ci: add ruff lint with F821/F811 rules by joshbouncesecurity · Pull Request #44 · knostic/OpenAnt

joshbouncesecurity · 2026-05-04T18:23:12Z

Summary

Adds a ruff lint step to the test workflow with two rules: F821 (undefined name) and F811 (redefined unused name). Python won't report an undefined name until that code path executes, so a missing import can ship undetected. F821 + F811 catch that statically with zero false positives and no style noise.

Configured to run before pytest so CI fails fast on missing imports.

Verified clean against upstream/master baseline after fixing one pre-existing violation:

libs/openant-core/core/analyzer.py:393 — analyze() called tracker.add_prior_usage(...) without defining tracker locally. Replaced with get_global_tracker().add_prior_usage(...) to match the pattern already used elsewhere in the same file (e.g. line 489). This is a real bug — the line would NameError at runtime whenever resuming with non-zero prior token usage.

Addresses item 2 from #16 (does not close the issue).

Test plan

ruff check . exits 0 on a clean checkout (verified locally).
CI runs ruff before pytest; failure short-circuits.
Existing pytest suite still passes (verified locally: 38 passed, 10 skipped).

Adds a ruff lint step to the test workflow with two rules: F821 (undefined name) and F811 (redefined unused name). Python won't report an undefined name until that code path executes, so a missing import or typo can ship undetected. F821 + F811 catch that statically with zero false positives and no style noise. Lint runs before pytest so CI fails fast on missing imports. Also fixes a pre-existing F821 in core/analyzer.py: the analyze() function called tracker.add_prior_usage() without defining tracker locally; replaced with get_global_tracker() to match the pattern used elsewhere in the file. Refs #16 (item 2).

joshbouncesecurity · 2026-05-04T20:45:52Z

Manual verification

cd libs/openant-core && pip install ruff && ruff check . --select F821,F811: exits 0 on a clean checkout.
Trip the lint: add foo_undefined() somewhere in production code, push to a branch — CI's lint step short-circuits with a clear F821 error before pytest runs.
Verify the analyzer.py F821 fix at runtime: run openant scan <small-repo> to completion, kill before completion to create a checkpoint, then resume. The token tracker should report prior usage without raising NameError on the tracker.add_prior_usage line that was previously broken.
CI on this PR: lint step appears in python-tests job logs, runs before pytest.

joshbouncesecurity · 2026-05-04T20:59:29Z

Local test results

Ran the configured ruff rules locally on Windows from this branch.

Commands run:

pip install ruff
cd libs/openant-core
ruff check . --select F821,F811

Output:

All checks passed!

Outcome:

ruff check . --select F821,F811 exits 0 — no undefined names, no redefinitions ✅

joshbouncesecurity marked this pull request as ready for review May 7, 2026 11:21

joshbouncesecurity requested review from ar7casper, dgeyshis, shahar-davidson, sounil and yotamleo as code owners May 7, 2026 11:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: add ruff lint with F821/F811 rules#44

ci: add ruff lint with F821/F811 rules#44
joshbouncesecurity wants to merge 1 commit intoknostic:masterfrom
joshbouncesecurity:ci/issue16-02-ruff-lint

joshbouncesecurity commented May 4, 2026

Uh oh!

joshbouncesecurity commented May 4, 2026

Uh oh!

joshbouncesecurity commented May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

joshbouncesecurity commented May 4, 2026

Summary

Test plan

Uh oh!

joshbouncesecurity commented May 4, 2026

Manual verification

Uh oh!

joshbouncesecurity commented May 4, 2026

Local test results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant