Skip to content

Conversation

PaulYuuu
Copy link

@PaulYuuu PaulYuuu commented Sep 29, 2025

  • Add comprehensive pre-commit configuration with hooks for:
    • Code quality checks (black, isort, codespell)
    • Security scanning (gitleaks)
    • File validation (large files, private keys, yaml syntax)
    • Line ending and whitespace fixes
  • Add commitlint configuration with conventional commit format
  • Configure signed-off-by trailer requirement for commits

Summary by CodeRabbit

  • Chores
    • Introduced automated pre-commit and commit-msg checks for improved code quality and security.
    • Enforces formatting and imports consistency, normalized line endings, trailing whitespace cleanup, and end-of-file newlines.
    • Prevents committing large files, private keys, and direct commits to protected branches.
    • Adds credential scanning and spelling checks with an ignore list.
    • Implements commit message linting with conventional rules, guidance, and interactive prompts.
    • Applies consistent standards across staged changes and commit messages to reduce errors and streamline contributions.

- Add comprehensive pre-commit configuration with hooks for:
  - Code quality checks (black, isort, codespell)
  - Security scanning (gitleaks)
  - File validation (large files, private keys, yaml syntax)
  - Line ending and whitespace fixes
- Add commitlint configuration with conventional commit format
- Configure signed-off-by trailer requirement for commits

Signed-off-by: Yihuang Yu <[email protected]>
Copy link

coderabbitai bot commented Sep 29, 2025

📝 Walkthrough

Walkthrough

Adds a pre-commit configuration with multiple hooks (formatting, linting, security, spelling, commit message validation) and introduces a comprehensive commitlint configuration module exporting rules, ignores, formatter, help URL, and interactive prompt settings.

Changes

Cohort / File(s) Summary of changes
Pre-commit tooling
\.pre-commit-config.yaml
Adds pre-commit hooks: pre-commit-hooks (file checks, YAML, EOL, whitespace), gitleaks (v8.28.0), isort (6.0.1, Black profile), black (25.9.0), codespell (v2.4.1, ignore file), and commitlint hook (v9.22.0) with commit-msg stage and conventional config dependency.
Commit linting config
commitlint.config.mjs
Introduces default-exported commitlint config extending conventional rules, specifying formatter, detailed rules (body/header/footer/subject/type-enum/trailers), ignore logic, defaultIgnores flag, helpUrl, and interactive prompt schema.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly and accurately summarizes the primary change by stating the addition of pre-commit hooks and commitlint configuration, directly reflecting the PR’s objectives of enhancing code quality and enforcing commit message standards without unnecessary detail.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mr-avocado mr-avocado bot moved this to Review Requested in Default project Sep 29, 2025
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (4)
commitlint.config.mjs (2)

33-41: Avoid redundant checks: pick either signed-off-by or trailer-exists

Both rules enforce the same trailer; keeping both is redundant. Prefer a single rule (usually trailer-exists to ensure it’s in the trailer section).

     "subject-full-stop": [2, "never", "."],
-    "signed-off-by": [2, "always", "Signed-off-by:"],
+    // "signed-off-by": [2, "always", "Signed-off-by:"],
     /*
     * Enable type if we need, warn it currently.
     */
     "type-enum": [0, "always", ['ci', 'docs', 'feat', 'fix', 'perf', 'refactor', 'revert', 'rfe', 'style']],
     "type-case": [0, "always", "lower-case"],
     "type-empty": [0, "never"],
     "trailer-exists": [2, "always", "Signed-off-by:"]

Reference list of supported rules includes both entries. (commitlint.js.org)


37-37: Comment says “warn it currently”, but severity is off (0)

If you want warnings (non‑blocking), set severity to 1.

-    "type-enum": [0, "always", ['ci', 'docs', 'feat', 'fix', 'perf', 'refactor', 'revert', 'rfe', 'style']],
+    "type-enum": [1, "always", ['ci', 'docs', 'feat', 'fix', 'perf', 'refactor', 'revert', 'rfe', 'style']],

Committed types are enforced by type-enum when enabled. (commitlint.js.org)

.pre-commit-config.yaml (2)

15-16: FYI: no-commit-to-branch already protects main and master by default

You can add more branches/patterns via args if needed; otherwise defaults are fine.

Docs for defaults and args are here. (github.com)


35-41: Optional: pin commitlint dependencies for stricter reproducibility

You already pin the hook revision. To avoid potential @commitlint/* version mismatches when adding plugins later, consider pinning versions in additional_dependencies (e.g., @commitlint/[email protected]). Not required now, just future‑proofing.

