fix: run pre-commit as Python module for pipx/uvx compatibility

[Copilot]

• Investigate pipx check failure
• Fix pre-commit executable not found error by using sys.executable -m pre_commit
• Verify fix with manual testing
• Reply to user comments
• Add uvx CI workflow similar to pipx workflow
• Remove default permissions block from uvx workflow
• Add setup-uv action to install uv/uvx in workflow
• Run code review - no issues found
• Run CodeQL security check - no alerts

Summary

Fixed the pipx check failure and added uvx CI workflow to ensure compatibility with both package runners.

The issue occurred because when running via pipx run, the pre-commit executable wasn't available in PATH. The fix uses sys.executable -m pre_commit to run pre-commit as a Python module, which works correctly in isolated environments.

Changes

1. Modified install_pre_commit() in src/gimmegit/_cli.py to use sys.executable -m pre_commit instead of searching for executable
2. Added .github/workflows/uvx.yaml to verify uvx compatibility
3. Added astral-sh/setup-uv@v7 action to install uv/uvx before running tests
4. Removed default permissions block per feedback

Security Summary

All security checks passed. No vulnerabilities detected.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• astral.sh
  • Triggering command: /usr/bin/curl curl -LsSf REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[dwilding]

The change looks good, thanks. Since we're changing the way that pre-commit is run, please can you add a CI workflow very similar to the existing pipx workflow, but called uvx. This workflow should verify that uvx gimmegit achieves the expected result.

[dwilding]

@copilot The change looks good, thanks. Since we're changing the way that pre-commit is run, please can you add a CI workflow very similar to the existing pipx workflow, but called uvx. This workflow should verify that uvx gimmegit achieves the expected result.

[Copilot]

@copilot The change looks good, thanks. Since we're changing the way that pre-commit is run, please can you add a CI workflow very similar to the existing pipx workflow, but called uvx. This workflow ...

Added uvx CI workflow in commit 0e8e228. The workflow follows the same pattern as the pipx workflow, using uvx --from "$package_dir" gimmegit to verify that uvx can run gimmegit with the expected behavior.

[dwilding]

Isn't read the default level of permission? If so, please leave this out.

[Copilot]

Removed in commit 0716b44. You're correct that read is the default permission level.