Security warnings on macOS

[jpn--]

Hi! Thanks for making ruff, it's a great tool. I also appreciate the regular development and updates, and I've configured a hook to automatically keep some of my repositories on the latest versions of ruff and related tools.

However, I've found that Apple's "Gatekeeper" security is getting more and more onerous, requiring me to re-authorize ruff on every repo, every time it gets an update. They recently took away the click one button way to do this, now I have to go dig in the system settings panels every time. Is there a way to use some kind of Astral-signed version of Ruff with pre-commit that won't give me all these security warnings? Or is this inconvenience just the price I pay to live in Apple's world?

[MichaReiser]

Thanks for the kind words.

Hmm interesting. I've never seen a security warning when running ruff as part of pre-commit. Can you tell me more on how you run ruff?

[jpn--]

I created a small placebo repository to replicate my problem: https://github.com/jpn--/placebo

I can check out this repo, run "pre-commit install" on it to activate the hooks, then when I try to commit a change to Python code in the repo, either using a GUI or even just git commit on the command line I get this system popup:

I actually see the pop-up twice, I presume once for the ruff and a second time for the ruff-format in my .pre-commit-config.yaml.

After triggering this warning, if I go to  > System Preferences > Privacy & Security, I can see this:

If I click here on "Allow Anyway" and re-try the commit, it will work, but only until I update the version of ruff listed in the .pre-commit-config.yaml, or reset my pre-commit cache, at which time the whole thing starts again.

I am running macOS Sequoia Version 15.1.1 (24B91).

[dhruvmanila]

Thanks for creating a repository! I'm currently on 15.1.1 macOS version and it seems to be running fine on my machine.

Can you tell us how did you install pre-commit? Does it occur only when running Ruff via pre-commit or does invoking ruff from the command-line also gives you this popup?

[jpn--]

I have installed pre-commit (and ruff, for manual use) via homebrew. I just updated homebrew itself, and both ruff and pre-commit to the latest versions, which has not fixed my issue. I don't get the security warning message when I invoke the regular ruff from the command line myself, which is /opt/homebrew/bin/ruff. I do get the security warning message when I explicitly run the copy of ruff that pre-commit has cached: ~/.cache/pre-commit/repoxlgredg0/py_env-python3.13/bin/ruff.

[MichaReiser]

when I explicitly run the copy of ruff that pre-commit has cached: ~/.cache/pre-commit/repoxlgredg0/py_env-python3.13/bin/ruff.

Do I understand this correctly that you manually run ~/.cache/pre-commit/repoxlgredg0/py_env-python3.13/bin/ruff? You don't run ruff using pre-commit?

[jpn--]

I definitely do not normally manually run ~/.cache/pre-commit/repoxlgredg0/py_env-python3.13/bin/ruff, I let pre-commit do that for me, which is kind of the point of pre-commit, right? An hour ago just before my previous message was the first time I ever tried to do that manual command. I was just noting that if I manually run that copy of Ruff, I get the same error.