Skip to content

[CI] Add manual pre-commit hook to validate the dependabot config#12932

Open
jbampton wants to merge 1 commit intoapache:mainfrom
jbampton:add-dependabot-validation
Open

[CI] Add manual pre-commit hook to validate the dependabot config#12932
jbampton wants to merge 1 commit intoapache:mainfrom
jbampton:add-dependabot-validation

Conversation

@jbampton
Copy link
Copy Markdown
Member

@jbampton jbampton commented Mar 31, 2026

https://www.npmjs.com/package/@bugron/validate-dependabot-yaml

refs #12930

Description

This PR adds another check or test to our pre-commit framework.

refs apache/sedona#2793

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Ran the manual hooks with pre-commit"

pre-commit run --all-files --hook-stage manual

Ran the standard pre-commit hooks:

pre-commit run --all-files

How did you try to break this feature and the system with this change?

@jbampton
Copy link
Copy Markdown
Member Author

jbampton commented Mar 31, 2026

@blueorangutan package

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Mar 31, 2026

@jbampton a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 31, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.02%. Comparing base (7eea9ed) to head (505b1cb).

Additional details and impacted files 
@@            Coverage Diff            @@
##               main   #12932   +/-   ##
=========================================
  Coverage     18.02%   18.02%           
- Complexity    16464    16465    +1     
=========================================
  Files          5973     5973           
  Lines        537466   537466           
  Branches      65991    65991           
=========================================
+ Hits          96853    96855    +2     
+ Misses       429690   429689    -1     
+ Partials      10923    10922    -1
Flag Coverage Δ
uitests 3.52% <ø> (ø)
unittests 19.18% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Mar 31, 2026

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17309

@DaanHoogland DaanHoogland requested a review from Copilot March 31, 2026 13:16
@DaanHoogland
Copy link
Copy Markdown
Contributor

DaanHoogland commented Mar 31, 2026

@jbampton , I have found dependabot to be generally useless in this repo (works fine in the website repo). Will this improve the updates as well?

Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a manual pre-commit hook to validate the repository’s Dependabot configuration, helping catch invalid .github/dependabot.yml changes before they’re committed.

Changes:

  • Introduces a new local, manual-stage pre-commit hook to validate .github/dependabot.yml via @bugron/validate-dependabot-yaml.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.pre-commit-config.yaml
Comment on lines +38 to +39
entry: npx @bugron/validate-dependabot-yaml@0.3.3
language: system
Copy link

Copilot AI Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using language: system with an npx ...@0.3.3 entry makes this hook depend on whatever Node/npm/npx happens to be installed on the developer machine (and may not run at all if npx isn’t available/in PATH). To make the manual hook reproducible and cross-platform, configure it as a language: node hook with additional_dependencies: ['@bugron/validate-dependabot-yaml@0.3.3'] and set entry to the installed CLI (so pre-commit manages the Node environment and caching).

Suggested change
entry: npx @bugron/validate-dependabot-yaml@0.3.3
language: system
entry: validate-dependabot-yaml
language: node
additional_dependencies: ['@bugron/validate-dependabot-yaml@0.3.3']

Copilot uses AI. Check for mistakes.
@jbampton jbampton mentioned this pull request Mar 31, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jbampton @blueorangutan @DaanHoogland