From 2d4296fb4822b4411401b661ae8337ffbfbba289 Mon Sep 17 00:00:00 2001 From: Techassi Date: Mon, 23 Feb 2026 14:12:52 +0100 Subject: [PATCH 1/4] feat: Add run-prek action --- .scripts/actions/install_prek.sh | 21 +++++ README.md | 1 + run-prek/README.md | 51 ++++++++++++ run-prek/action.yaml | 131 +++++++++++++++++++++++++++++++ 4 files changed, 204 insertions(+) create mode 100755 .scripts/actions/install_prek.sh create mode 100644 run-prek/README.md create mode 100644 run-prek/action.yaml diff --git a/.scripts/actions/install_prek.sh b/.scripts/actions/install_prek.sh new file mode 100755 index 0000000..d55d4f3 --- /dev/null +++ b/.scripts/actions/install_prek.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -euo pipefail +[ -n "$GITHUB_DEBUG" ] && set -x + +ARCH=$(uname -m) + +echo "::group::Install prek" +mkdir /tmp/prek + +if [ "$PREK_VERSION" == "latest" ]; then + curl -fsSL -o /tmp/prek/prek.tar.gz "https://github.com/j178/prek/releases/latest/download/prek-${ARCH}-unknown-linux-gnu.tar.gz" +else + curl -fsSL -o /tmp/prek/prek.tar.gz "https://github.com/j178/prek/releases/download/${PREK_VERSION}/prek-${ARCH}-unknown-linux-gnu" +fi + +tar --directory="/tmp/prek" -zxvf /tmp/prek/prek.tar.gz prek +sudo install -m 755 -t /usr/local/bin /tmp/prek/prek + +prek --version +echo "::endgroup::" diff --git a/README.md b/README.md index fd1af60..19257d3 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ particular step in a workflow. - [run-integration-test](./run-integration-test/README.md) - [run-openshift-preflight](./run-openshift-preflight/README.md) - [run-pre-commit](./run-pre-commit/README.md) +- [run-prek](./run-prek/README.md) - [send-slack-notification](./send-slack-notification/README.md) - [setup-k8s-tools](./setup-k8s-tools/README.md) - [setup-tools](./setup-tools/README.md) diff --git a/run-prek/README.md b/run-prek/README.md new file mode 100644 index 0000000..20ee0ac --- /dev/null +++ b/run-prek/README.md @@ -0,0 +1,51 @@ +# `run-prek` + +> Manifest: [run-prek/action.yml][run-prek] + +This action sets up the prek tool, and additional tools required for various hooks. It then runs +prek against the changed files. This actions expects checkouts with depth 0. It does the following +work: + +1. Installs prek in the specified version. +2. Optionally sets up the Rust toolchain, Hadolint, and Nix. +3. Runs prek on changed files. + +Example usage (workflow): + +```yaml +--- +name: prek + +on: + pull_request: + +jobs: + prek: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout + with: + fetch-depth: 0 + submodules: recursive + - uses: stackabletech/actions/run-prek +``` + +## Inputs and Outputs + +> [!TIP] +> For descriptions of the inputs and outputs, see the complete [run-prek] action. + +### Inputs + +- `prek-version` (defaults to `latest`) +- `rust` (eg: `1.80.1`. Disabled if not specified) +- `rust-components` (defaults to `rustfmt,clippy`) +- `hadolint` (eg: `v2.12.0`. Disabled if not specified) +- `nix` (eg: `2.25.2`. Disabled if not specified) +- `nix-github-token` (eg: `secrets.GITHUB_TOKEN`. Required when `nix` is set) + +### Outputs + +None + +[run-prek]: ./action.yaml diff --git a/run-prek/action.yaml b/run-prek/action.yaml new file mode 100644 index 0000000..34c398b --- /dev/null +++ b/run-prek/action.yaml @@ -0,0 +1,131 @@ +--- +name: Run prek +description: | + This action sets up the prek