feat: add support for .env files

[matiasdaloia]

Summary by CodeRabbit

• New Features

  • Configuration via .env file is now supported alongside environment variables and CLI arguments

• Documentation

  • Updated documentation with examples showing how to configure the hook using .env files with parameters like API keys and proxy settings

[coderabbitai]

Warning

Rate limit exceeded

@matiasdaloia has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 1 minutes and 53 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 5eb58d4 and dca308b.

📒 Files selected for processing (3)

• CHANGELOG.md (2 hunks)
• src/hooks/__init__.py (1 hunks)
• src/hooks/check_undeclared_software.py (3 hunks)

Walkthrough

This PR adds support for loading environment variables from .env files to configure the scanoss-check-undeclared-code hook. The changes include adding the python-dotenv dependency, integrating load_dotenv() calls in the hook module, and updating documentation with configuration examples.

Changes

Cohort / File(s)	Change Summary
Documentation & Configuration README.md	Added documentation describing configuration via command-line arguments, environment variables, or .env file; includes .env example with SCANOSS_API_KEY, SCANOSS_SCAN_URL, HTTPS_PROXY, and SCANOSS_DEBUG keys.
Dependencies requirements.txt, setup.cfg	Added python-dotenv>=1.0.0 dependency to both requirements declaration files.
Hook Implementation src/hooks/check_undeclared_software.py	Integrated dotenv by importing load_dotenv and calling load_dotenv() at module initialization to load environment variables from .env before logging configuration and scanning logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify dotenv is being loaded at the correct initialization point and doesn't interfere with existing CLI argument parsing
• Confirm .env file loading occurs before environment variable usage in logging and scanning configuration

Possibly related PRs

• feat: pre-commit refactor, allow cli arguments #5 — Also modifies the hook module's initialization and import sequence, including logging setup and entrypoint refactoring, which may require coordination with this PR's environment loading placement.

Suggested labels

enhancement

Poem

🐰 A rabbit's ode to configuration bliss
Environment variables now flow with ease,
From .env files beneath the trees,
No more secrets hardcoded in sight—
The dotenv magic makes configs light! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "feat: add support for .env files" is fully aligned with the changeset. The title precisely describes the primary change across all modified files: adding python-dotenv dependency, integrating load_dotenv() to load environment variables from .env files in the main hook script, and documenting the new .env configuration feature in README.md. The title is concise, specific, and follows conventional commit format, making it immediately clear to reviewers what the pull request accomplishes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa94c6e and 5eb58d4.

📒 Files selected for processing (4)

• README.md (2 hunks)
• requirements.txt (1 hunks)
• setup.cfg (1 hunks)
• src/hooks/check_undeclared_software.py (2 hunks)

🔇 Additional comments (5)

requirements.txt (1)

4-4: LGTM!

The dependency addition is appropriate for .env file support.

setup.cfg (1)

32-32: LGTM!

The install requirement correctly mirrors the dependency in requirements.txt.

src/hooks/check_undeclared_software.py (1)

35-35: LGTM!

Import is correctly placed with other third-party imports.

README.md (2)

20-20: LGTM!

Clear documentation of the three configuration methods.

---

81-81: LGTM!

Step renumbering is correct after adding the new .env configuration step.