chore: track trunk meta-linter config#180
Merged
Merged
Conversation
Add .trunk/trunk.yaml plus the local config files (.gitignore, markdownlint, shellcheckrc, yamllint) so the trunk meta-linter configuration lives in the repo instead of single-player mode. The trunk.yaml mirrors the helly25/toolchains_llvm setup with custom buildifier (--lint=fix) and shfmt (no -s flag) definitions, and keeps clang-format/clang-tidy enabled for this C++ project. Also adds /.trunk/out to the root .gitignore. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add a `trunk` job to .github/workflows/main.yml using the trunk-io/trunk-action@v1; it runs `trunk check` only (no GitHub-side auto-fix). Devs are required to run `trunk check`/`trunk fmt` locally before pushing. - Add `permissions: read-all` at the workflow level so the new job satisfies checkov CKV2_GHA_1, and drop the job-level permissions override (annotations are not required — pass/fail is enough). - Bump trunk's clang-format to 19.1.6 and clang-tidy to 19.1.7 to match the version used by the existing pre-commit clang-format hook (v19.1.6). - Note in README that trunk is required locally and that CI does not auto-fix. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #179 replaced the egor-tensin/setup-gcc action with a manual `apt install gcc-N + update-alternatives` step. The alternatives system manages /usr/bin/gcc, but the Build-and-Test script still exports CC=/usr/local/bin/gcc — a path nothing creates anymore. Recent ubuntu-latest runner images no longer ship a stale symlink there, which is why test-gcc jobs now fail with `execvp(/usr/local/bin/gcc, ...): No such file or directory`. Point CC/CXX at /usr/bin/gcc and /usr/bin/g++ to match what update-alternatives actually installs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Python here is only the runtime for the pre-commit framework itself (per-hook envs are installed by pre-commit independently), so 3.13 is a drop-in upgrade. Quoted the value so YAML doesn't truncate 3.10/3.13 trailing-zero edge cases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fab-Cat
approved these changes
May 16, 2026
helly25
added a commit
that referenced
this pull request
May 17, 2026
After PR #180 enabled trunk as a meta-linter, four tools ran in both pre-commit and trunk. That caused real conflicts (shfmt: pre-commit formats to 2-space indent, trunk reformatted to tabs because its custom definition omitted -i=2) and noisy duplicate diagnostics for the rest. Decide ownership per tool, bias toward leaving pre-commit alone since it has been working and trunk is brand new. Decisions: * shfmt: pre-commit owns it. The project pins -bn -ci -i=2 -w in .pre-commit-config.yaml; trunk's custom definition had only -w and defaulted to tabs. Drop from trunk. * actionlint: pre-commit owns it. Pre-commit pins -shellcheck '' to suppress nested shellcheck noise; trunk would have to replicate the flag for parity. Drop from trunk. * shellcheck: pre-commit owns it. Move the project config from .trunk/configs/.shellcheckrc to a repo-root .shellcheckrc so pre-commit's shellcheck picks it up automatically (shellcheck auto-discovers up from the target). Drop `enable=all` because pre-commit's shellcheck didn't have it before and the move would otherwise silently raise strictness. Keep `disable=SC2154` with a comment explaining why (Bazel sh_test + GitHub Actions runner env vars). Drop shellcheck from trunk. * buildifier: trunk owns it. Trunk's custom definition cleanly splits --lint=fix (formatter) from --lint=warn (diagnostic) with a JSON output parser and pins a newer version (8.5.1 vs pre-commit's 8.2.0). Drop the keith/pre-commit-buildifier repo from .pre-commit-config.yaml. * check-yaml and yamllint stay as-is — they overlap on syntax but yamllint adds style coverage; cost is ~1s. Tools that stay trunk-only (no pre-commit equivalent in the repo): checkov, clang-tidy, git-diff-check, markdownlint, prettier, trivy, trufflehog, yamllint. Tools that stay pre-commit-only (no trunk equivalent or custom checks): check-added-large-files, check-merge-conflict, check-yaml, end-of-file-fixer, trailing-whitespace, and the seven local custom hooks (mope-*, *-patch-applies, compare-versions, no-do-not-merge, no-todos-without-context). Pre-commit cannot be dropped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
