Skip to content

Add pre-commit configuration file compatible with Trunk.io #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add pre-commit configuration file compatible with Trunk.io #13

wants to merge 3 commits into from

Conversation

Copilot
Copy link

@Copilot Copilot AI commented Oct 8, 2025
edited
Loading

Overview

This PR adds a comprehensive .pre-commit-config.yaml file that integrates seamlessly with the existing Trunk.io setup in the repository. Pre-commit hooks provide automated code quality checks before commits, helping maintain consistent code standards across contributions.

What's Included

1. Pre-commit Configuration (.pre-commit-config.yaml)

A fully configured pre-commit setup with 6 repositories and 16 hooks:

Python Tools:

  • Ruff v0.4.1 - Fast Python linting and formatting (replaces Black, isort, flake8)
  • Bandit 1.7.8 - Security vulnerability scanning with project-specific config

Code Formatting:

  • Prettier v3.1.0 - Formats YAML, JSON, and Markdown files consistently
  • yamllint v1.35.1 - YAML linting using existing .trunk/configs/.yamllint.yaml
  • markdownlint v0.39.0 - Markdown linting using existing .trunk/configs/.markdownlint.yaml

Standard Checks (v5.0.0):

  • Large file detection, case conflicts, merge conflict markers
  • YAML/JSON/TOML syntax validation
  • End-of-file and trailing whitespace fixers
  • Private key detection

2. GitHub Actions Workflow (.github/workflows/pre-commit.yml)

Automated pre-commit checks run on:

  • All pull requests
  • Pushes to the main branch

This ensures code quality standards are maintained in CI/CD pipelines.

3. Documentation Updates

Added a comprehensive "Development Setup" section to CONTRIBUTING.md with:

  • Step-by-step installation instructions
  • Usage examples for manual runs
  • Complete list of configured hooks
  • Integration notes with Trunk.io

Trunk.io Compatibility

This configuration is designed to work alongside Trunk.io, not replace it:

✅ Hook versions match those in .trunk/trunk.yaml
✅ Reuses existing Trunk configuration files
✅ Properly excludes test cassettes from linting
✅ TruffleHog and Commitlint commented out (handled by Trunk.io actions)
✅ Compatible with existing Trunk.io pre-commit and pre-push actions

Usage

Contributors can enable pre-commit hooks with:

pip install pre-commit
pre-commit install

Hooks will automatically run on every commit. Manual runs are also supported:

# Check all files
pre-commit run --all-files

# Check specific files
pre-commit run --files src/diffbot_kg/models.py

Benefits

  • Catches issues early - Before commits reach CI/CD
  • Consistent code quality - Automated formatting and linting
  • Security scanning - Detects secrets and vulnerabilities
  • Easy to use - Simple setup, automatic execution
  • CI/CD integration - Automated checks on all PRs

Closes #[issue_number]

Original prompt

This section details on the original issue you should resolve

<issue_title>Create a pre-commit YAML configuration file, compable with Trunk.io if possible</issue_title>
<issue_description></issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #12

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@trunk-io Trunk.io
Copy link

trunk-io bot commented Oct 8, 2025

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

@trunk-io Trunk.io
Copy link

trunk-io bot commented Oct 8, 2025

Running Code Quality on PRs by uploading data to Trunk will soon be removed. You can still run checks on your PRs using trunk-action - see the migration guide for more information.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 8, 2025
View reviewed changes
.github/workflows/pre-commit.yml
Comment on lines +11 to +17
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: "3.12"
- uses: pre-commit/[email protected]

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 days ago

To fix the problem, you should add a permissions block that restricts the GITHUB_TOKEN permissions to the minimum required. For most pre-commit/CHECK-type jobs that only need to read repository code, setting permissions: contents: read suffices, unless the workflow specifically needs to write to pull requests or issues (which it does not appear to from the provided actions). The recommended approach is to add this permissions block at the workflow level (just after the name: and before on:), so it applies to all jobs unless otherwise specified. You should insert:

permissions:
  contents: read

at line 3, pushing the on: and subsequent lines down. No import or variable definition is necessary; just a change to the YAML structure.

Suggested changeset 1
.github/workflows/pre-commit.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -1,5 +1,7 @@
 # Workflow for running pre-commit checks
 name: Pre-commit
+permissions:
+  contents: read
 
 on:
   pull_request:
EOF
@@ -1,5 +1,7 @@
# Workflow for running pre-commit checks
name: Pre-commit
permissions:
contents: read

on:
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

@Copilot Copilot AI changed the title [WIP] Add pre-commit YAML configuration file for Trunk.io Add pre-commit configuration file compatible with Trunk.io Oct 8, 2025
@Copilot Copilot AI requested a review from brendancsmith October 8, 2025 19:15
Copilot finished work on behalf of brendancsmith October 8, 2025 19:15
@brendancsmith brendancsmith marked this pull request as ready for review October 10, 2025 06:32
Copilot finished work on behalf of brendancsmith October 10, 2025 06:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendancsmith brendancsmith Awaiting requested review from brendancsmith

Assignees

@brendancsmith brendancsmith

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Create a pre-commit YAML configuration file, compable with Trunk.io if possible

2 participants

@Copilot @brendancsmith