dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago • verified publisher icon dependabot

Support pre-commit

Open klane opened this issue 5 years ago • 14 comments

First off thank you for Dependabot! I am using it in several repos and am very happy with the results.

I use pre-commit in my CI to run various hooks for linting files. A typical .pre-commit-config.yaml file might look like:

repos:
  - repo: https://github.com/psf/black
    rev: 19.10b0
    hooks:
      - id: black
        language_version: python3.7
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v2.4.0
    hooks:
      - id: flake8
      - id: end-of-file-fixer
      - id: mixed-line-ending
      - id: trailing-whitespace

While there are hooks for multiple languages, pre-commit itself is written in Python. Could Dependabot's Python support be updated to include pre-commit? The CLI already has an autoupdate command to update versions in the config file. Individual hooks can be updated with the --repo flag.

klane avatar Nov 20 '19 18:11 klane

Duplicate of https://github.com/dependabot/feedback/issues/839.

hugovk avatar May 17 '20 15:05 hugovk

@hugovk You say this is a duplicate of https://github.com/dependabot/feedback/issues/839, but in that ticket, you also say that it is a duplicate of this one. Which one is the source of truth?

bachya avatar May 17 '20 17:05 bachya

https://www.google.com/search?q=recursion

sfdye avatar May 20 '20 00:05 sfdye

As mentioned in https://github.com/dependabot/dependabot-core/issues/2040 already, this issue isn't exactly the same as #2040.

This one here is about getting support for pre-commit hook/repos version updates (similar to pre-commit autoupdate).

While #2040 is asking for additional_dependencies sections within .pre-commit-config.yaml get updated just like setup.py and requirements.txt do.

slafs avatar Nov 02 '20 13:11 slafs

Any news on this?

BeyondEvil avatar Dec 13 '20 13:12 BeyondEvil

@BeyondEvil The pre-commit updates can be achieved via https://pre-commit.ci/

nijel avatar Dec 13 '20 13:12 nijel

@BeyondEvil The pre-commit updates can be achieved via https://pre-commit.ci/

Thanks @nijel! I guess I can try to sync so dependabot and pre-commit runs the same time.

BeyondEvil avatar Dec 13 '20 13:12 BeyondEvil

Any news on this?

Currently not on our roadmap. I'd suggest (for now at least) setting up an action (or any other CI job really) that runs after Dependabot that does any of this linting. We may revisit this in the future, but that's my best suggestion.

PS: If you decide to go this route, you may want to configure that action/ci job to commit using the [dependabot skip] tag, as that will ensure Dependabot will still automatically rebase/recreate the PR.

jurre avatar Dec 23 '20 13:12 jurre

Sad to hear that you don't work on this. Here is a work-around: https://browniebroke.com/blog/gh-action-pre-commit-autoupdate/

guettli avatar Feb 05 '21 08:02 guettli

@jurre we're coming up on the two-year anniversary since your update and passed 3 years since this was first filed. Is this on the current roadmap or should everyone just use external tools for pre-commit dependency management? Thanks!

JacobCallahan avatar Nov 28 '22 21:11 JacobCallahan

https://github.com/browniebroke/pre-commit-autoupdate-action

eggplants avatar Jan 24 '23 00:01 eggplants

What's the current status of this issue? It would be amazing to have Dependabot support pre-commit configurations, as an alternative to pre-commit.ci.

EwoutH avatar Oct 30 '23 14:10 EwoutH

It would be of great help to have this. Are there any plans to implement it?

jorenham avatar Mar 07 '24 15:03 jorenham