Skip to content
Latchkey

astral-sh/ruff-action

Lint or format-check Python with Ruff, auto-resolving the version from pyproject.toml.

Official actionCategory: Code Quality & LintingLatest v4View on GitHub

What it does

astral-sh/ruff-action is the official action for Ruff, the fast Python linter and formatter. By default it runs ruff check over the workspace.

The Ruff version is resolved from pyproject.toml (searched upward from src), a version-file, or an explicit version input, falling back to latest, so CI matches the version your project pins.

Usage

workflow (.yml)
steps:
  - uses: actions/checkout@v4
  - uses: astral-sh/ruff-action@v4          # ruff check (default)
  - uses: astral-sh/ruff-action@v4
    with:
      args: format --check

Inputs

InputDescriptionDefaultRequired
argsArguments passed to Ruff. Defaults to check.checkNo
srcSource path(s) or glob pattern(s) to run Ruff on. Defaults to the current workspace.${{ github.workspace }}No
versionThe version of Ruff to use, e.g. 0.6.0. Defaults to the first discoverable version in pyproject.toml, or latest.-No
version-filePath to a pyproject.toml, requirements.txt or uv.lock file to read the version from.-No
github-tokenUsed for authenticated downloads of Ruff release artifacts from GitHub.${{ github.token }}No

Outputs

OutputDescription
ruff-versionThe installed ruff version. Useful when using latest.

Notes

In CI use args: format --check, plain format rewrites files on the runner and exits 0, so the job passes without telling you anything.

Pin the Ruff version in pyproject.toml (or the version input) so lint results are reproducible; unpinned latest can start failing when a new Ruff release adds rules.

Common errors

  • GitHub API rate-limit failures while downloading Ruff happen when the mirror is disabled and the token is missing; keep download-from-astral-mirror on (default) or pass github-token.
  • A run that passes in CI but fails locally (or vice versa) usually means different Ruff versions, check the ruff-version output against your local ruff --version and pin the version.

Security and pinning

  • Pin the action to a commit SHA and pin the Ruff version, the action downloads and executes a release binary as part of the job.

Alternatives and related

Frequently asked questions

Which Ruff version does the action install?
By default it reads the version pinned in pyproject.toml (searched upward from src), or a version-file like uv.lock; if nothing is found it uses the latest release. The resolved version is exposed as the ruff-version output.
Running astral-sh/ruff-action? Run it on Latchkey managed runners - self-healing and caching included. Start free → 30-day trial · No credit card