Skip to content

ci: add pre-commit hooks and workflow#392

Open
dannf wants to merge 14 commits into
chainguard-dev:mainfrom
dannf:dev/pre-commit
Open

ci: add pre-commit hooks and workflow#392
dannf wants to merge 14 commits into
chainguard-dev:mainfrom
dannf:dev/pre-commit

Conversation

@dannf

@dannf dannf commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What

Add pre-commit infrastructure to catch linting issues before commit and in CI:

  • Pre-commit configuration with hooks for:
    • YAML formatting via yam
    • YAML syntax validation
    • Shellcheck for shell scripts
    • Standard checks (merge conflicts, large files, private keys, etc.)
    • Markdown lint, lifted from stereo + fixups for markdown files to comply
  • GitHub Actions workflow to run pre-commit checks on PRs
  • Uses caching for performance optimization

Why

  • I had to iterate through CI failures for a PR that were all things I should have been able to catch locally.
  • I copied the markdownlint pre-commit config from stereo because the documented release process will try to sync INDEX.md into stereo, which has this check. Note: I don't think stereo should be enforcing formatting on things for which it is not the upstream, so I also opened https://github.com/chainguard-dev/stereo/pull/122645. But if we think markdownlint is generally a good lint, we might as well also do it for tw for consistency.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 19, 2026
View reviewed changes
Comment thread .github/workflows/pre-commit.yaml Fixed
@dannf dannf force-pushed the dev/pre-commit branch 5 times, most recently from 80b67d4 to f4649fe Compare June 19, 2026 16:20
dannf added 5 commits June 20, 2026 12:25
@dannf
fix: add missing final newlines to Makefiles
ff4b1e5 
Add missing final newlines to Makefiles to comply with POSIX text file
requirements. Detected by pre-commit end-of-file-fixer hook.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
fix: add missing final newlines to text files
cdf3276 
Add missing final newlines to comply with POSIX text file requirements.
Detected by pre-commit end-of-file-fixer hook.

Files fixed:
- tests/README.md
- tests/runner/go.mod
- tw/testdata/dgrep.txtar

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
fix: format dependabot.yml with yam
de6ae93 
Add missing blank line at end of file to comply with yam formatting
standards. Detected by pre-commit yam hook.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
chore: add pre-commit configuration
27ec6bc 
Add pre-commit hooks to catch linting issues before commit:
- YAML formatting (yam)
- YAML syntax validation
- Shellcheck for shell scripts
- Standard pre-commit checks (merge conflicts, large files, etc.)

This catches the same issues that would fail in CI, providing faster
feedback to developers during local development.

To use:
  pip install pre-commit
  pre-commit install

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
ci: add pre-commit GitHub Actions workflow
907ad5b 
Add automated pre-commit check workflow that runs on PRs and pushes to main.
Uses caching to optimize performance - runs full check when config changes,
otherwise only checks modified files for faster feedback.

This ensures all commits meet linting standards before merge.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf dannf force-pushed the dev/pre-commit branch 3 times, most recently from 2cfdf03 to 7c57f60 Compare June 20, 2026 18:51
dannf added 8 commits June 20, 2026 20:58
@dannf
chore: add markdownlint-cli2 configuration
11fa93b 
Configure markdownlint to allow 120-character lines instead of the
default 80. This permits table content and other documentation to
remain unmodified while still passing markdown linting checks.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
chore: add markdownlint-cli2 pre-commit hook
ffa7682 
Add markdownlint-cli2 hook to ensure markdown files pass stereo's
markdownlint checks when synced.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
docs: fix auto-fixable markdownlint errors across README files
c858d37 
Run markdownlint-cli2 with --fix to automatically resolve fixable
markdown linting issues. This fixes 52 out of 104 total errors.

Errors fixed include:
- MD022/blanks-around-headings: Add blank lines around headings
- MD014/commands-show-output: Remove $ from command examples
- MD032/blanks-around-lists: Add blank lines around lists
- MD004/ul-style: Convert asterisk lists to dash style
- MD031/blanks-around-fences: Add blank lines around code blocks
- MD029/ol-prefix: Fix ordered list numbering
- MD038/no-space-in-code: Remove spaces in code spans

Remaining 52 errors require manual fixes:
- MD013/line-length: Lines exceeding 120 characters
- MD046/code-block-style: Fenced blocks where indented expected
- MD040/fenced-code-language: Code blocks missing language specifier
- MD060/table-column-style: Table alignment issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
docs: fix MD040 errors by adding language specifiers to code blocks
b84c2cf 
Add appropriate language specifiers to all fenced code blocks:
- `console` for command-line output examples
- `yaml` for YAML-formatted output
- `text` for directory structure diagrams

Fixes markdownlint MD040/fenced-code-language errors:

README.md:104 error MD040/fenced-code-language
tests/README.md:7 error MD040/fenced-code-language
tests/runner/README.md:129 error MD040/fenced-code-language
tests/runner/README.md:197 error MD040/fenced-code-language
tests/runner/README.md:261 error MD040/fenced-code-language
tests/runner/README.md:284 error MD040/fenced-code-language
tests/runner/README.md:331 error MD040/fenced-code-language
tw/pkg/commands/shelldeps/README.md:67 error MD040/fenced-code-language
tw/pkg/commands/shelldeps/README.md:75 error MD040/fenced-code-language
tw/pkg/commands/shelldeps/README.md:173 error MD040/fenced-code-language
tw/pkg/commands/shelldeps/README.md:245 error MD040/fenced-code-language
tw/pkg/commands/shelldeps/README.md:371 error MD040/fenced-code-language

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
docs: fix MD046 errors by standardizing on fenced code blocks
32c631b 
Configure markdownlint to prefer fenced code blocks over indented blocks
and convert remaining indented blocks to fenced format with language
specifiers.

Changes:
- Set MD046 style to "fenced" in .markdownlint-cli2.yaml
- Convert indented code blocks to fenced in README.md
- Convert indented code block to fenced in usrmerge-tool/README.md

Fenced blocks provide better syntax highlighting and are more explicit
about the code language.

Fixes markdownlint MD046/code-block-style errors:

README.md:10 error MD046/code-block-style
usrmerge-tool/README.md:9 error MD046/code-block-style

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
docs: fix MD060 table formatting errors
95ee8db 
Configure markdownlint to use compact table style and fix table
separator formatting in tests/README.md.

Changes:
- Set MD060 style to "compact" in .markdownlint-cli2.yaml
- Fix table separator in tests/README.md to use compact style with spaces

Compact style is more practical for tables with varying column widths.

Fixes markdownlint MD060/table-column-style errors:

tests/README.md:118 (6 errors) - table separator formatting

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
docs: convert GNU flags table to compact style
8459141 
Convert the GNU-only flags table in shelldeps README from aligned to
compact style by removing extra spacing. Compact style is more
maintainable for tables with varying column widths and doesn't require
alignment padding.

Fixes markdownlint MD060/table-column-style errors:

tw/pkg/commands/shelldeps/README.md:325-345 (40 errors)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
fix(docs): fix MD013 line-length errors across all markdown files
8d7145a 
Wrapped long lines to comply with the 120 character line length limit
configured in .markdownlint-cli2.yaml.

Files modified:
- tests/README.md: wrapped lines 31, 59, 61
- tests/runner/README.md: wrapped lines 3, 7, 149, 150, 386
- tw/pkg/commands/shelldeps/README.md: wrapped lines 3, 16, 93, 150, 285, 298, 306, 307, 321, 349, 377, 432, 447
- header-check/README.md: wrapped line 5
- syspeek-tool/README.md: wrapped lines 5, 7, 59, 61

Markdownlint output after fixes:

markdownlint-cli2 v0.22.1 (markdownlint v0.40.0)
Finding: **/*.md
Linting: 16 file(s)
Summary: 0 error(s)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@dannf
Simplify dependabot config to use go.work workspace support
f7c4d58 
Dependabot now automatically discovers all modules from go.work (as of
v0.374.0, merged in PR #14909). This eliminates the need to manually
enumerate module directories and ensures go.work is updated alongside
go.mod files.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dannf @github-advanced-security