feat: Add bmake pre-commit hook

[hassaansaleem28]

Proposed change

Resolves #3984

Description

This PR integrates checkmake (a Makefile linter) into the pre-commit configuration and CI pipeline to enforce consistency and correctness across all Makefiles in the repository.

Changes

• Pre-commit: Added checkmake hook to .pre-commit-config.yaml.
• Configuration: Created checkmake.ini to accommodate existing code conventions by disabling overly strict rules (minphony, maxbodylength, uniquetargets).
• CI/CD: Updated .github/workflows/run-ci-cd.yaml to include actions/setup-go (pinned to SHA) in the pre-commit job, enabling checkmake to run in CI.
• Makefile Fixes: Added missing .PHONY declarations to all Makefiles to satisfy linter requirements and prevent file conflicts.
• Dictionary: Updated cspell/custom-dict.txt with checkmake-specific terms to resolve spellcheck failures.

Verification

• Ran pre-commit run checkmake --all-files locally: Passed.
• Ran make check locally: Passed.

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed
• I used AI for code, documentation, tests, or communication related to this PR

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Integrated bake formatting and validation tool into the project's pre-commit workflow.
  • Added comprehensive build formatting and linting configuration.

• Chores

  • Updated build process configurations and standardized Makefile definitions.

Walkthrough

This PR introduces Makefile linting via mbake by adding a .bake.toml configuration file and mbake hooks to the pre-commit pipeline, declares phony targets in cspell/Makefile, and applies formatting adjustments across multiple Makefile files.

Changes

Cohort / File(s)	Summary
Makefile linting configuration .pre-commit-config.yaml, .bake.toml	Added mbake pre-commit hooks (mbake-format, mbake-validate) with configuration pointing to .bake.toml, and introduced new mbake configuration file with formatter options (alignment, spacing, line length, trailing whitespace handling, etc.).
Phony target declarations cspell/Makefile	Added .PHONY declaration for targets: check-spelling, cspell-install, cspell-check, cspell-run, and update-cspell-dependencies.
Makefile formatting adjustments Makefile, backend/Makefile, backend/apps/slack/Makefile, frontend/Makefile	Applied indentation and spacing adjustments across multiple Makefiles; removed a blank line in backend/apps/slack/Makefile; no functional or logic changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Add Markdown lint/format #3954: Adds markdownlint hooks to .pre-commit-config.yaml alongside this PR's mbake hook additions, indicating coordinated tooling expansion.

Suggested labels

ci

Suggested reviewers

• kasya

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title mentions 'bmake' but all changes implement 'checkmake', creating a mismatch between the title and the actual content of the changes.	Update the PR title from 'feat: Add bmake pre-commit hook' to 'feat: Add checkmake pre-commit hook' to accurately reflect the Makefile linter being integrated.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description clearly explains the integration of checkmake for Makefile linting, the configuration changes made, verification steps completed, and references the resolved issue #3984.
Linked Issues check	✅ Passed	The PR successfully addresses issue #3984 by integrating checkmake into pre-commit and CI, detecting Makefile issues, and enforcing standards across the repository as required.
Out of Scope Changes check	✅ Passed	Changes include pre-commit configuration, Makefile formatting/fixes, dictionary updates, and indentation adjustments—all directly related to implementing Makefile linting per the linked issue requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

.pre-commit-config.yaml (2)

55-55: language_version: system ties markdownlint to the ambient Node.js installation.

This is a behavioural change: pre-commit will now use whatever node is on the system PATH rather than a version it manages itself. This is fine on ubuntu-latest (Node is pre-installed), but locally a developer without Node in their PATH will see the hook fail with a confusing error. If a pinned Node version is desired, use language_version: '24' (or another explicit version) to stay consistent with the check-frontend job; if the intent is simply to avoid a second managed runtime, document that assumption.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.pre-commit-config.yaml at line 55, Replace the ambiguous hook setting
"language_version: system" in the markdownlint pre-commit hook with an explicit
Node version string (for example "language_version: '24'") to match the pinned
runtime used by the check-frontend job, or alternatively add a
comment/documentation near the markdownlint hook stating that the hook
deliberately relies on the system PATH node installation; update the entry that
currently contains language_version: system to the chosen explicit version or
add the documentation so developers without Node in PATH don’t encounter
confusing failures.

---

2-5: Consider updating the checkmake repo URL to the canonical location.

