Skip to content

Enforce pre-commit in CI#470

Merged
ianpittwood merged 2 commits into
mainfrom
worktree-pre-commit
Apr 27, 2026
Merged

Enforce pre-commit in CI#470
ianpittwood merged 2 commits into
mainfrom
worktree-pre-commit

Conversation

@bschwedler
Copy link
Copy Markdown
Contributor

@bschwedler bschwedler commented Apr 16, 2026
edited
Loading

Summary

  • Adds a lint job to ci.yml that runs pre-commit on every push/PR/merge_group, gated by the meta ci job's needs: list so hook failures block merges
  • Swaps beautyshshfmt in .pre-commit-config.yaml (beautysh is unmaintained and broken on Python 3.12)
  • Removes a commented-out mypy block and the beautysh setuptools workaround
  • Inline lint job: SHA-pinned to actions/checkout@v6.0.2, actions/setup-python@v5.6.0, pre-commit/action@v3.0.1; permissions: contents: read; SKIP: no-commit-to-branch env

No reusable workflow — the job is small enough that inlining avoids cross-repo merge-order dependencies.

Test plan

  • pre-commit run --all-files passes locally on this branch
  • lint job in CI passes on this PR
  • Zizmor job passes (SHA pins satisfy the hash-pin policy)

@bschwedler bschwedler requested a review from ianpittwood as a code owner April 16, 2026 19:20
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 16, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml Fixed
@bschwedler bschwedler mentioned this pull request Apr 16, 2026
Closed
3 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026
edited
Loading

Test Results

1 396 tests  ±0   1 396 ✅ ±0   10m 49s ⏱️ + 2m 23s
    1 suites ±0       0 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit 692b476. ± Comparison against base commit 013e236.

♻️ This comment has been updated with latest results.

@bschwedler bschwedler force-pushed the worktree-pre-commit branch 4 times, most recently from d622067 to 7205a89 Compare April 16, 2026 20:35
ianpittwood
ianpittwood approved these changes Apr 24, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml Outdated
@bschwedler bschwedler force-pushed the worktree-pre-commit branch from 7205a89 to d049c32 Compare April 24, 2026 14:17
@bschwedler bschwedler enabled auto-merge April 24, 2026 14:17
@bschwedler bschwedler force-pushed the worktree-pre-commit branch from d049c32 to 964bc47 Compare April 24, 2026 20:43
@bschwedler bschwedler added this pull request to the merge queue Apr 24, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 24, 2026
@bschwedler @ianpittwood
Enforce pre-commit in CI
2cb21f3 
Adds a `lint` job to ci.yml that runs pre-commit on every push/PR/
merge_group, gated by the meta `ci` job's `needs:` so failures block
merges. Inline job with SHA-pinned actions (actions/checkout@v6.0.2,
actions/setup-python@v5.6.0, pre-commit/action@v3.0.1),
`permissions: contents: read`, and `persist-credentials: false` on
checkout.

Pre-commit hooks added:
- pre-commit/pre-commit-hooks v6.0.0 (check-added-large-files,
  check-ast, check-case-conflict, check-executables-have-shebangs,
  check-json, check-merge-conflict, check-shebang-scripts-are-
  executable, check-yaml, debug-statements, detect-aws-credentials,
  detect-private-key, end-of-file-fixer, fix-byte-order-marker,
  mixed-line-ending, no-commit-to-branch, pretty-format-json,
  requirements-txt-fixer, trailing-whitespace)
- koalaman/shellcheck-precommit v0.11.0
- scop/pre-commit-shfmt v3.13.1-1
- astral-sh/ruff-pre-commit v0.15.10
- rhysd/actionlint v1.7.12

Config changes:
- Replace beautysh (unmaintained, broken on Python 3.12) with shfmt
- Exclude .claude/settings.json from pretty-format-json
- Remove commented-out mypy block
- Add .github/actionlint.yaml registering the `ubuntu-latest-8x`
  org-hosted larger runner label

Fixes to make actionlint pass on current source:
- Quote `>> $GITHUB_OUTPUT` / `>> $GITHUB_PATH` in workflow run: blocks
- `./*-metadata.json` instead of `*-metadata.json` in bakery ci merge
  (SC2035 glob safety)
- Consolidate multiple `echo >> $GITHUB_OUTPUT` redirects into a
  single `{ ... } >> "$GITHUB_OUTPUT"` block (SC2129)
- Quote `$IMAGES` in product-release.yml release-body construction
- Replace word-splitting of optional flag strings with bash arrays in
  clean.yml and bakery-build-pr.yml (`"${FLAGS[@]}"` idiom)

Also applies ruff-format + end-of-file-fixer to pre-existing drifted
files so the new CI job passes on current source. No behavior change.

README: new Contributing section pointing contributors at `just setup`
to install the hooks locally.
@ianpittwood ianpittwood force-pushed the worktree-pre-commit branch from 964bc47 to 2cb21f3 Compare April 27, 2026 13:42
@ianpittwood ianpittwood enabled auto-merge April 27, 2026 13:49
@ianpittwood ianpittwood added this pull request to the merge queue Apr 27, 2026
Merged via the queue into main with commit 2a3c000 Apr 27, 2026
22 of 23 checks passed
@ianpittwood ianpittwood deleted the worktree-pre-commit branch April 27, 2026 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ianpittwood ianpittwood ianpittwood approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bschwedler @ianpittwood @github-advanced-security