[build] Script to update Bazel multitool.lock.json (and update ruff) (#16061)

* Script to update Bazel multitool.lock.json
* Update ruff dependency for Python

Author: cgoldberg

multitool.lock.json

@@ -4,44 +4,44 @@
     "binaries": [
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-aarch64-unknown-linux-musl.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-aarch64-unknown-linux-musl.tar.gz",
         "file": "ruff-aarch64-unknown-linux-musl/ruff",
-        "sha256": "3ca33d9b68b8b0bc7e3673b7638910ac2f7c5399303b37bec4d13c005481a78a",
+        "sha256": "7890e49b12c1321688540324a7788457a22711657301598402cba1a9e9be6607",
         "os": "linux",
         "cpu": "arm64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-unknown-linux-musl.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-unknown-linux-musl.tar.gz",
         "file": "ruff-x86_64-unknown-linux-musl/ruff",
-        "sha256": "bb64b083767a5fd0a62e10e9a35614974ad53025e2878cf14a0c698680e6c30c",
+        "sha256": "6ee9216ba4f7fd761e68bd5c23958e662c67fcff8f49e511660d557431b4bd7c",
         "os": "linux",
         "cpu": "x86_64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-aarch64-apple-darwin.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-aarch64-apple-darwin.tar.gz",
         "file": "ruff-aarch64-apple-darwin/ruff",
-        "sha256": "814ccb26bed9c027bfc20ac88d33494ab0be62721757c73be70e26c23efbb3f7",
+        "sha256": "5769e4841870d1f7c17f12a7d1437222e8035eded52f93c54c035c770dbffebb",
         "os": "macos",
         "cpu": "arm64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-apple-darwin.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-apple-darwin.tar.gz",
         "file": "ruff-x86_64-apple-darwin/ruff",
-        "sha256": "8bef00e82bc07ea26b45adcffc3d55b2d0821f3a3e4d5f441f4dd4ad608fc1be",
+        "sha256": "472a4790db11a8bcd79cf7b731fb1c036c376f9cc4e6532099f8f39a6f86b9bb",
         "os": "macos",
         "cpu": "x86_64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-pc-windows-msvc.zip",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-pc-windows-msvc.zip",
         "file": "ruff-x86_64-pc-windows-msvc/ruff.exe",
-        "sha256": "b7619ff27098a4d7f37c52fb8fc61ccfe677aaade7722a385b40f8d5273ebddd",
+        "sha256": "37dc6f2f5756421fc59fe5f841ecaa92beee38a39751dfe5a42bdc13992da3d5",
         "os": "windows",
         "cpu": "x86_64"
       }
     ]
   }
-}
+}

py/tox.ini

@@ -43,7 +43,7 @@ commands =
 [testenv:linting]
 skip_install = true
 deps =
-    ruff==0.11.12
+    ruff==0.12.3
 commands =
     ruff check --fix --show-fixes --exit-non-zero-on-fix .
     ruff format --exit-non-zero-on-format .

scripts/update_multitool_binaries.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+
+"""
+This script updates the version of tool binaries defined in a Bazel rules_multitool lockfile.
+If the tool has binaries hosted in a public GitHub repo's Release assets, it will update the
+lockfile's URL and hash to the latest versions, otherwise it will skip it.
+
+See: https://github.com/theoremlp/rules_multitool
+
+-----------------------------------------------------------------------------------------------------------
+usage: update_multitool_binaries.py [-h] [--file LOCKFILE_PATH]
+
+options:
+  -h, --help            show this help message and exit
+  --file LOCKFILE_PATH  path to multitool lockfile (defaults to 'multitool.lock.json' in current directory)
+-----------------------------------------------------------------------------------------------------------
+"""
+
+import argparse
+import json
+import os
+import re
+import urllib.request
+
+
+def run(lockfile_path):
+    with open(lockfile_path) as f:
+        data = json.load(f)
+
+    for tool in [tool for tool in data if tool != "$schema"]:
+        match = re.search(f"download/(.*?)/{tool}", data[tool]["binaries"][0]["url"])
+        if match:
+            version = match[1]
+        else:
+            continue
+        match = re.search("github.com/(.*?)/releases", data[tool]["binaries"][0]["url"])
+        if match:
+            releases_url = f"https://api.github.com/repos/{match[1]}/releases/latest"
+        else:
+            continue
+        try:
+            with urllib.request.urlopen(releases_url) as response:
+                json_resp = json.loads(response.read())
+                new_version = json_resp["tag_name"]
+                assets = json_resp["assets"]
+        except Exception:
+            continue
+        if new_version != version:
+            print(f"found new version of '{tool}': {new_version}")
+            urls = [asset.get("browser_download_url") for asset in assets]
+            hashes = [asset.get("digest").split(":")[1] for asset in assets]
+            for binary in data[tool]["binaries"]:
+                new_url = binary["url"].replace(version, new_version)
+                new_hash = hashes[urls.index(new_url)]
+                binary["url"] = new_url
+                binary["sha256"] = new_hash
+
+    with open(lockfile_path, "w") as f:
+        json.dump(data, f, indent=2)
+
+    print(f"\ngenerated new '{lockfile_path}' with updated urls and hashes")
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--file",
+        dest="lockfile_path",
+        default=os.path.join(os.getcwd(), "multitool.lock.json"),
+        help="path to multitool lockfile (defaults to 'multitool.lock.json' in current directory)",
+    )
+    args = parser.parse_args()
+    run(args.lockfile_path)
+
+
+if __name__ == "__main__":
+    main()