 check "jnv" jnv -V
 check "zarf" zarf version
 

test/_global/ruff-specific-version.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+source dev-container-features-test-lib
+check "ruff with specific version" /bin/bash -c "ruff --version | grep '0.7.0'"
+
+reportResults

test/_global/scenarios.json

@@ -2,17 +2,18 @@
     "all-tools": {
         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
         "features": {
-            "flux": {},
-            "notation": {},
+            "copa": {},
             "crane": {},
-            "skopeo": {},
-            "kyverno": {},
             "cyclonedx": {},
-            "copa": {},
+            "flux": {},
             "gic": {},
-            "uv": {},
             "gitleaks": {},
             "jnv": {},
+            "kyverno": {},
+            "notation": {},
+            "ruff": {},
+            "skopeo": {},
+            "uv": {},
             "zarf": {}
         }
     },
@@ -72,6 +73,14 @@
             }
         }
     },
+    "ruff-specific-version": {
+        "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+        "features": {
+            "ruff": {
+                "version": "v0.7.0"
+            }
+        }
+    },
     "gitleaks-specific-version": {
         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
         "features": {

test/ruff/test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+source dev-container-features-test-lib
+check "ruff" ruff -h
+reportResults