From f77be7f9137595318079876171a3e3f4e9c02d96 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 8 May 2025 11:58:16 -0600 Subject: [PATCH 01/17] Add a hook to run shellcheck on all "runs" steps in melange pipelines Signed-off-by: dann frazier --- .pre-commit-hooks.yaml | 6 ++ pre_commit_hooks/__init__.py | 0 pre_commit_hooks/shellcheck_run_steps.py | 86 ++++++++++++++++++++++++ setup.cfg | 44 ++++++++++++ setup.py | 4 ++ 5 files changed, 140 insertions(+) create mode 100644 pre_commit_hooks/__init__.py create mode 100644 pre_commit_hooks/shellcheck_run_steps.py create mode 100644 setup.cfg create mode 100644 setup.py diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 67ce835..7becda0 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -10,3 +10,9 @@ - manual types: - yaml +- id: shellcheck-run-steps + name: shellcheck run steps + description: run shellcheck on each "run" step in a melange pipeline + entry: shellcheck-run-steps + language: python + types: [yaml] diff --git a/pre_commit_hooks/__init__.py b/pre_commit_hooks/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py new file mode 100644 index 0000000..18c2a9d --- /dev/null +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -0,0 +1,86 @@ +from __future__ import annotations + +import argparse +import subprocess +import tempfile +from collections.abc import Generator +from collections.abc import Sequence +from typing import Any +from typing import NamedTuple + +import ruamel.yaml + +yaml = ruamel.yaml.YAML(typ='safe') + + +def _exhaust(gen: Generator[str]) -> None: + for _ in gen: + pass + + +def _parse_unsafe(*args: Any, **kwargs: Any) -> None: + _exhaust(yaml.parse(*args, **kwargs)) + + +def _load_all(*args: Any, **kwargs: Any) -> None: + _exhaust(yaml.load_all(*args, **kwargs)) + + +class Key(NamedTuple): + multi: bool + unsafe: bool + + +def do_shellcheck(melange_cfg): + if melange_cfg == {}: + return 0 + + pkgs = [melange_cfg] + pkgs.extend(melange_cfg.get('subpackages', [])) + pipelines = [] + for pkg in pkgs: + pipelines.extend(pkg.get('pipeline', [])) + if 'test' in pkg.keys(): + test_pipeline = pkg['test'].get('pipeline', []) + pipelines.extend(test_pipeline) + + for step in pipelines: + if 'runs' not in step.keys(): + continue + with tempfile.NamedTemporaryFile(mode='w') as shfile: + shfile.write(step['runs']) + subprocess.check_call( + ['shellcheck', '--shell=busybox', shfile.name] + ) + +def main(argv: Sequence[str] | None = None) -> int: + parser = argparse.ArgumentParser() + parser.add_argument('filenames', nargs='*', help='Filenames to check.') + args = parser.parse_args(argv) + + melange_cfg = {} + for filename in args.filenames: + with tempfile.NamedTemporaryFile( + 'w', delete_on_close=False + ) as compiled_out: + subprocess.check_call( + [ + 'melange', 'compile', '--arch', 'x86_64', + '--pipeline-dir', './pipelines', filename, + ], + stdout=compiled_out, + ) + compiled_out.close() + try: + with open(compiled_out.name, 'r') as compiled_in: + melange_cfg = yaml.load(compiled_in) + do_shellcheck(melange_cfg) + except ruamel.yaml.YAMLError as exc: + print(exc) + return 1 + + return 0 + + +if __name__ == '__main__': + raise SystemExit(main()) diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..b508882 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,44 @@ +[metadata] +name = pre_commit_hooks +version = 0.0.1 +description = chainguard hooks for pre-commit +long_description = file: README.md +long_description_content_type = text/markdown +url = https://github.com/chainguard-dev/pre-commit-hooks +license = MIT +license_files = LICENSE +classifiers = + Programming Language :: Python :: 3 + Programming Language :: Python :: 3 :: Only + Programming Language :: Python :: Implementation :: CPython + Programming Language :: Python :: Implementation :: PyPy + +[options] +packages = find: +install_requires = + ruamel.yaml>=0.15 +python_requires = >=3.9 + +[options.entry_points] +console_scripts = + shellcheck-run-steps = pre_commit_hooks.shellcheck_run_steps:main + +[bdist_wheel] +universal = True + +[coverage:run] +plugins = covdefaults + +[mypy] +check_untyped_defs = true +disallow_any_generics = true +disallow_incomplete_defs = true +disallow_untyped_defs = true +warn_redundant_casts = true +warn_unused_ignores = true + +[mypy-testing.*] +disallow_untyped_defs = false + +[mypy-tests.*] +disallow_untyped_defs = false diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..3d93aef --- /dev/null +++ b/setup.py @@ -0,0 +1,4 @@ +from __future__ import annotations + +from setuptools import setup +setup() From 80f9123bd19adf30a156b95ed9f256638f7f359b Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 22:29:51 -0400 Subject: [PATCH 02/17] Rename .pre-commit-config.yaml -> example.pre-commit-config.yaml This is really intended to be an example for other repos. Rename it to make that more obvious, and also make room for us to add a working .pre-commit-config.yaml to this repo. Signed-off-by: dann frazier --- .pre-commit-config.yaml => example.pre-commit-config.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .pre-commit-config.yaml => example.pre-commit-config.yaml (100%) diff --git a/.pre-commit-config.yaml b/example.pre-commit-config.yaml similarity index 100% rename from .pre-commit-config.yaml rename to example.pre-commit-config.yaml From c44e2d2a42e5cbf683e16b24c887ac3f769b8432 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 22:33:58 -0400 Subject: [PATCH 03/17] Add pre-commit config for this repo Signed-off-by: dann frazier --- .pre-commit-config.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..5410108 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,13 @@ +# Update with `pre-commit autoupdate --freeze` which +# pins all repos using commit hashes, not mutable references +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # v5.0.0 + hooks: + - id: check-yaml + - id: forbid-submodules + - id: check-added-large-files + - id: check-case-conflict + - id: check-merge-conflict + - id: check-symlinks + - id: detect-private-key From 4e9e18fb0e2dada49078b160937419010dcd7372 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 22:35:02 -0400 Subject: [PATCH 04/17] pre-commit: Use ruff @techalchemy says this is the what the cool kids are doing. Signed-off-by: dann frazier --- .pre-commit-config.yaml | 5 ++++ pre_commit_hooks/shellcheck_run_steps.py | 36 ++++++++++++++---------- ruff.toml | 1 + 3 files changed, 27 insertions(+), 15 deletions(-) create mode 100644 ruff.toml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5410108..a10f25e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,3 +11,8 @@ repos: - id: check-merge-conflict - id: check-symlinks - id: detect-private-key + - repo: https://github.com/astral-sh/ruff-pre-commit + rev: 12753357c00c3fb8615100354c9fdc6ab80b044d # frozen: v0.11.10 + hooks: + - id: ruff-check + - id: ruff-format diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index 18c2a9d..d1cdff3 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -10,7 +10,7 @@ import ruamel.yaml -yaml = ruamel.yaml.YAML(typ='safe') +yaml = ruamel.yaml.YAML(typ="safe") def _exhaust(gen: Generator[str]) -> None: @@ -36,43 +36,49 @@ def do_shellcheck(melange_cfg): return 0 pkgs = [melange_cfg] - pkgs.extend(melange_cfg.get('subpackages', [])) + pkgs.extend(melange_cfg.get("subpackages", [])) pipelines = [] for pkg in pkgs: - pipelines.extend(pkg.get('pipeline', [])) - if 'test' in pkg.keys(): - test_pipeline = pkg['test'].get('pipeline', []) + pipelines.extend(pkg.get("pipeline", [])) + if "test" in pkg.keys(): + test_pipeline = pkg["test"].get("pipeline", []) pipelines.extend(test_pipeline) for step in pipelines: - if 'runs' not in step.keys(): + if "runs" not in step.keys(): continue - with tempfile.NamedTemporaryFile(mode='w') as shfile: - shfile.write(step['runs']) + with tempfile.NamedTemporaryFile(mode="w") as shfile: + shfile.write(step["runs"]) subprocess.check_call( - ['shellcheck', '--shell=busybox', shfile.name] + ["shellcheck", "--shell=busybox", shfile.name] ) + def main(argv: Sequence[str] | None = None) -> int: parser = argparse.ArgumentParser() - parser.add_argument('filenames', nargs='*', help='Filenames to check.') + parser.add_argument("filenames", nargs="*", help="Filenames to check.") args = parser.parse_args(argv) melange_cfg = {} for filename in args.filenames: with tempfile.NamedTemporaryFile( - 'w', delete_on_close=False + "w", delete_on_close=False ) as compiled_out: subprocess.check_call( [ - 'melange', 'compile', '--arch', 'x86_64', - '--pipeline-dir', './pipelines', filename, + "melange", + "compile", + "--arch", + "x86_64", + "--pipeline-dir", + "./pipelines", + filename, ], stdout=compiled_out, ) compiled_out.close() try: - with open(compiled_out.name, 'r') as compiled_in: + with open(compiled_out.name) as compiled_in: melange_cfg = yaml.load(compiled_in) do_shellcheck(melange_cfg) except ruamel.yaml.YAMLError as exc: @@ -82,5 +88,5 @@ def main(argv: Sequence[str] | None = None) -> int: return 0 -if __name__ == '__main__': +if __name__ == "__main__": raise SystemExit(main()) diff --git a/ruff.toml b/ruff.toml new file mode 100644 index 0000000..e1514d1 --- /dev/null +++ b/ruff.toml @@ -0,0 +1 @@ +line-length = 80 From 9e4e950ccbb77b5f34dcf7cef7c858f6dd32c779 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 22:59:49 -0400 Subject: [PATCH 05/17] pre-commit: Add additional python hooks Stolen from upstream pre-commit-hooks repo. Signed-off-by: dann frazier --- .pre-commit-config.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a10f25e..e92a7c1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,3 +16,25 @@ repos: hooks: - id: ruff-check - id: ruff-format + - repo: https://github.com/asottile/setup-cfg-fmt + rev: 79cc0ae5abfa1ba092b5938cd811a6069710ad77 # frozen: v2.8.0 + hooks: + - id: setup-cfg-fmt + - repo: https://github.com/asottile/reorder-python-imports + rev: fd0b4e1292716bcd12a396b86af1d1271aaaa62c # frozen: v3.14.0 + hooks: + - id: reorder-python-imports + args: [--py39-plus, --add-import, 'from __future__ import annotations'] + - repo: https://github.com/asottile/pyupgrade + rev: ce40a160603ab0e7d9c627ae33d7ef3906e2d2b2 # frozen: v3.19.1 + hooks: + - id: pyupgrade + args: [--py39-plus] + - repo: https://github.com/hhatto/autopep8 + rev: 4046ad49e25b7fa1db275bf66b1b7d60600ac391 # frozen: v2.3.2 + hooks: + - id: autopep8 + - repo: https://github.com/PyCQA/flake8 + rev: 4b5e89b4b108a6c1a000c591d334a99a80d34c7b # frozen: 7.2.0 + hooks: + - id: flake8 From 21ae0b9acc0ecd88a3ed16bcbd14accb75e46196 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 23:02:19 -0400 Subject: [PATCH 06/17] pre-commit: Add add-trailing-comma hook Signed-off-by: dann frazier --- .pre-commit-config.yaml | 4 ++++ pre_commit_hooks/shellcheck_run_steps.py | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e92a7c1..534ee84 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,6 +25,10 @@ repos: hooks: - id: reorder-python-imports args: [--py39-plus, --add-import, 