tool, and additional tools required for various + hooks. It then runs prek against the changed files. This actions expects + checkouts with depth 0. + +inputs: + # See https://github.com/j178/prek/releases for latest version + prek-version: + description: prek version to install + default: latest + rust: + description: Whether to install the Rust toolchain (and which version to use) + rust-components: + description: | + Override which Rust components are installed. Only takes effect when Rust + is installed. + default: rustfmt,clippy + hadolint: + description: Whether to install hadolint (and which version to use) + nix: + description: Whether to install nix (and which version to use) + nix-github-token: + description: | + The GitHub token is used by Nix to pull from GitHub with higher rate-limits. Required when + the 'nix' input is used. + jinja2-cli: + description: Whether to install jinja2-cli (and which version to use) + +runs: + using: composite + steps: + # Immediately abort without setting up any other tooling to avoid unnecessary workflow runtime. + - name: Abort if nix-github-token input is not set + if: inputs.nix && !inputs.nix-github-token + shell: bash + run: | + echo "nix-github-token input must be set when nix input is set" + exit 1 + + - name: Setup nix + if: inputs.nix + uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0 + with: + github_access_token: ${{ inputs.nix-github-token }} + install_url: https://releases.nixos.org/nix/nix-${{ inputs.nix }}/install + + - name: Install prek (${{ env.PRE_COMMIT_VERSION }}) + shell: bash + env: + PREK_VERSION: ${{ inputs.prek-version }} + GITHUB_DEBUG: ${{ runner.debug }} + run: "$GITHUB_ACTION_PATH/../.scripts/actions/install_prek.sh" + + # This caches downloaded prek hook artifacts and results in faster + # workflow runs after an initial hydration run with the exact same hooks + - name: Setup prek Cache + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + with: + path: ~/.cache/prek + key: prek-${{ inputs.prek-version }}-${{ hashFiles('.pre-commit-config.yaml') }} + + - name: Format Rust Toolchain Cache Key + if: ${{ inputs.rust }} + shell: bash + env: + RUST_COMPONENTS: ${{ inputs.rust-components }} + run: | + RUST_COMPONENTS=${RUST_COMPONENTS//,/_} + echo "RUST_COMPONENTS=$RUST_COMPONENTS" | tee -a "$GITHUB_ENV" + + - name: Setup Rust Toolchain Cache + id: rust-toolchain-cache + if: ${{ inputs.rust }} + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + with: + path: ~/.rustup/toolchains + key: rust-toolchains-${{ inputs.rust }}-components-${{ env.RUST_COMPONENTS }} + + - name: Setup Rust Toolchain + uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 + if: ${{ inputs.rust && steps.rust-toolchain-cache.outputs.cache-hit != 'true' }} + with: + toolchain: ${{ inputs.rust }} + components: ${{ inputs.rust-components }} + + - name: Setup Rust Cache + if: ${{ inputs.rust }} + uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 + + # TODO (@Techassi): Move this into a script + - name: Install Hadolint + if: ${{ inputs.hadolint }} + shell: bash + env: + HADOLINT_VERSION: ${{ inputs.hadolint }} + run: | + set -euo pipefail + + LOCATION_DIR="$HOME/.local/bin" + LOCATION_BIN="$LOCATION_DIR/hadolint" + + SYSTEM=$(uname -s) + ARCH=$(uname -m) + + mkdir -p "$LOCATION_DIR" + curl -sL -o "$LOCATION_BIN" "https://github.com/hadolint/hadolint/releases/download/${HADOLINT_VERSION}/hadolint-$SYSTEM-$ARCH" + chmod 