ci: add ruff format enforcement to CI and pre-commit hooks (#197)

* fix: formatting

* ci(lint): add ruff format checks to CI and pre-commit hooks

Add ruff formatting enforcement at multiple levels:
- Tekton CI pipelines: ruff-format-check task for all 6 pipelines
- Pre-commit hooks: auto-format on commit via .pre-commit-config.yaml
- Dev setup: auto-install hooks in init.sh

Uses UBI9 minimal image for faster CI execution.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: remove merge conflict markers and add missing BOT_SPRINT_PREFIX env var

* fix: use trusted task-script bundle instead of inline taskSpec for ruff checks

Konflux Enterprise Contract requires all tasks to use trusted
bundle references. Replaced inline taskSpec with taskRef pointing
to quay.io/konflux-ci/tekton-catalog/task-script:0.1.

This resolves the trusted_task.trusted violation while maintaining
the same ruff format checking functionality.

* fix: use custom Task resource instead of bundle for ruff format checks

Konflux doesn't provide a generic task-script bundle. Instead, create
a custom Task resource (ruff-format-check-task.yaml) that can be
referenced by name in all pipelines.

This resolves the bundle authentication error while maintaining
ruff format enforcement in CI that cannot be bypassed.

* fix: use git resolver for ruff-format-check task instead of namespace task

Use Tekton git resolver to fetch the task definition from the same
repository and revision being built. This keeps the task definition
version-controlled with the code and doesn't require deploying a
separate Task resource to the namespace.

The task is resolved from .tekton/ruff-format-check-task.yaml at
the same revision as the code being tested.

* refactor: switch ruff format check from Tekton to GitHub Actions

Replace Tekton-based ruff format checks with simpler GitHub Actions workflow.

- Remove custom Tekton task and git resolver references from all 6 pipelines
- Add .github/workflows/ruff-format.yml for CI formatting checks
- Keep pre-commit hooks for local enforcement

Tekton approach hit Enterprise Contract policy restrictions.
GitHub Actions provides simpler, more maintainable solution.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* chore: trigger proxy pipeline rebuild

* chore: touch proxy config to force pipeline rebuild

Proxy artifact from commit 2392590 still has untrusted ruff task.
Force rebuild with updated pipeline (task removed).

* temp: disable proxy path filtering to force rebuild

Remove path filtering from proxy pipeline CEL expression.
This will trigger proxy rebuild with clean pipeline (no ruff task).
Will re-enable path filtering after artifact is clean.

* chore: re-enable proxy path filtering

Restore original CEL expression now that proxy artifact is clean.
Proxy will only rebuild when proxy/, Dockerfile, or pipeline YAML changes.

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: catastrophe-brandon

.claude/skills/gh-release-upload/upload.py

@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 """Upload a file to GitHub Releases via the proxy upload endpoint."""
+
 import json
 import mimetypes
 import os

.claude/skills/new-work/new_work.py

@@ -18,26 +18,109 @@
 from jira_mcp import jira_call
 from paths import SLEEP_FILE
 
-PROJECT_REPOS = Path(__file__).resolve().parent.parent.parent.parent / "project-repos.json"
+PROJECT_REPOS = (
+    Path(__file__).resolve().parent.parent.parent.parent / "project-repos.json"
+)
 BOT_LABEL = os.environ.get("BOT_LABEL", "")
-BOT_INCLUDE_BACKLOG = os.environ.get("BOT_INCLUDE_BACKLOG", "").lower() in ("1", "true", "yes")
+BOT_BOARD_ID = os.environ.get("BOT_BOARD_ID", "")
+BOT_BOARD_NAME = os.environ.get("BOT_BOARD_NAME", "")
+BOT_SPRINT_PREFIX = os.environ.get("BOT_SPRINT_PREFIX", "")
+BOT_INCLUDE_BACKLOG = os.environ.get("BOT_INCLUDE_BACKLOG", "").lower() in (
+    "1",
+    "true",
+    "yes",
+)
 BOT_JIRA_EMAIL = os.environ.get("BOT_JIRA_EMAIL", "")
 NOT_STARTED_STATUSES = ("New", "Backlog", "Refinement", "To Do")
 
 
 def jira_search(jql, limit=10):
-    data = jira_call("jira_search", {
-        "jql": jql,
-        "limit": limit,
-        "fields": "summary,status,labels,assignee,priority,description,comment,issuelinks,issuetype",
-    })
+    data = jira_call(
+        "jira_search",
+        {
+            "jql": jql,
+            "limit": limit,
+            "fields": "summary,status,labels,assignee,priority,description,comment,issuelinks,issuetype",
+        },
+    )
     if not data:
         print("ERR: Jira search returned no data", file=sys.stderr)
         return []
     issues = data if isinstance(data, list) else data.get("issues", [])
     return issues
 