'from __future__ import annotations'] + - repo: https://github.com/asottile/add-trailing-comma + rev: d2e6adc1665e461a764e2f38edfa2ef61f41be20 # frozen: v3.1.0 + hooks: + - id: add-trailing-comma - repo: https://github.com/asottile/pyupgrade rev: ce40a160603ab0e7d9c627ae33d7ef3906e2d2b2 # frozen: v3.19.1 hooks: diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index d1cdff3..08ebf91 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -50,7 +50,7 @@ def do_shellcheck(melange_cfg): with tempfile.NamedTemporaryFile(mode="w") as shfile: shfile.write(step["runs"]) subprocess.check_call( - ["shellcheck", "--shell=busybox", shfile.name] + ["shellcheck", "--shell=busybox", shfile.name], ) @@ -62,7 +62,8 @@ def main(argv: Sequence[str] | None = None) -> int: melange_cfg = {} for filename in args.filenames: with tempfile.NamedTemporaryFile( - "w", delete_on_close=False + "w", + delete_on_close=False, ) as compiled_out: subprocess.check_call( [ From 4c67b0990d1bc310f5b8dd4e8e5061330a99355a Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 23:12:44 -0400 Subject: [PATCH 07/17] pre-commit: Add mypy hook Signed-off-by: dann frazier --- .pre-commit-config.yaml | 4 ++++ pre_commit_hooks/shellcheck_run_steps.py | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 534ee84..089bc3c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -42,3 +42,7 @@ repos: rev: 4b5e89b4b108a6c1a000c591d334a99a80d34c7b # frozen: 7.2.0 hooks: - id: flake8 + - repo: https://github.com/pre-commit/mirrors-mypy + rev: f40886d54c729f533f864ed6ce584e920feb0af7 # frozen: v1.15.0 + hooks: + - id: mypy diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index 08ebf91..bf19465 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -4,6 +4,7 @@ import subprocess import tempfile from collections.abc import Generator +from collections.abc import Mapping from collections.abc import Sequence from typing import Any from typing import NamedTuple @@ -31,9 +32,9 @@ class Key(NamedTuple): unsafe: bool -def do_shellcheck(melange_cfg): +def do_shellcheck(melange_cfg: Mapping[str, Any]) -> None: if melange_cfg == {}: - return 0 + return pkgs = [melange_cfg] pkgs.extend(melange_cfg.get("subpackages", [])) From a8f19d069330c31e0ce3f760ba17c0ba16935493 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 23:17:16 -0400 Subject: [PATCH 08/17] shellcheck_run_steps: Add --shellcheck parameter Allow users to override the shellcheck executable. Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index bf19465..ec1aef3 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -32,7 +32,10 @@ class Key(NamedTuple): unsafe: bool -def do_shellcheck(melange_cfg: Mapping[str, Any]) -> None: +def do_shellcheck( + melange_cfg: Mapping[str, Any], + shellcheck: list[str], +) -> None: if melange_cfg == {}: return @@ -51,13 +54,19 @@ def do_shellcheck(melange_cfg: Mapping[str, Any]) -> None: with tempfile.NamedTemporaryFile(mode="w") as shfile: shfile.write(step["runs"]) subprocess.check_call( - ["shellcheck", "--shell=busybox", shfile.name], + shellcheck + ["--shell=busybox", "--", shfile.name], ) def main(argv: Sequence[str] | None = None) -> int: parser = argparse.ArgumentParser() parser.add_argument("filenames", nargs="*", help="Filenames to check.") + parser.add_argument( + "--shellcheck", + default=["shellcheck"], + nargs="*", + help="shellcheck command", + ) args = parser.parse_args(argv) melange_cfg = {} @@ -82,7 +91,7 @@ def main(argv: Sequence[str] | None = None) -> int: try: with open(compiled_out.name) as compiled_in: melange_cfg = yaml.load(compiled_in) - do_shellcheck(melange_cfg) + do_shellcheck(melange_cfg, args.shellcheck) except ruamel.yaml.YAMLError as exc: print(exc) return 1 From 584d6fd634a2587f81678fb83c5cd9cd87d400bf Mon Sep 17 00:00:00 2001 From: dann frazier Date: Mon, 19 May 2025 23:25:53 -0400 Subject: [PATCH 09/17] shellcheck_run_steps: default to using shellcheck docker image Requires that temp files live in the current directory, as that is what will be mounted within the container. We should replace this with a guarded container. Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index ec1aef3..699bb42 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -1,6 +1,7 @@ from __future__ import annotations import argparse +import os import subprocess import tempfile from collections.abc import Generator @@ -51,10 +52,11 @@ def do_shellcheck( for step in pipelines: if "runs" not in step.keys(): continue - with tempfile.NamedTemporaryFile(mode="w") as shfile: + with tempfile.NamedTemporaryFile(mode="w", dir=os.getcwd()) as shfile: shfile.write(step["runs"]) subprocess.check_call( - shellcheck + ["--shell=busybox", "--", shfile.name], + shellcheck + + ["--shell=busybox", "--", os.path.basename(shfile.name)], ) @@ -63,7 +65,14 @@ def main(argv: Sequence[str] | None = None) -> int: parser.add_argument("filenames", nargs="*", help="Filenames to check.") parser.add_argument( "--shellcheck", - default=["shellcheck"], + default=[ + "docker", + "run", + f"--volume={os.getcwd()}:/mnt", + "--rm", + "-it", + "koalaman/shellcheck:latest", + ], nargs="*", help="shellcheck command", ) From d449bb08df774b4d17f4a69fedfccc93d8a41d3e Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:03:12 -0400 Subject: [PATCH 10/17] shellcheck_run_steps: just call shellcheck once per yaml We can pass all run steps to one instance of shellcheck. This should be faster. Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 34 +++++++++++++++++------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index 699bb42..71b2ebb 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -1,6 +1,7 @@ from __future__ import annotations import argparse +import contextlib import os import subprocess import tempfile @@ -48,16 +49,31 @@ def do_shellcheck( if "test" in pkg.keys(): test_pipeline = pkg["test"].get("pipeline", []) pipelines.extend(test_pipeline) - - for step in pipelines: - if "runs" not in step.keys(): - continue - with tempfile.NamedTemporaryFile(mode="w", dir=os.getcwd()) as shfile: - shfile.write(step["runs"]) - subprocess.check_call( - shellcheck - + ["--shell=busybox", "--", os.path.basename(shfile.name)], + all_run_files = [] + with contextlib.ExitStack() as stack: + for step in pipelines: + if "runs" not in step.keys(): + continue + all_run_files.extend( + [ + stack.enter_context( + tempfile.NamedTemporaryFile( + mode="w", + dir=os.getcwd(), + delete_on_close=False, + ), + ), + ], ) + for shfile in all_run_files: + shfile.write(step["runs"]) + shfile.close() + subprocess.check_call( + ["/usr/bin/shellcheck"] + + ["--shell=busybox", "--"] + + [os.path.basename(f.name) for f in all_run_files], + cwd=os.getcwd(), + ) def main(argv: Sequence[str] | None = None) -> int: From 43bce5ea9672a4675b5c488493b26237eb1aaa67 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:06:27 -0400 Subject: [PATCH 11/17] shellcheck_run_steps: Add typing info for pipelines var Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index 71b2ebb..6bc9038 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -43,7 +43,7 @@ def do_shellcheck( pkgs = [melange_cfg] pkgs.extend(melange_cfg.get("subpackages", [])) - pipelines = [] + pipelines: list[Mapping[str, Any]] = [] for pkg in pkgs: pipelines.extend(pkg.get("pipeline", [])) if "test" in pkg.keys(): From bbcdb5a5156d3edad3210ae9e9fc9b3fd9303c12 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:08:23 -0400 Subject: [PATCH 12/17] shellcheck_run_steps: prefix tmpfile with main package name For easier debugging. Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index 6bc9038..dd2a643 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -49,6 +49,7 @@ def do_shellcheck( if "test" in pkg.keys(): test_pipeline = pkg["test"].get("pipeline", []) pipelines.extend(test_pipeline) + name = melange_cfg["package"]["name"] all_run_files = [] with contextlib.ExitStack() as stack: for step in pipelines: @@ -59,6 +60,7 @@ def do_shellcheck( stack.enter_context( tempfile.NamedTemporaryFile( mode="w", + prefix=name, dir=os.getcwd(), delete_on_close=False, ), From bf10ac6636911973d256f70f1d6a0bbbfb5c8649 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:10:23 -0400 Subject: [PATCH 13/17] shellcheck_run_steps: use --foo=bar syntax for melange params Fewer lines, and clearer. Signed-off-by: dann frazier --- pre_commit_hooks/shellcheck_run_steps.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pre_commit_hooks/shellcheck_run_steps.py b/pre_commit_hooks/shellcheck_run_steps.py index dd2a643..5c66bce 100644 --- a/pre_commit_hooks/shellcheck_run_steps.py +++ b/pre_commit_hooks/shellcheck_run_steps.py @@ -106,10 +106,8 @@ def main(argv: Sequence[str] | None = None) -> int: [ "melange", "compile", - "--arch", - "x86_64", - "--pipeline-dir", - "./pipelines", + "--arch=x86_64", + "--pipeline-dir=./pipelines", filename, ], stdout=compiled_out, From e3d6bedd4cdbee96e87381737e42dcfcdd1c5eaa Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:24:23 -0400 Subject: [PATCH 14/17] github: run pre-commit check Signed-off-by: dann frazier --- .github/workflows/lint.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/lint.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..f8d9e1d --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,21 @@ +name: Lint + +on: + pull_request: + branches: ['main'] + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 From 48fd522962672c714d7471ef83a26701c1be6b0f Mon Sep 17 00:00:00 2001 From: dann frazier Date: Tue, 20 May 2025 00:33:45 -0400 Subject: [PATCH 15/17] setup.py: ruff Signed-off-by: dann frazier --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 3d93aef..a03590f 100644 --- a/setup.py +++ b/setup.py @@ -1,4 +1,5 @@ from __future__ import annotations from setuptools import setup + setup() From d9ade74bda88c70a23c483e97000cc3defc4898c Mon Sep 17 00:00:00 2001 From: Amber Arcadia Date: Tue, 20 May 2025 14:11:07 -0400 Subject: [PATCH 16/17] More verbosely define stages Signed-off-by: Amber Arcadia --- .pre-commit-hooks.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 7becda0..c78a274 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -15,4 +15,8 @@ description: run shellcheck on each "run" step in a melange pipeline entry: shellcheck-run-steps language: python - types: [yaml] + stages: + - pre-commit + - manual + types: + - yaml From 54a94fae519712d0369a811cd7b85618447aca49 Mon Sep 17 00:00:00 2001 From: Amber Arcadia Date: Tue, 20 May 2025 14:14:04 -0400 Subject: [PATCH 17/17] Add shellcheck-run-steps to example config Signed-off-by: Amber Arcadia --- example.pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/example.pre-commit-config.yaml b/example.pre-commit-config.yaml index a94f8f1..00efe9d 100644 --- a/example.pre-commit-config.yaml +++ b/example.pre-commit-config.yaml @@ -7,6 +7,7 @@ repos: rev: e4f3bba353cc583ce73f660dcf217e245fd681d3 hooks: - id: check-for-epoch-bump + - id: shellcheck-run-steps - repo: https://github.com/chainguard-dev/yam rev: 498642e77997ba79709f43a7ee2c84b12b2145bb # v0.2.12 hooks: