fix: validate CI env and isolate check types#253
Merged
zeitlinger merged 28 commits intomainfrom Apr 30, 2026
Merged
Conversation
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
zeitlinger
force-pushed
the
codex/ci-env-required
branch
from
bb0d8fa to
dc2d8fa
Compare
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
zeitlinger
changed the title
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
zeitlinger
changed the title
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
zeitlinger
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors Flint’s check registry to support “native” (in-process) checks with shared check-type metadata, and adds runtime CI environment validation for GitHub-dependent checks (notably lychee and renovate-deps).
Changes:
- Introduces
CheckType/NativeCheckinfrastructure to move type-level behavior (init hooks, adaptive relevance, status overrides, baseline triggers, output normalization, workflow setup hints) into registry-owned metadata. - Adds CI-vs-local token/PR-metadata validation and clearer warnings/errors for
lycheeandrenovate-deps, plus forwardingGITHUB_TOKEN→GITHUB_COM_TOKENfor Renovate when needed. - Updates init flow, docs, and E2E cases to align with the new native-check model and CI env requirements.
Reviewed changes
Copilot reviewed 63 out of 63 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/e2e.rs | Clears additional GitHub-related env vars to make E2E runs deterministic. |
| tests/cases/renovate-deps/up-to-date/test.toml | Sets GITHUB_TOKEN env for renovate-deps case. |
| tests/cases/renovate-deps/up-to-date-renovaterc-json/test.toml | Sets GITHUB_TOKEN env for renovate-deps case. |
| tests/cases/renovate-deps/out-of-date/test.toml | Ensures renovate-deps case has GITHUB_TOKEN env and updates expected output formatting. |
| tests/cases/renovate-deps/local-missing-token-warns/test.toml | Adds new case verifying local missing-token behavior warns but still runs into snapshot error. |
| tests/cases/renovate-deps/local-missing-token-warns/files/renovate.json5 | Adds minimal renovate config fixture for local-missing-token case. |
| tests/cases/renovate-deps/local-missing-token-warns/files/mise.toml | Adds renovate tool fixture for local-missing-token case. |
| tests/cases/renovate-deps/fix-update/test.toml | Sets GITHUB_TOKEN env for renovate-deps fix-update case. |
| tests/cases/renovate-deps/fix-create/test.toml | Sets GITHUB_TOKEN env for renovate-deps fix-create case. |
| tests/cases/renovate-deps/fast-only-relevant/test.toml | Sets GITHUB_TOKEN env for adaptive relevance case. |
| tests/cases/renovate-deps/fast-only-irrelevant/test.toml | Sets GITHUB_TOKEN env for adaptive relevance case. |
| tests/cases/renovate-deps/ci-missing-token/test.toml | Adds CI case asserting renovate-deps fails without required token(s). |
| tests/cases/renovate-deps/ci-missing-token/files/renovate.json5 | Adds minimal renovate config fixture for CI-missing-token case. |
| tests/cases/renovate-deps/ci-missing-token/files/mise.toml | Adds renovate tool fixture for CI-missing-token case. |
| tests/cases/lychee/local-missing-token-warns/test.toml | Adds local case asserting lychee warns (not fails) when token missing. |
| tests/cases/lychee/local-missing-token-warns/files/mise.toml | Adds lychee tool fixture for local-missing-token case. |
| tests/cases/lychee/local-missing-token-warns/files/lychee.toml | Adds minimal lychee config fixture. |
| tests/cases/lychee/local-missing-token-warns/files/README.md | Adds fixture content for lychee scan. |
| tests/cases/lychee/clean/test.toml | Adds token + fake bin to make lychee case deterministic. |
| tests/cases/lychee/ci-pr-missing-remap-env/test.toml | Adds CI PR case asserting missing PR remap metadata fails in diff mode. |
| tests/cases/lychee/ci-pr-missing-remap-env/files/mise.toml | Adds lychee tool fixture for CI PR remap-metadata case. |
| tests/cases/lychee/ci-pr-missing-remap-env/files/lychee.toml | Adds minimal lychee config fixture. |
| tests/cases/lychee/ci-pr-missing-remap-env/files/README.md | Adds fixture content for lychee scan. |
| tests/cases/lychee/ci-pr-missing-remap-env/changes/README.md | Adds changed-file fixture for diff-mode lychee scan. |
| tests/cases/lychee/ci-missing-token/test.toml | Adds CI case asserting lychee fails without GITHUB_TOKEN. |
| tests/cases/lychee/ci-missing-token/files/mise.toml | Adds lychee tool fixture for CI-missing-token case. |
| tests/cases/lychee/ci-missing-token/files/lychee.toml | Adds minimal lychee config fixture. |
| tests/cases/lychee/ci-missing-token/files/README.md | Adds fixture content for lychee scan. |
| tests/cases/lychee/ci-full-missing-remap-env/test.toml | Adds CI full-mode case asserting PR remap metadata is not required under --full. |
| tests/cases/lychee/ci-full-missing-remap-env/files/mise.toml | Adds lychee tool fixture for CI full-mode case. |