helly25
added a commit
that referenced
this pull request
May 17, 2026
After enabling trunk as a meta-linter in #180, a full-repo scan surfaced 50 latent findings. This commit clears them. Policy edits: * .trunk/trunk.yaml: override clang-tidy's `run_when` from the plugin's `[cli, monitor, ci]` to `[cli, monitor]`. clang-tidy is fundamentally useless without compile_commands.json; local devs generate it via `bazel run @hedron_compile_commands//:refresh_all` but CI does not. The CI sandbox would otherwise emit ~20 "<header> file not found" diagnostics on every run. * .trunk/configs/.yamllint.yaml: disable `quoted-strings`. The `only-when-needed` setting collides with prettier (which prefers double quotes for many YAML strings) and the rule is purely stylistic — yamllint's other useful checks remain. * .github/workflows/{cache_cleanup,release,test}.yml: declare `permissions: read-all` at the workflow level to satisfy checkov CKV2_GHA_1. cache_cleanup uses secrets.CACHE_ACCESS (a custom PAT) so the default GITHUB_TOKEN does not need write scopes; release.yml's existing job-level `contents: write` override is preserved. Auto-fix sweep (applied once now that trunk owns the relevant formatters): * .bcr/metadata.template.json, .bcr/presubmit.yml: prettier reformatted JSON and YAML indentation. * CODE_OF_CONDUCT.md, CONTRIBUTING.md: prettier/markdownlint reformatted bullets and added language tags to fenced code blocks (MD040). * README.md, RULES.md: markdownlint trailing-punctuation fixes (MD026), missing language tags (MD040), top-level heading placement (MD041), and image alt text (MD045). The two affected section headings were edited by hand to shorter forms with the descriptive sentence moved to body prose. After this commit `trunk check -a` reports zero CI-visible findings; the remaining 25 are all clang-tidy diagnostics now gated to local-only via `run_when: [cli, monitor]`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
helly25
added a commit
that referenced
this pull request
May 18, 2026
* ci: bump checkout to v6 and cache to v5 for Node 24 readiness GitHub will force javascript actions to Node 24 by default on 2026-06-02 and remove Node 20 from runners on 2026-09-16. Current CI runs emit a deprecation warning on every job for: - actions/checkout@v4 -> bump to v6 (Node 24) - actions/cache/restore@v4 -> bump to v5 (Node 24) - actions/cache/save@v4 -> bump to v5 (Node 24) bazelbuild/setup-bazelisk only has v3.0.0 and no Node 24 release yet, so it is intentionally left at v3; the warning for that one will clear once upstream cuts a new tag (or once we move past it). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(lint): split trunk vs pre-commit ownership of overlapping tools After PR #180 enabled trunk as a meta-linter, four tools ran in both pre-commit and trunk. That caused real conflicts (shfmt: pre-commit formats to 2-space indent, trunk reformatted to tabs because its custom definition omitted -i=2) and noisy duplicate diagnostics for the rest. Decide ownership per tool, bias toward leaving pre-commit alone since it has been working and trunk is brand new. Decisions: * shfmt: pre-commit owns it. The project pins -bn -ci -i=2 -w in .pre-commit-config.yaml; trunk's custom definition had only -w and defaulted to tabs. Drop from trunk. * actionlint: pre-commit owns it. Pre-commit pins -shellcheck '' to suppress nested shellcheck noise; trunk would have to replicate the flag for parity. Drop from trunk. * shellcheck: pre-commit owns it. Move the project config from .trunk/configs/.shellcheckrc to a repo-root .shellcheckrc so pre-commit's shellcheck picks it up automatically (shellcheck auto-discovers up from the target). Drop `enable=all` because pre-commit's shellcheck didn't have it before and the move would otherwise silently raise strictness. Keep `disable=SC2154` with a comment explaining why (Bazel sh_test + GitHub Actions runner env vars). Drop shellcheck from trunk. * buildifier: trunk owns it. Trunk's custom definition cleanly splits --lint=fix (formatter) from --lint=warn (diagnostic) with a JSON output parser and pins a newer version (8.5.1 vs pre-commit's 8.2.0). Drop the keith/pre-commit-buildifier repo from .pre-commit-config.yaml. * check-yaml and yamllint stay as-is — they overlap on syntax but yamllint adds style coverage; cost is ~1s. Tools that stay trunk-only (no pre-commit equivalent in the repo): checkov, clang-tidy, git-diff-check, markdownlint, prettier, trivy, trufflehog, yamllint. Tools that stay pre-commit-only (no trunk equivalent or custom checks): check-added-large-files, check-merge-conflict, check-yaml, end-of-file-fixer, trailing-whitespace, and the seven local custom hooks (mope-*, *-patch-applies, compare-versions, no-do-not-merge, no-todos-without-context). Pre-commit cannot be dropped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(trunk): clear `trunk check -a` findings across the repo After enabling trunk as a meta-linter in #180, a full-repo scan surfaced 50 latent findings. This commit clears them. Policy edits: * .trunk/trunk.yaml: override clang-tidy's `run_when` from the plugin's `[cli, monitor, ci]` to `[cli, monitor]`. clang-tidy is fundamentally useless without compile_commands.json; local devs generate it via `bazel run @hedron_compile_commands//:refresh_all` but CI does not. The CI sandbox would otherwise emit ~20 "<header> file not found" diagnostics on every run. * .trunk/configs/.yamllint.yaml: disable `quoted-strings`. The `only-when-needed` setting collides with prettier (which prefers double quotes for many YAML strings) and the rule is purely stylistic — yamllint's other useful checks remain. * .github/workflows/{cache_cleanup,release,test}.yml: declare `permissions: read-all` at the workflow level to satisfy checkov CKV2_GHA_1. cache_cleanup uses secrets.CACHE_ACCESS (a custom PAT) so the default GITHUB_TOKEN does not need write scopes; release.yml's existing job-level `contents: write` override is preserved. Auto-fix sweep (applied once now that trunk owns the relevant formatters): * .bcr/metadata.template.json, .bcr/presubmit.yml: prettier reformatted JSON and YAML indentation. * CODE_OF_CONDUCT.md, CONTRIBUTING.md: prettier/markdownlint reformatted bullets and added language tags to fenced code blocks (MD040). * README.md, RULES.md: markdownlint trailing-punctuation fixes (MD026), missing language tags (MD040), top-level heading placement (MD041), and image alt text (MD045). The two affected section headings were edited by hand to shorter forms with the descriptive sentence moved to body prose. After this commit `trunk check -a` reports zero CI-visible findings; the remaining 25 are all clang-tidy diagnostics now gated to local-only via `run_when: [cli, monitor]`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ci): restrict pre-commit clang-format to C/C++, drop JSON conflict mirrors-clang-format v19.1.6's default `types_or` includes `json`, because clang-format 14+ added JSON formatting support. trunk's prettier also formats JSON, and the two disagree on array layout: prettier compacts short arrays to a single line, clang-format expands them. The `.bcr/metadata.template.json` change pushed in the previous commit went through trunk-fmt-pre-commit (prettier) but CI's pre-commit then ran clang-format which reverted it, causing the hook to report "files were modified by this hook" and fail. Override `types_or: [c, c++, cuda]` so clang-format only touches actual C/C++/CUDA sources. JSON formatting stays trunk-prettier's job. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.trunk/trunk.yamlplus the local config files (.gitignore,.markdownlint.yaml,.shellcheckrc,.yamllint.yaml) so the trunk meta-linter is shared via the repo rather than installed only locally in single-player mode.buildifierdefinition with--lint=fix, and a customshfmtdefinition that drops the default-ssimplification flag to avoid unwanted semantic changes. Keepsclang-formatandclang-tidyenabled for this C++ project./.trunk/outto the root.gitignore.Renovate is intentionally NOT in the
disabled:list here — this repo has no renovate config so there is nothing to suppress.Test plan
trunk checkruns locally without errors against the new config🤖 Generated with Claude Code