700 "$LOCATION_BIN" + + echo "$LOCATION_DIR" | tee -a "$GITHUB_PATH" + + - name: Install jinja2-cli + if: ${{ inputs.jinja2-cli }} + shell: bash + env: + JINJA2_CLI_VERSION: ${{ inputs.jinja2-cli }} + run: pip install jinja2-cli==${JINJA2_CLI_VERSION} + + - name: Run prek + shell: bash + env: + BASE_SHA: ${{ github.event.pull_request.base.sha }} + HEAD_SHA: ${{ github.event.pull_request.head.sha }} + run: | + prek run \ + --verbose \ + --show-diff-on-failure \ + --color always \ + --from-ref "$BASE_SHA" \ + --to-ref "$HEAD_SHA" From 36620bd1849ec1508e00a4ed43ab9c3e93a6c0ba Mon Sep 17 00:00:00 2001 From: Techassi Date: Mon, 23 Feb 2026 14:13:15 +0100 Subject: [PATCH 2/4] ci: Use new prek action instead of pre-commit action --- .github/workflows/{pr_pre-commit.yml => pr_prek.yml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename .github/workflows/{pr_pre-commit.yml => pr_prek.yml} (81%) diff --git a/.github/workflows/pr_pre-commit.yml b/.github/workflows/pr_prek.yml similarity index 81% rename from .github/workflows/pr_pre-commit.yml rename to .github/workflows/pr_prek.yml index 1c9eca3..435bb84 100644 --- a/.github/workflows/pr_pre-commit.yml +++ b/.github/workflows/pr_prek.yml @@ -1,5 +1,5 @@ --- -name: pre-commit +name: prek on: pull_request: @@ -7,7 +7,7 @@ on: permissions: {} jobs: - pre-commit: + prek: runs-on: ubuntu-latest steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 @@ -15,4 +15,4 @@ jobs: persist-credentials: false submodules: recursive fetch-depth: 0 - - uses: ./run-pre-commit + - uses: ./run-prek From 5bb5dbe9f2147c338763e00d1629e06ca97f1f8a Mon Sep 17 00:00:00 2001 From: Techassi Date: Mon, 23 Feb 2026 14:19:26 +0100 Subject: [PATCH 3/4] chore(run-prek): Adjust download script --- .scripts/actions/install_prek.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.scripts/actions/install_prek.sh b/.scripts/actions/install_prek.sh index d55d4f3..10eb647 100755 --- a/.scripts/actions/install_prek.sh +++ b/.scripts/actions/install_prek.sh @@ -8,13 +8,14 @@ ARCH=$(uname -m) echo "::group::Install prek" mkdir /tmp/prek +# TODO (@Techassi): Verify checksum if [ "$PREK_VERSION" == "latest" ]; then curl -fsSL -o /tmp/prek/prek.tar.gz "https://github.com/j178/prek/releases/latest/download/prek-${ARCH}-unknown-linux-gnu.tar.gz" else curl -fsSL -o /tmp/prek/prek.tar.gz "https://github.com/j178/prek/releases/download/${PREK_VERSION}/prek-${ARCH}-unknown-linux-gnu" fi -tar --directory="/tmp/prek" -zxvf /tmp/prek/prek.tar.gz prek +tar --directory="/tmp/prek" --strip-components=1 -zxvf /tmp/prek/prek.tar.gz "prek-${ARCH}-unknown-linux-gnu/prek" sudo install -m 755 -t /usr/local/bin /tmp/prek/prek prek --version From 4a83c5c1068cdbab167e8fa893b76d6ef1187940 Mon Sep 17 00:00:00 2001 From: Techassi Date: Mon, 23 Feb 2026 14:23:10 +0100 Subject: [PATCH 4/4] chore: Adjust update_readme_list script --- .scripts/local/update_readme_list.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.scripts/local/update_readme_list.sh b/.scripts/local/update_readme_list.sh index 81483e1..60c31b4 100755 --- a/.scripts/local/update_readme_list.sh +++ b/.scripts/local/update_readme_list.sh @@ -2,7 +2,7 @@ set -euo pipefail -AUTO_GENERATED_COMMENT="autogenerated by $0" +AUTO_GENERATED_COMMENT="autogenerated by .scripts/local/update_readme_list.sh" LIST_TMP=$(mktemp) echo "" >> "$LIST_TMP"