Skip to content

fix(ci): repair and harden pre-commit hooks and CI checks#3426

Merged
hubcio merged 1 commit into
masterfrom
ci/precommit-hardening
Jun 9, 2026
Merged

fix(ci): repair and harden pre-commit hooks and CI checks#3426
hubcio merged 1 commit into
masterfrom
ci/precommit-hardening

Conversation

@hubcio

@hubcio hubcio commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Several pre-commit hooks were broken, unsafe, or masking drift:

  • helmfmt never worked: a bare helmfmt entry made v0.5.0 read
    template paths as chart paths. Pass the chart dir with --check,
    matching test-helm.sh.
  • typos -w silently corrupted hidden-file false positives, now
    whitelisted in .typos.toml (SerDe, Paket, the [Pp]ublish glob).
  • add missing trailing newlines to 12 SVGs, 4 LICENSE copies and
    web/.env that predated the hook.
  • relock stale bdd/examples uv.lock and add a python-lockfiles CI
    job so Dependabot per-dir relocks can no longer drift unseen.
  • quote $GITHUB_STEP_SUMMARY redirects (shellcheck SC2086).
  • rename sync-rust-version.sh to sync-rustc-version.sh and
    sync-python-version.sh to sync-python-interpreter-version.sh.
  • scope the license-headers duplicate scan to changed files
    (pass_filenames), cutting the hook from ~3.8s to ~0.1s.

@github-actions github-actions Bot added the S-waiting-on-review PR is waiting on a reviewer label Jun 5, 2026
@codecov

codecov Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.27%. Comparing base (7d30c09) to head (0650714).

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #3426      +/-   ##
============================================
- Coverage     74.30%   74.27%   -0.03%     
  Complexity      943      943              
============================================
  Files          1245     1245              
  Lines        121653   121653              
  Branches      97959    97985      +26     
============================================
- Hits          90390    90359      -31     
+ Misses        28307    28299       -8     
- Partials       2956     2995      +39
Components Coverage Δ
Rust Core 75.39% <ø> (+<0.01%) ⬆️
Java SDK 58.44% <ø> (ø)
C# SDK 69.41% <ø> (-0.52%) ⬇️
Python SDK 81.06% <ø> (ø)
PHP SDK 83.57% <ø> (ø)
Node SDK 91.26% <ø> (-0.10%) ⬇️
Go SDK 40.20% <ø> (ø)
see 35 files with indirect coverage changes
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

krishvishal
krishvishal previously approved these changes Jun 8, 2026
View reviewed changes
numinnex
numinnex previously approved these changes Jun 8, 2026
View reviewed changes
thepatrykk
thepatrykk previously approved these changes Jun 8, 2026
View reviewed changes
@hubcio
fix(ci): repair and harden pre-commit hooks and CI checks
0650714 
Several pre-commit hooks were broken, unsafe, or masking drift:

- helmfmt never worked: a bare `helmfmt` entry made v0.5.0 read
  template paths as chart paths. Pass the chart dir with --check,
  matching test-helm.sh.
- typos -w silently corrupted hidden-file false positives, now
  whitelisted in .typos.toml (SerDe, Paket, the [Pp]ublish glob).
- add missing trailing newlines to 12 SVGs, 4 LICENSE copies and
  web/.env that predated the hook.
- relock stale bdd/examples uv.lock and add a python-lockfiles CI
  job so Dependabot per-dir relocks can no longer drift unseen.
- quote $GITHUB_STEP_SUMMARY redirects (shellcheck SC2086).
- rename sync-rust-version.sh to sync-rustc-version.sh and
  sync-python-version.sh to sync-python-interpreter-version.sh.
- scope the license-headers duplicate scan to changed files
  (pass_filenames), cutting the hook from ~3.8s to ~0.1s.
@hubcio hubcio dismissed stale reviews from thepatrykk, numinnex, and krishvishal via 0650714 June 9, 2026 06:14
@hubcio hubcio force-pushed the ci/precommit-hardening branch from d4bea58 to 0650714 Compare June 9, 2026 06:14
@hubcio hubcio merged commit 6acbc4e into master Jun 9, 2026
166 of 169 checks passed
@hubcio hubcio deleted the ci/precommit-hardening branch June 9, 2026 07:03
@github-actions github-actions Bot removed the S-waiting-on-review PR is waiting on a reviewer label Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spetz spetz spetz approved these changes

@thepatrykk thepatrykk thepatrykk approved these changes

@numinnex numinnex numinnex approved these changes

@krishvishal krishvishal krishvishal left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hubcio @spetz @krishvishal @thepatrykk @numinnex