From 1cb9dfc9acab20da8f8dc3671863b4db9ba51209 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Fri, 3 Apr 2026 10:16:42 +0100 Subject: [PATCH 1/2] fix(pre-commit): remove deprecate stage name - pre-commit has deprecated the 'commit' stage name, have replaced with 'pre-commit' - chore: bumps pre-commit config dependencies - provides better message in ggshield hook when CI is detected --- .circleci/config.yml | 46 ------------------ .github/workflows/close-issue.yml | 77 ------------------------------- .github/workflows/open-issue.yml | 50 -------------------- .github/workflows/release.yml | 37 +++++++++++++++ .pre-commit-config.yaml | 11 +++-- .pre-commit-hooks.yaml | 2 +- .prettierignore | 1 + hooks/ggshield-not-ci.sh | 2 +- 8 files changed, 46 insertions(+), 180 deletions(-) delete mode 100644 .circleci/config.yml delete mode 100644 .github/workflows/close-issue.yml delete mode 100644 .github/workflows/open-issue.yml create mode 100644 .github/workflows/release.yml create mode 100644 .prettierignore diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 504a408..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: 2.1 - -workflows: - version: 2 - verify: - jobs: - - pre-commit: - filters: - tags: &filter-all-tags # run for all tags - only: /.*/ - -jobs: - pre-commit: - parameters: - config_file: - default: ./.pre-commit-config.yaml - description: Optional, path to pre-commit config file. - type: string - cache_prefix: - default: '' - description: | - Optional cache prefix to be used on CircleCI. Can be used for cache busting or to ensure multiple jobs use different caches. - type: string - docker: - - image: speckle/pre-commit-runner:latest - resource_class: medium - working_directory: &workingdir /tmp/ci - steps: - - checkout - - restore_cache: - keys: - - cache-pre-commit-<>-{{ checksum "<>" }} - - run: - name: Install pre-commit hooks - command: pre-commit install-hooks --config <> - - save_cache: - key: cache-pre-commit-<>-{{ checksum "<>" }} - paths: - - ~/.cache/pre-commit - - run: - name: Run pre-commit - command: pre-commit run --all-files --config <> - - run: - command: git --no-pager diff - name: git diff - when: on_fail diff --git a/.github/workflows/close-issue.yml b/.github/workflows/close-issue.yml deleted file mode 100644 index 21a1d7a..0000000 --- a/.github/workflows/close-issue.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Update issue Status - -on: - issues: - types: [closed] - -jobs: - update_issue: - runs-on: ubuntu-latest - steps: - - name: Get project data - env: - GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}} - ORGANIZATION: specklesystems - PROJECT_NUMBER: 9 - run: | - gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query=' - query($org: String!, $number: Int!) { - organization(login: $org){ - projectNext(number: $number) { - id - fields(first:20) { - nodes { - id - name - settings - } - } - } - } - }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json - - echo 'PROJECT_ID='$(jq '.data.organization.projectNext.id' project_data.json) >> $GITHUB_ENV - echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV - - echo "$PROJECT_ID" - echo "$STATUS_FIELD_ID" - - echo 'DONE_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .settings | fromjson | .options[] | select(.name== "Done") | .id' project_data.json) >> $GITHUB_ENV - echo "$DONE_ID" - - - name: Add Issue to project #it's already in the project, but we do this to get its node id! - env: - GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}} - ISSUE_ID: ${{ github.event.issue.node_id }} - run: | - item_id="$( gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query=' - mutation($project:ID!, $id:ID!) { - addProjectNextItem(input: {projectId: $project, contentId: $id}) { - projectNextItem { - id - } - } - }' -f project=$PROJECT_ID -f id=$ISSUE_ID --jq '.data.addProjectNextItem.projectNextItem.id')" - - echo 'ITEM_ID='$item_id >> $GITHUB_ENV - - - name: Update Status - env: - GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}} - ISSUE_ID: ${{ github.event.issue.node_id }} - run: | - gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query=' - mutation($project:ID!, $status:ID!, $id:ID!, $value:String!) { - set_status: updateProjectNextItemField( - input: { - projectId: $project - itemId: $id - fieldId: $status - value: $value - } - ) { - projectNextItem { - id - } - } - }' -f project=$PROJECT_ID -f status=$STATUS_FIELD_ID -f id=$ITEM_ID -f value=${{ env.DONE_ID }} diff --git a/.github/workflows/open-issue.yml b/.github/workflows/open-issue.yml deleted file mode 100644 index 0c0943c..0000000 --- a/.github/workflows/open-issue.