 
+def resolve_board_id():
+    if BOT_BOARD_ID:
+        return BOT_BOARD_ID
+    if not BOT_BOARD_NAME:
+        print(
+            "WARN: neither BOT_BOARD_ID nor BOT_BOARD_NAME set, skipping sprint query",
+            file=sys.stderr,
+        )
+        return None
+    data = jira_call(
+        "jira_get_agile_boards",
+        {
+            "board_name": BOT_BOARD_NAME,
+            "limit": 1,
+        },
+    )
+    if not data:
+        print(f"ERR: no board found matching name '{BOT_BOARD_NAME}'", file=sys.stderr)
+        return None
+    boards = data if isinstance(data, list) else data.get("values", [])
+    if not boards:
+        print(f"ERR: no board found matching name '{BOT_BOARD_NAME}'", file=sys.stderr)
+        return None
+    board = boards[0]
+    print(
+        f"Resolved board: {board.get('name', '?')} (id={board['id']})", file=sys.stderr
+    )
+    return str(board["id"])
+
+
+def get_active_sprint():
+    board_id = resolve_board_id()
+    if not board_id:
+        return None
+    data = jira_call(
+        "jira_get_sprints_from_board",
+        {
+            "board_id": board_id,
+            "state": "active",
+            "limit": 10,
+        },
+    )
+    if not data:
+        return None
+    sprints = data if isinstance(data, list) else data.get("values", [])
+    if not sprints:
+        return None
+    if BOT_SPRINT_PREFIX:
+        matched = [
+            s for s in sprints if s.get("name", "").startswith(BOT_SPRINT_PREFIX)
+        ]
+        if matched:
+            sprint = matched[0]
+            print(
+                f"Active sprint (prefix={BOT_SPRINT_PREFIX}): {sprint.get('name', '?')} (id={sprint['id']})",
+                file=sys.stderr,
+            )
+            return sprint
+        names = [s.get("name", "?") for s in sprints]
+        print(
+            f"WARN: no sprint matching prefix '{BOT_SPRINT_PREFIX}', available: {names}",
+            file=sys.stderr,
+        )
+        return None
+    sprint = sprints[0]
+    print(
+        f"Active sprint: {sprint.get('name', '?')} (id={sprint['id']})", file=sys.stderr
+    )
+    return sprint
+
+
 def load_project_repos():
     try:
         return json.loads(PROJECT_REPOS.read_text())
@@ -59,7 +142,9 @@ def build_repo_lookup(repos_dict):
 
 
 def match_repo_labels(labels, repo_lookup):
-    repo_labels = [l.replace("repo:", "") for l in labels if l.startswith("repo:")]
+    repo_labels = [
+        label.replace("repo:", "") for label in labels if label.startswith("repo:")
+    ]
     if not repo_labels:
         return []
     matched = [repo_lookup[r] for r in repo_labels if r in repo_lookup]
@@ -107,7 +192,9 @@ def collect(jql, tag):
     # Tier 3: backlog (no sprint)
     if len(candidates) < 10 and BOT_INCLUDE_BACKLOG:
         if BOT_JIRA_EMAIL:
-            assignee_filter = f'AND (assignee is EMPTY OR assignee = "{BOT_JIRA_EMAIL}") '
+            assignee_filter = (
+                f'AND (assignee is EMPTY OR assignee = "{BOT_JIRA_EMAIL}") '
+            )
         else:
             assignee_filter = "AND assignee is EMPTY "
         collect(
@@ -124,18 +211,20 @@ def collect(jql, tag):
         repos = match_repo_labels(labels, repo_lookup)
         comments = (fields.get("comment", {}).get("comments") or [])[-5:]
 
-        results.append({
-            "key": issue["key"],
-            "summary": fields.get("summary", ""),
-            "status": fields.get("status", {}).get("name", "?"),
-            "priority": fields.get("priority", {}).get("name", "?"),
-            "type": fields.get("issuetype", {}).get("name", "?"),
-            "labels": labels,
-            "repos": repos,
-            "description": fields.get("description") or "",
-            "comments": comments,
-            "links": fields.get("issuelinks", []),
-        })
+        results.append(
+            {
+                "key": issue["key"],
+                "summary": fields.get("summary", ""),
+                "status": fields.get("status", {}).get("name", "?"),
+                "priority": fields.get("priority", {}).get("name", "?"),
+                "type": fields.get("issuetype", {}).get("name", "?"),
+                "labels": labels,
+                "repos": repos,
+                "description": fields.get("description") or "",
+                "comments": comments,
+                "links": fields.get("issuelinks", []),
+            }
+        )
     return results
 