| tests/cases/lychee/ci-full-missing-remap-env/files/lychee.toml | Adds minimal lychee config fixture. |
| tests/cases/lychee/ci-full-missing-remap-env/files/README.md | Adds fixture content for lychee scan. |
| tests/cases/lychee/broken-link/test.toml | Adds token + fake bin output for deterministic broken-link behavior. |
| tests/cases/general/init-rust/test.toml | Updates expected init output ordering due to refactored init hook generation. |
| tests/cases/general/fast-only-explicit-override/test.toml | Updates expected stderr to include renovate-deps missing-token warning. |
| src/runner.rs | Replaces special-check handling with a unified native-check preparation/run path; adds hooks for output normalization and missing-component hints. |
| src/registry/types.rs | Introduces CheckType, NativeCheck, PreparedNativeCheck, InitHookContext, and additional registry metadata fields (relevance hooks, status hooks, baseline triggers, etc.). |
| src/registry/tests.rs | Updates registry tests for native checks and adds assertion that adaptive checks declare relevance hooks. |
| src/registry/mod.rs | Re-exports new registry types/hooks used across the codebase. |
| src/registry/checks.rs | Migrates former special checks to native checks; wires check-type metadata, adaptive relevance, baseline triggers, and workflow setup flags. |
| src/main.rs | Switches adaptive fast-only gating to registry-owned relevance hooks and replaces special-kind checks with native/setup checks. |
| src/linters/yamllint.rs | Adds check-type init hook to generate .yamllint.yml. |
| src/linters/taplo.rs | Adds check-type init hook to generate .taplo.toml and provides non-verbose failure output normalization. |
| src/linters/rustfmt.rs | Adds check-type init hook to generate rustfmt.toml. |
| src/linters/rumdl.rs | Moves rumdl config generation and legacy conversion logic into linter module as an init hook. |
| src/linters/renovate_deps.rs | Adds native check implementation, CI/local env validation, adaptive relevance hook, flint.toml/preset patching init behavior, and token forwarding behavior. |
| src/linters/mod.rs | Adds new linter modules and re-exports LinterOutput from registry. |
| src/linters/lychee.rs | Adds native check implementation plus CI/local env validation for tokens and PR remap metadata. |
| src/linters/license_header.rs | Converts license-header into a native check with status override and uses shared file matching helper. |
| src/linters/flint_setup.rs | Converts flint-setup into a native setup check with tracked-files support. |
| src/linters/env.rs | Adds shared CI/token env helpers (truthy CI detection, token checks, warning messages). |
| src/linters/biome.rs | Adds check-type init hook to generate/migrate biome.jsonc. |
| src/init/tests.rs | Adds coverage ensuring shared check-type init hooks run once per type; updates tests to use new generator locations. |
| src/init/scaffold.rs | Renames workflow generation flag to reflect rust-components setup needs. |
| src/init/renovate.rs | Removes old renovate patching module (logic moved into renovate-deps linter/init hook). |
| src/init/mod.rs | Refactors init to run check-type init hooks and determine workflow setup needs from registry metadata. |
| src/init/generation.rs | Removes re-exports tied to deleted renovate module. |
| src/init/config_files.rs | Simplifies flint.toml generation (renovate-deps section now handled by check-type init hook). |
| src/files.rs | Makes FileList Debug and moves match_files/glob helper into shared module for reuse by native checks. |
| src/config.rs | Updates comments to refer to native checks instead of special checks. |
| docs/linters.md | Updates terminology and docs for native checks; documents new CI token/PR-metadata requirements for lychee and renovate-deps. |
| docs/cli.md | Updates baseline behavior docs to refer to native checks. |
| README.md | Updates GitHub env documentation to reflect per-check requirements and points to lychee docs for PR remap env. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
This was referenced Apr 29, 2026
martincostello
approved these changes
Apr 30, 2026
zeitlinger
added a commit
that referenced
this pull request
Apr 30, 2026
Blocked by #253 ## Summary Fixes adaptive `renovate-deps` relevance when the only relevant change is deleting a file that is still tracked in `.github/renovate-tracked-deps.json`. The changed-path collection now preserves deleted paths, and `renovate-deps` uses the raw changed path list for relevance instead of only existing files. ## Validation - `cargo fmt -- --check` - `git diff --check` - `cargo test renovate_deps` - `FLINT_CASES=renovate-deps/fast-only cargo test cases` Note: `FLINT_CASES=renovate-deps cargo test cases` was attempted, but non-fake renovate fixtures need `renovate` installed on `PATH`.
zeitlinger
added a commit
that referenced
this pull request
Apr 30, 2026
…257) Blocked by #253 ## Summary - shrink the README quickstart `[tools]` example to three representative linters - manage those three README example versions with repo-local Renovate regex managers - keep the shared `default.json` free of repo-specific README rules - update the Renovate drift test so only shared managers are compared against `default.json` - keep flint-managed linter updates in a single weekly Monday Renovate PR with a clearer generated title ## Why The previous approach made README quickstart version drift break Renovate PRs, even though the README example is repository-specific. This change keeps the example small, keeps its version bumps automatic, and avoids pushing repo-local behavior into the shared preset. The follow-up Renovate change also keeps linter bumps batched into one Monday PR, including majors, so the repo gets one coordinated linter-update PR instead of split grouped PRs with generic titles. ## Validation - `renovate-config-validator --no-global .github/renovate.json5` - `cargo test repo_renovate_config_stays_aligned_with_shared_preset_contract -- --nocapture` - `cargo test readme_quickstart_tools_snippets_stay_current -- --nocapture` - `cargo test default_renovate_preset_covers_all_linter_tools_weekly` - `cargo test repo_renovate_config_stays_aligned_with_shared_preset_contract` - `mise run lint:fix`
zeitlinger
added a commit
that referenced
this pull request
May 1, 2026
Blocked by #253 ## Summary When Rust formatting is enabled, `flint init` now rewrites existing matching `.editorconfig` sections so Rust line length clearly defers to `rustfmt`. Previously an existing `[*.rs]` section with `max_line_length = 100` survived unchanged and could conflict with generated `rustfmt.toml` policy. ## Validation - `cargo fmt --check` - `cargo test init::tests::disable_editorconfig_line_length_for_patterns -- --nocapture` - `cargo test init::tests:: -- --nocapture` - `FLINT_CASES=general/init-rust cargo test cases -- --nocapture` - `git diff --check`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Validates GitHub-related environment at runtime for checks that need it, and moves check-specific setup/runtime behavior behind registry-owned check-type metadata.
Runtime behavior:
lycheeruns fail whenGITHUB_TOKENis missing, including--fullmode.renovate-depsruns fail when bothGITHUB_COM_TOKENandGITHUB_TOKENare missing.lycheeandrenovate-depsruns warn when token env is missing, instead of failing.--fulland non-CI runs do not require lychee PR link-remap metadata.renovate-depsforwardsGITHUB_TOKENto Renovate asGITHUB_COM_TOKENwhen needed.Registry/init refactor:
CheckTypeDeffor shared type-level behavior across multiple registry entries, such asbiomeandbiome-format.NativeCheck/PreparedNativeCheckpath andCheckKind::Native, replacing the older special-check model.flint initinvokes selected check-type init hooks once per check type.renovate-deps,rumdl,ryl,taplo,cargo-fmt,biome, andbiome-format.src/lintersmodules; the central init flow only builds context and invokes selected hooks.flint lintersstatus overrides, baseline triggers, non-verbose failure output normalization, missing toolchain component hints, and generated workflow setup needs.flint.tomlgets[checks.renovate-deps]whenrenovate-depsis selected; existing config is patched only to preserve migrated v1exclude_managersvalues.Also extracts shared CI/token env helpers and updates check-specific docs.
Validation
cargo fmt --checkcargo checkcargo test runner::cargo test init::cargo test flint_setupcargo test lycheecargo test renovate_depscargo test linters::envcargo test generate_cargo test readme_linter_table_in_synccargo test names_prefer_binary_or_native_commandcargo test linters_table_matches_fixture_without_fake_binscargo test linter_status_reports_no_binary_and_not_configuredcargo test adaptive_checks_declare_relevance_hookscargo test editorconfig_checker_json_is_optional_not_generated_baselineFLINT_CASES=general/init-rust cargo test casesFLINT_CASES=general/init-idempotent cargo test casesFLINT_CASES=general/fast-only-explicit-override cargo test casesFLINT_CASES=lychee/local-missing-token-warns cargo test casesFLINT_CASES=renovate-deps/ci-missing-token cargo test casesFLINT_CASES=renovate-deps/local-missing-token-warns cargo test casesFLINT_CASES=renovate-deps/fast-only-relevant cargo test casesFLINT_CASES=renovate-deps/fast-only-irrelevant cargo test casesgit diff --checkmise run lint:fix(cargo run -q --bin flint -- run --fix)Note: full
cargo testis not runnable in this local environment becauseregistry::tests::all_registry_binaries_foundrequires all registered linter binaries onPATH. Full E2E cases also need real external tools such asbiome,ruff,renovate,shfmt,ryl, andrumdl.