Background on dependency mismatches and rules recognition. (commitlint.js.org)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a2c5df and b6127c9.

📒 Files selected for processing (2)
  • .pre-commit-config.yaml (1 hunks)
  • commitlint.config.mjs (1 hunks)
🔇 Additional comments (5)
commitlint.config.mjs (3)

6-11: Config shape and ESM export look good

Using ESM with export default, extending @commitlint/config-conventional, and setting formatter: '@commitlint/format' matches current commitlint docs. (commitlint.js.org)


49-49: Do you want to enforce Signed-off-by on merge commits too?

With defaultIgnores: true, commitlint skips merge commits; that means Signed-off-by: won’t be required on merges. If you want it enforced everywhere, set defaultIgnores: false (and add custom ignores if needed).

Docs detail ignores and defaultIgnores. (commitlint.js.org)


53-55: Nice touch on helpUrl

Linking to Avocado’s commit style guide matches the local policy (72 char header, no trailing period, Signed‑off‑by).

Avocado commit style guide confirms these rules. (avocado-framework.readthedocs.io)

.pre-commit-config.yaml (2)

1-1: Correct staging setup for commitlint

Installing both pre-commit and commit-msg hook types is the recommended pattern. (github.com)


3-17: Hook versions look current

Pinned versions are recent/stable: pre-commit-hooks v6.0.0, gitleaks v8.28.0, isort 6.0.1, black 25.9.0, codespell v2.4.1, commitlint-pre-commit-hook v9.22.0.

Refs: pre-commit-hooks v6.0.0 usage; Gitleaks v8.28.0 release; isort 6.0.1; Black 25.9.0; Codespell 2.4.1; commitlint-pre-commit-hook v9.22.0. (github.com)

Copy link
Contributor

@richtja richtja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @PaulYuuu, thank you for introducing the pre-commit hooks, this will definitely be an improvement of our static-checks. I have just couple of comments:

  1. IIUIC this should replace the current static-checks scripts, therefore I would remove them from repo so we won't have two solutions.
  2. The last missing static check is lint check. Unfortunatly that is higly configurable in static-checks therefore I don't think we can use regular lint hook for it and will need to run the current script via hooks. Something like this:
- repo: local
  hooks:
    - id: check-lint
      name: Run pylint checks
      entry: static-checks/check-lint
      language: system
      types: [python]
      pass_filenames: false

args: ['--maxkb=5120']
- id: check-ast
- id: check-yaml
exclude: .cirrus.yml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The .cirrus.yml is only related to avocado-vt. For example, on avocado file we need to exclude different files for example examples/yaml_to_mux/. If we won't be able to have a separated exclude list for different repos then I think we will have to remove this check.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, cirrus.yml does not follow the yaml syntax, but it's vt only. So I am okay to remove it from here, if we have this requirement at specific repository, we can use another github action or static-check.

- id: isort
args: ['--profile=black']
- repo: https://github.com/psf/black
rev: 25.9.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, we are using black version 22.3.0, but probably we can do update with this change.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your confirmation. Indeed, IIRC, 22.3.0 is to keep maintain the compatibility of python3.8, as we dropped its support, so I hope we can upgrade some toolchains to align tool's bug fix or style rules.

E.g. 22.3.0 will format multiple string line but has an issue like

# original 
test = (
    "foo"
    "bar"
)

# 22.3.0
test = ("foo" "bar")

# 25.9.0
test = ("foobar")

We can consider which version to use, not necessarily the latest version I put here.

@PaulYuuu
Copy link
Author

Hi @PaulYuuu, thank you for introducing the pre-commit hooks, this will definitely be an improvement of our static-checks. I have just couple of comments:

  1. IIUIC this should replace the current static-checks scripts, therefore I would remove them from repo so we won't have two solutions.
  2. The last missing static check is lint check. Unfortunatly that is higly configurable in static-checks therefore I don't think we can use regular lint hook for it and will need to run the current script via hooks. Something like this:
- repo: local
  hooks:
    - id: check-lint
      name: Run pylint checks
      entry: static-checks/check-lint
      language: system
      types: [python]
      pass_filenames: false

Hello @richtja, I did not add pylint here is because the scope of pylint is not clear for me and I am not sure if we still need it, as we already have black and isort. I can also add pylint pre-commit hook, and for each repo, link the pylintrc from static-check submodule to the repo root, then it should works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Review Requested

Development

Successfully merging this pull request may close these issues.

2 participants