 
@@ -145,20 +234,26 @@ def fmt_candidate(c):
     if c["repos"]:
         lines.append(f"  repos: {','.join(c['repos'])}")
     else:
-        repo_labels = [l for l in c["labels"] if l.startswith("repo:")]
+        repo_labels = [label for label in c["labels"] if label.startswith("repo:")]
         if repo_labels:
-            lines.append(f"  repo_labels: {','.join(repo_labels)} (NO MATCH in project-repos.json)")
+            lines.append(
+                f"  repo_labels: {','.join(repo_labels)} (NO MATCH in project-repos.json)"
+            )
         else:
             lines.append("  repos: (no repo: label)")
-    other_labels = [l for l in c["labels"] if not l.startswith("repo:") and l != BOT_LABEL]
+    other_labels = [
+        label
+        for label in c["labels"]
+        if not label.startswith("repo:") and label != BOT_LABEL
+    ]
     if other_labels:
         lines.append(f"  labels: {','.join(other_labels)}")
     for lk in c["links"][:5]:
         lt = lk.get("type", {}).get("name", "?")
         linked = lk.get("inwardIssue") or lk.get("outwardIssue", {})
         if linked:
             lk_status = linked.get("fields", {}).get("status", {}).get("name", "?")
-            lines.append(f"  link: {lt} {linked.get('key','?')} [{lk_status}]")
+            lines.append(f"  link: {lt} {linked.get('key', '?')} [{lk_status}]")
     if c["description"]:
         lines.append("  description:")
         for dl in c["description"].strip().split("\n"):
@@ -180,7 +275,9 @@ def main():
     if not candidates:
         print("NO CANDIDATES FOUND")
         SLEEP_FILE.parent.mkdir(parents=True, exist_ok=True)
-        SLEEP_FILE.write_text(json.dumps({"recommended_sleep": 3600, "reason": "no_eligible_work"}))
+        SLEEP_FILE.write_text(
+            json.dumps({"recommended_sleep": 3600, "reason": "no_eligible_work"})
+        )
         return
 
     print(f"NEW WORK CANDIDATES ({len(candidates)})")
@@ -193,7 +290,9 @@ def main():
     without_repos = [c for c in candidates if not c["repos"]]
     print(f"-> {len(with_repos)} with matching repos, {len(without_repos)} without")
     if with_repos:
-        print(f"-> Top pick: {with_repos[0]['key']} repos={','.join(with_repos[0]['repos'])}")
+        print(
+            f"-> Top pick: {with_repos[0]['key']} repos={','.join(with_repos[0]['repos'])}"
+        )
 
 
 if __name__ == "__main__":

.claude/skills/post-pr/post_pr.py

@@ -17,14 +17,9 @@
 from scripts.post_pr_operations import execute_post_pr_workflow
 
 sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
-from jira_mcp import jira_call
 
 # Configure logging
-logging.basicConfig(
-    level=logging.INFO,
-    format="[post-pr] %(levelname)s: %(message)s",
-    stream=sys.stdout
-)
+logging.basicConfig(level=logging.INFO, format="[post-pr] %(levelname)s: %(message)s", stream=sys.stdout)
 logger = logging.getLogger(__name__)
 
 
@@ -163,7 +158,7 @@ def main():
     pr_number = task["pr_number"]
     summary = task.get("summary", "")
 
-    logger.info(f"Task validated successfully")
+    logger.info("Task validated successfully")
     logger.info(f"  JIRA: {jira_key}")
     logger.info(f"  PR: {pr_url} (#{pr_number})")
     logger.info(f"  Summary: {summary or '(none)'}")
@@ -193,12 +188,14 @@ def main():
     print("=" * 80)
 
     for op in result.operations:
-        status_icon = (
-            "[OK]" if op.status.value == "success"
-            else "[FAIL]" if op.status.value == "failed"
-            else "[SKIP]"
+        status_icon = "[OK]" if op.status.value == "success" else "[FAIL]" if op.status.value == "failed" else "[SKIP]"
+        level = (
+            logging.INFO
+            if op.status.value == "success"
+            else logging.WARNING
+            if op.status.value == "skipped"
+            else logging.ERROR
         )
-        level = logging.INFO if op.status.value == "success" else logging.WARNING if op.status.value == "skipped" else logging.ERROR
         logger.log(level, f"{status_icon} {op.operation}: {op.message}")
 
     print("=" * 80)