The hook points to https://github.com/mrtazz/checkmake, which is the pre-transfer URL. The canonical checkmake repository now lives at https://github.com/checkmake/checkmake — GitHub currently redirects the old URL, but using the canonical URL is more explicit and avoids a redirect dependency.

♻️ Suggested update

-  - repo: https://github.com/mrtazz/checkmake
+  - repo: https://github.com/checkmake/checkmake
     rev: v0.3.2
     hooks:
       - id: checkmake

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.pre-commit-config.yaml around lines 2 - 5, Replace the non-canonical
checkmake repo URL in .pre-commit-config.yaml: update the repo string
"https://github.com/mrtazz/checkmake" to the canonical
"https://github.com/checkmake/checkmake" in the pre-commit hook block (the entry
containing rev: v0.3.2 and id: checkmake) so the hook points directly to the
official repository and avoids GitHub redirects.

.github/workflows/run-ci-cd.yaml (1)

47-51: Pin go-version to a specific release for reproducibility; cache key doesn't account for version changes.

Using 'stable' means any run after a new stable Go release will pick up a different version, creating non-determinism in how checkmake is compiled within the pre-commit sandbox. The pre-commit cache key (line 56) only includes .pre-commit-config.yaml and runner.os, so if the stable Go version changes, a stale cached binary could be served until manual invalidation or the config file changes. Consider pinning to a specific version (e.g., '1.24') instead.

The SHA 0c52d547c9bc32b1aa3301fd7a9cb496313a4491 correctly corresponds to actions/setup-go release v5.0.0 and is properly pinned; no update needed there.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/run-ci-cd.yaml around lines 47 - 51, The workflow
currently sets go-version: 'stable' in the actions/setup-go step (uses:
actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491), which causes
nondeterministic Go versions; change go-version to a specific release string
(e.g., '1.24') and also update the pre-commit cache key construction (the cache
key that currently references .pre-commit-config.yaml and runner.os) to include
the pinned go-version so cache invalidation aligns with Go upgrades, ensuring
reproducible builds of checkmake in the pre-commit sandbox.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/run-ci-cd.yaml:
- Around line 47-51: The workflow currently sets go-version: 'stable' in the
actions/setup-go step (uses:
actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491), which causes
nondeterministic Go versions; change go-version to a specific release string
(e.g., '1.24') and also update the pre-commit cache key construction (the cache
key that currently references .pre-commit-config.yaml and runner.os) to include
the pinned go-version so cache invalidation aligns with Go upgrades, ensuring
reproducible builds of checkmake in the pre-commit sandbox.

In @.pre-commit-config.yaml:
- Line 55: Replace the ambiguous hook setting "language_version: system" in the
markdownlint pre-commit hook with an explicit Node version string (for example
"language_version: '24'") to match the pinned runtime used by the check-frontend
job, or alternatively add a comment/documentation near the markdownlint hook
stating that the hook deliberately relies on the system PATH node installation;
update the entry that currently contains language_version: system to the chosen
explicit version or add the documentation so developers without Node in PATH
don’t encounter confusing failures.
- Around line 2-5: Replace the non-canonical checkmake repo URL in
.pre-commit-config.yaml: update the repo string
"https://github.com/mrtazz/checkmake" to the canonical
"https://github.com/checkmake/checkmake" in the pre-commit hook block (the entry
containing rev: v0.3.2 and id: checkmake) so the hook points directly to the
official repository and avoids GitHub redirects.

[coderabbitai]

🧹 Nitpick comments (1)

.pre-commit-config.yaml (1)

2-5: Consider updating to the canonical repository URL.

v0.3.2 is confirmed to be the latest release, so the pinned revision is current and valid. The hook configuration is also correct: checkmake defaults --config to checkmake.ini in the CWD and picks it up automatically, so no explicit args are needed here.

The one thing to tidy up: mrtazz/checkmake was transferred to checkmake/checkmake. GitHub redirects are transparent for most operations, but referencing the canonical URL is more robust.

♻️ Update to canonical repo URL

- - repo: https://github.com/mrtazz/checkmake
+ - repo: https://github.com/checkmake/checkmake
    rev: v0.3.2
    hooks:
      - id: checkmake

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.pre-commit-config.yaml around lines 2 - 5, Update the pre-commit hook to
use the canonical repository URL: replace the repo string
"https://github.com/mrtazz/checkmake" with
"https://github.com/checkmake/checkmake" while keeping the same pinned revision
"rev: v0.3.2" and the existing hook id "checkmake" (no changes to args/config
needed).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.pre-commit-config.yaml:
- Around line 2-5: Update the pre-commit hook to use the canonical repository
URL: replace the repo string "https://github.com/mrtazz/checkmake" with
"https://github.com/checkmake/checkmake" while keeping the same pinned revision
"rev: v0.3.2" and the existing hook id "checkmake" (no changes to args/config
needed).