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Move new issues into Project - -on: - issues: - types: [opened] - -jobs: - track_issue: - runs-on: ubuntu-latest - steps: - - name: Get project data - env: - GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}} - ORGANIZATION: specklesystems - PROJECT_NUMBER: 9 - run: | - gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query=' - query($org: String!, $number: Int!) { - organization(login: $org){ - projectNext(number: $number) { - id - fields(first:20) { - nodes { - id - name - settings - } - } - } - } - }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json - - echo 'PROJECT_ID='$(jq '.data.organization.projectNext.id' project_data.json) >> $GITHUB_ENV - echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV - - - name: Add Issue to project - env: - GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}} - ISSUE_ID: ${{ github.event.issue.node_id }} - run: | - item_id="$( gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query=' - mutation($project:ID!, $id:ID!) { - addProjectNextItem(input: {projectId: $project, contentId: $id}) { - projectNextItem { - id - } - } - }' -f project=$PROJECT_ID -f id=$ISSUE_ID --jq '.data.addProjectNextItem.projectNextItem.id')" - - echo 'ITEM_ID='$item_id >> $GITHUB_ENV diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..16ffb00 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,37 @@ +name: Release pipeline + +on: + push: + branches: + - '**' # all branches + tags: + - "[0-9]+.[0-9]+.[0-9]+" + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +permissions: {} # purposefully empty by default at workflow level, explicitly overridden for specific jobs below + +jobs: + pre-commit: + name: Precommit check + runs-on: blacksmith-4vcpu-ubuntu-2404 + permissions: + contents: read + packages: read # to be able to pull the pre-commit-runner image from ghcr.io + container: + image: ghcr.io/specklesystems/pre-commit-runner:latest # zizmor: ignore[unpinned-images] Speckle own this image repository + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 + persist-credentials: false + - run: git config --global --add safe.directory $PWD + - name: Set precommit + run: pre-commit install-hooks --config ./.pre-commit-config.yaml + - name: Run precommit + run: pre-commit run --all-files --config ./.pre-commit-config.yaml + - name: Diff on failure + if: failure() + run: git --no-pager diff diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d4f01c1..332442d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,14 +1,15 @@ default_stages: - - 'commit' + - 'pre-commit' repos: + # This repo is archived - repo: https://github.com/pre-commit/mirrors-prettier - rev: 'v2.7.1' + rev: '50c5478ed9e10bf360335449280cf2a67f4edb7a' hooks: - id: prettier - repo: https://github.com/pre-commit/pre-commit-hooks - rev: 'v4.3.0' + rev: 'v6.0.0' hooks: - id: check-yaml - id: check-merge-conflict @@ -20,12 +21,12 @@ repos: - id: end-of-file-fixer - repo: https://github.com/syntaqx/git-hooks - rev: 'v0.0.17' + rev: 'v0.0.18' hooks: - id: forbid-binary - repo: https://github.com/pre-commit/pre-commit - rev: 'v2.20.0' + rev: 'v4.5.1' hooks: - id: validate_manifest diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 965b1ec..9d1f1a9 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,6 +1,6 @@ - id: ggshield-not-ci name: GitGuardian Shield (pre-commit) description: Runs ggshield in non-CI environments to detect hardcoded secrets, security vulnerabilities and policy breaks. - stages: [commit] + stages: [pre-commit] entry: hooks/ggshield-not-ci.sh language: script diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..bb0224d --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +.github/ diff --git a/hooks/ggshield-not-ci.sh b/hooks/ggshield-not-ci.sh index a84025f..0bc3413 100755 --- a/hooks/ggshield-not-ci.sh +++ b/hooks/ggshield-not-ci.sh @@ -4,5 +4,5 @@ set -eo pipefail if [[ -z "${CI}" ]]; then ggshield secret scan pre-commit else - echo "In a CI environment, so skipping GitGuardian ggshield" + echo "Detected that this script is running in a CI environment, so skipping GitGuardian ggshield" fi From d846bed4e4c99be7f0e31ac4977ee46138fd0720 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Fri, 3 Apr 2026 10:29:44 +0100 Subject: [PATCH 2/2] remove archived & broken pre-commit hook --- .pre-commit-config.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 332442d..fcf6057 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,12 +2,6 @@ default_stages: - 'pre-commit' repos: - # This repo is archived - - repo: https://github.com/pre-commit/mirrors-prettier - rev: '50c5478ed9e10bf360335449280cf2a67f4edb7a' - hooks: - - id: prettier - - repo: https://github.com/pre-commit/pre-commit-hooks rev: 'v6.0.0' hooks: