Skip to content

Add yamllint to pre-commit config and markdownlint #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 26, 2025
Merged

Add yamllint to pre-commit config and markdownlint #466

merged 2 commits into from
Feb 26, 2025

Conversation

lucacome
Copy link
Owner

@lucacome lucacome commented Feb 26, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Enhanced automation pipelines to streamline builds, tests, code analysis, and dependency reviews.
    • Refined linting and pre-commit configurations for improved code consistency.
    • Reorganized project settings to foster a more reliable and efficient development process.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 26, 2025
edited
Loading

Walkthrough

The pull request updates several configuration files. GitHub Actions workflows have been revised with changes to triggers, concurrency settings, shell defaults, job names, runner environments, and permissions. In addition, the labeler configuration has been updated with new branch and file patterns, while the pre-commit configuration gains additional hooks and repositories. Formatting and linting settings have been adjusted with reordered Prettier options and the addition of a new YAML linter config. The package.json file has also undergone a complete reorganization of its field order.

Changes

File(s) Change Summary
.github/labeler.yml Updated branch patterns (added ^renovate/) and file triggers (switched from package-lock.json to yarn.lock).
.github/workflows/*.yml Modified workflows: removed manual triggers, added concurrency blocks, updated cron schedule, renamed workflows/jobs, set shell defaults, updated runner OS, and adjusted job permissions.
.pre-commit-config.yaml Added hooks (no-commit-to-branch, detect-private-key) and new repositories (markdownlint-cli2, yamllint) for expanded pre-commit checks.
.prettierrc.json, .yamllint.yaml Reordered Prettier configuration and introduced a new YAML linting file with custom rule settings.
package.json Reorganized the file structure by reordering fields while retaining the original content.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub
    participant WA as Workflow Engine
    participant CM as Concurrency Manager

    Dev->>GH: Push commit / Open PR
    GH->>WA: Trigger relevant workflow (e.g., tests, lint, code analysis)
    WA->>CM: Check concurrency group & cancel ongoing jobs if needed
    WA->>WA: Execute workflow steps (checkout, build, test, analyze)
    WA->>GH: Complete workflow run, update status
Loading

Poem

Hoppin’ in code, I nibble each change,
Tweakin’ workflows with a curious range.
From branch tags to locks switched in style,
I frolic in updates with a happy smile.
Through scripts and checks, my path’s all set—
Carrots and code, a duo to never forget!
🐇💻

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 356e1c0 and 60d698f.

📒 Files selected for processing (14)
  • .github/labeler.yml (1 hunks)
  • .github/workflows/check-dist.yml (1 hunks)
  • .github/workflows/codeql.yml (1 hunks)
  • .github/workflows/dependency-review.yml (1 hunks)
  • .github/workflows/labeler.yml (2 hunks)
  • .github/workflows/lint.yml (1 hunks)
  • .github/workflows/renovate-build.yml (2 hunks)
  • .github/workflows/scorecards.yml (1 hunks)
  • .github/workflows/test-workflow.yml (2 hunks)
  • .github/workflows/test.yml (1 hunks)
  • .pre-commit-config.yaml (1 hunks)
  • .prettierrc.json (1 hunks)
  • .yamllint.yaml (1 hunks)
  • package.json (2 hunks)
✅ Files skipped from review due to trivial changes (5)
  • .prettierrc.json
  • package.json
  • .github/workflows/labeler.yml
  • .yamllint.yaml
  • .github/workflows/test-workflow.yml
🔇 Additional comments (28)
.github/workflows/scorecards.yml (4)

1-1: Workflow Name Updated:
The workflow name has been updated to "OpenSSF Scorecard" for better clarity and alignment with recent standards.

5-5: YAML Lint Exception Annotation:
A comment has been added to disable the yamllint rule for empty values on the branch_protection_rule line. Ensure that this exception is documented and justified for future maintainers.
[verified]

11-12: Push Branch Formatting Update:
The push event now specifies branches using a multi-line format, which improves readability and consistency.

20-20: Runner Environment Update:
The runs-on attribute has been updated to ubuntu-24.04, ensuring the workflow uses a more up-to-date runner environment.

.github/workflows/test.yml (4)

1-1: Workflow Name Change:
The workflow name has been updated to "Tests" to clearly reflect its purpose.

4-5: Pull Request Branch Trigger Update:
The pull_request trigger now explicitly targets the main branch, ensuring that tests are only run for changes affecting the primary branch.

10-13: Concurrency Configuration Added:
The introduction of a concurrency group (${{ github.ref_name }}-test) with cancel-in-progress: true is a great enhancement to avoid redundant runs.

19-19: Runner Version Consistency:
The job now runs on ubuntu-24.04, aligning with other updated workflows across the repository.

.github/workflows/renovate-build.yml (2)

8-8: Global Permissions Refinement:
Changing the global permission for contents to read follows the principle of least privilege and minimizes potential security risks.

35-37: Granular Job-Specific Permissions:
Overriding the permissions for the build job to grant contents: write and pull-requests: read provides the necessary access for build operations while maintaining tighter controls in other areas.

.github/workflows/check-dist.yml (2)

21-24: Concurrency Added for Dist Checks:
Introducing a concurrency group (${{ github.ref_name }}-check-dist) with cancellation of in-progress jobs helps prevent build conflicts and redundant runs.

25-28: Default Shell Configuration Set:
Setting the default shell to bash ensures consistency across run steps, which can reduce potential environment discrepancies.

.pre-commit-config.yaml (3)

21-22: Additional Security Hooks Added:
The hooks no-commit-to-branch and detect-private-key have been included to enhance commit safety by preventing inadvertent commits to protected branches and accidental inclusion of private keys.

29-32: Markdown Lint Hook Integration:
A new repository for markdownlint-cli2 has been added (pinned at v0.14.0) with its corresponding hook. This improves markdown file quality and enforces style consistency.

34-38: YAML Lint Hook Integration:
The addition of the yamllint hook from https://github.com/adrienverge/yamllint.git (pinned at v1.35.1) is a welcome enhancement, especially with the accompanying YAML configuration file. This ensures YAML files conform to project standards.

.github/labeler.yml (1)

24-27: Confirm Updated Dependency Patterns and File Targets
The updated head-branch for the dependencies section now includes '^renovate/', and the changed-files list includes both package.json and yarn.lock. This change aligns with a shift away from package-lock management to Yarn-based dependency management. Please verify that these regex patterns correctly capture all intended branch names and file changes.

.github/workflows/lint.yml (4)

1-1: Workflow Name Update
The workflow name has been updated to “Lint”, which improves clarity compared to the previous all-lowercase variant.

3-7: PR Trigger Configuration
The on section now triggers on pull requests (and pushes) targeting the main branch. This explicit configuration helps ensure that linting runs only on changes to the primary branch.

11-13: Concurrency Settings
The added concurrency block efficiently groups jobs by branch name and cancels in-progress runs for the same group, reducing duplicate efforts during PRs.

15-17: Workflow Permissions
The permissions block specifying contents: read is a good addition to ensure that the workflow has the minimal required access to the repository.

.github/workflows/dependency-review.yml (2)

9-12: Dependency Review Job Environment and Permissions Update
The dependency review job has been updated to run on ubuntu-24.04 with enhanced permissions (contents: read and pull-requests: write). This update modernizes the runner environment and ensures that the job can appropriately interact with pull request metadata.

14-18: Step Naming Consistency
The checkout and dependency review steps have minor naming adjustments (e.g., removal of quotes). These changes improve consistency without affecting functionality—just ensure that the step names remain descriptive for log readability.

.github/workflows/codeql.yml (6)

4-9: Trigger Configuration for CodeQL Workflow
The push and pull_request triggers are now explicitly set for the main branch, ensuring that CodeQL analysis is run against the primary branch changes. Please verify that no additional branches need to be included.

10-12: Updated Schedule for CodeQL Analysis
The cron schedule has been updated to '18 16 * * 3', which sets a new time for periodic scans. Verify that this timing meets your operational requirements for regular security and quality checks.

13-15: Concurrency Configuration
The addition of a concurrency block for the CodeQL job prevents overlapping runs by uniquely grouping them based on the GitHub reference. This is a solid update for resource optimization.

21-23: Job Name and Environment Enhancement
Renaming the job to Analyze (${{ matrix.language }}) makes it clearer which language is being analyzed. Running on ubuntu-24.04 further ensures that the job utilizes a modern and secure environment.

27-32: Matrix Strategy Configuration
The strategy now explicitly includes language: javascript-typescript and build-mode: none, which provides clarity on the analysis parameters. Confirm that these values are correct for your repository’s codebase.

34-50: Streamlined CodeQL Analysis Steps
The steps for checking out the repository, initializing CodeQL, and performing the analysis are clearly defined with updated action versions. The parameters for languages, build-mode, and queries are well-specified. Overall, the CodeQL workflow looks robust and well-organized.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot added dependencies Pull requests that update a dependency file chore labels Feb 26, 2025
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@lucacome lucacome merged commit 0ccc2c5 into main Feb 26, 2025
14 checks passed
@lucacome lucacome deleted the chore/yamllint-pre-commit branch February 26, 2025 03:47
@coderabbitai coderabbitai bot mentioned this pull request Feb 26, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
chore dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lucacome