[hassaansaleem28]

@cubic-dev-ai
Review this pull.

[cubic-dev-ai]

@cubic-dev-ai
Review this pull.

@hassaansaleem28 I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

No issues found across 5 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[arkid15r]

Any reasons to pick this over https://github.com/EbodShojaei/bake ?
I'd prefer less dependencies (this PR introduces golang which is okay but it's better to avoid extra lang support if possible)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[hassaansaleem28]

Hi @arkid15r,
I excluded backend/Makefile and the sub-apps from mbake-validate. Since they are partials that depend on the root Makefile for commands, validating them in isolation fails. (They are still being formatted, though!)

I disabled end-of-file-fixer for Makefiles. mbake-format strips the final newline, and the fixer adds it back, creating an infinite loop. I let mbake win.

[hassaansaleem28]

@cubic-dev-ai
Review this pull.

[cubic-dev-ai]

@cubic-dev-ai
Review this pull.

@hassaansaleem28 I have started the AI code review. It will take a few minutes to complete.

[cubic-dev-ai]

No issues found across 12 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.bake.toml:
- Around line 1-25: The PR has a tool identity mismatch: the implementation adds
an mbake (.bake.toml) configuration but the title/description/issue reference
checkmake (Go) and a checkmake.ini; fix by reconciling intent — either (A)
implement checkmake integration: add the checkmake config file (checkmake.ini),
update CI to use setup-go and install/checkcheckmake, and replace/rename
.bake.toml references with checkmake-specific config and invocation, or (B)
change the PR metadata to accurately describe using mbake: update the PR
title/description/linked issue text to mention mbake (EbodShojaei/bake), remove
any references to checkmake/checkmake.ini/setup-go, and ensure CI/workflows and
documentation reflect .bake.toml and mbake commands; update any filenames and
README entries so code (symbols: .bake.toml, checkmake.ini, setup-go, mbake) and
PR text are consistent.

In @.pre-commit-config.yaml:
- Around line 2-3: The pre-commit entry uses a mutable tag for the third-party
repo (repo: https://github.com/EbodShojaei/bake, rev: v1.4.5); replace the tag
with the exact commit SHA for v1.4.5 (obtain via git ls-remote
https://github.com/EbodShojaei/bake refs/tags/v1.4.5) and update the rev value
to that SHA in .pre-commit-config.yaml, then add a short comment next to the
repo entry noting the tag and the resolved SHA for future traceability.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Supply chain risk: personal repository pinned by mutable tag, not by commit SHA.

https://github.com/EbodShojaei/bake is a personal GitHub repository (not an established org/foundation project), and rev: v1.4.5 is a git tag that can be silently re-pointed to a different commit. Pre-commit hooks execute code on every developer's machine on every commit, making this a meaningful supply chain exposure.

Recommend pinning to the specific commit SHA that corresponds to v1.4.5 and adding a comment for traceability:

🔒 Proposed fix: pin to commit SHA

  - repo: https://github.com/EbodShojaei/bake
-   rev: v1.4.5
+   rev: <full-40-char-SHA-of-v1.4.5-tag>  # v1.4.5

Retrieve the SHA with:

git ls-remote https://github.com/EbodShojaei/bake refs/tags/v1.4.5

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.pre-commit-config.yaml around lines 2 - 3, The pre-commit entry uses a
mutable tag for the third-party repo (repo: https://github.com/EbodShojaei/bake,
rev: v1.4.5); replace the tag with the exact commit SHA for v1.4.5 (obtain via
git ls-remote https://github.com/EbodShojaei/bake refs/tags/v1.4.5) and update
the rev value to that SHA in .pre-commit-config.yaml, then add a short comment
next to the repo entry noting the tag and the resolved SHA for future
traceability.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.79%. Comparing base (c95cd6d) to head (6a10c28).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3998   +/-   ##
=======================================
  Coverage   99.79%   99.79%           
=======================================
  Files         517      517           
  Lines       15914    15914           
  Branches     2168     2168           
=======================================
  Hits        15881    15881           
  Misses          3        3           
  Partials       30       30           

Flag	Coverage Δ
backend	100.00% <ø> (ø)
frontend	99.16% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c95cd6d...6a10c28. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arkid15r]

LGTM
Thanks for adding this!

x