Skip to content

fix(ci): repair and harden pre-commit hooks and CI checks#3426

Open
hubcio wants to merge 2 commits into
masterfrom
ci/precommit-hardening
Open

fix(ci): repair and harden pre-commit hooks and CI checks#3426
hubcio wants to merge 2 commits into
masterfrom
ci/precommit-hardening

Conversation

@hubcio
Copy link
Copy Markdown
Contributor

@hubcio hubcio commented Jun 5, 2026

Several pre-commit hooks were broken, unsafe, or masking drift:

  • helmfmt never worked: a bare helmfmt entry made v0.5.0 read
    template paths as chart paths. Pass the chart dir with --check,
    matching test-helm.sh.
  • typos -w silently corrupted hidden-file false positives, now
    whitelisted in .typos.toml (SerDe, Paket, the [Pp]ublish glob).
  • add missing trailing newlines to 12 SVGs, 4 LICENSE copies and
    web/.env that predated the hook.
  • relock stale bdd/examples uv.lock and add a python-lockfiles CI
    job so Dependabot per-dir relocks can no longer drift unseen.
  • quote $GITHUB_STEP_SUMMARY redirects (shellcheck SC2086).
  • rename sync-rust-version.sh to sync-rustc-version.sh and
    sync-python-version.sh to sync-python-interpreter-version.sh.
  • scope the license-headers duplicate scan to changed files
    (pass_filenames), cutting the hook from ~3.8s to ~0.1s.

@hubcio
fix(ci): repair and harden pre-commit hooks and CI checks
296321f 
Several pre-commit hooks were broken, unsafe, or masking drift:

- helmfmt never worked: a bare `helmfmt` entry made v0.5.0 read
  template paths as chart paths. Pass the chart dir with --check,
  matching test-helm.sh.
- typos -w silently corrupted hidden-file false positives, now
  whitelisted in .typos.toml (SerDe, Paket, the [Pp]ublish glob).
- add missing trailing newlines to 12 SVGs, 4 LICENSE copies and
  web/.env that predated the hook.
- relock stale bdd/examples uv.lock and add a python-lockfiles CI
  job so Dependabot per-dir relocks can no longer drift unseen.
- quote $GITHUB_STEP_SUMMARY redirects (shellcheck SC2086).
- rename sync-rust-version.sh to sync-rustc-version.sh and
  sync-python-version.sh to sync-python-interpreter-version.sh.
- scope the license-headers duplicate scan to changed files
  (pass_filenames), cutting the hook from ~3.8s to ~0.1s.
@github-actions github-actions Bot added the S-waiting-on-review PR is waiting on a reviewer label Jun 5, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.42%. Comparing base (d254604) to head (7dd489b).

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #3426      +/-   ##
============================================
- Coverage     74.43%   74.42%   -0.02%     
  Complexity      943      943              
============================================
  Files          1245     1245              
  Lines        121293   121293              
  Branches      97599    97626      +27     
============================================
- Hits          90285    90272      -13     
+ Misses        28054    28030      -24     
- Partials       2954     2991      +37
Components Coverage Δ
Rust Core 75.59% <ø> (+0.02%) ⬆️
Java SDK 58.44% <ø> (ø)
C# SDK 69.41% <ø> (-0.52%) ⬇️
Python SDK 81.06% <ø> (ø)
PHP SDK 83.57% <ø> (ø)
Node SDK 91.26% <ø> (-0.10%) ⬇️
Go SDK 40.20% <ø> (ø)
see 29 files with indirect coverage changes
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

S-waiting-on-review PR is waiting on a reviewer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hubcio @krishvishal