Skip to content

chore(pre-commit): add renovate-config-validator hook (PC-015)#32

Open
williaby wants to merge 1 commit into
mainfrom
chore/pc015-add-renovate-config-validator-hook
Open

chore(pre-commit): add renovate-config-validator hook (PC-015)#32
williaby wants to merge 1 commit into
mainfrom
chore/pc015-add-renovate-config-validator-hook

Conversation

@williaby

@williaby williaby commented May 24, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds the renovate-config-validator pre-commit hook to fulfill PC-015 of the standards manifest. The hook is pinned via additional_dependencies: ["renovate@42.92.14"] to match the homelab self-hosted Renovate server version.

Why the version pin matters

Default npx renovate-config-validator resolves to v43+, which silently accepts invalid manager identifiers (e.g. "uv"). The homelab Renovate server runs v42.92.14 and rejects them. Pinning the validator to the same version is what makes the hook actually catch the trap documented in feedback_renovate_uv_manager_trap.md.

Lockstep upgrade

When the homelab Renovate image is bumped to a new major version, this pin must be updated in lockstep across every repo. PC-015 in docs/standards-manifest.yaml is the source of truth.

Validation

  • Existing renovate.json was validated against renovate@42.92.14 before this PR was opened; config is clean.
  • Only .pre-commit-config.yaml is modified.
  • Signed commit; no bypass flags.

Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated development configuration validation tools and dependencies to enhance the development infrastructure.

Review Change Stack

Copilot AI review requested due to automatic review settings May 24, 2026 21:10
@coderabbitai

coderabbitai Bot commented May 24, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@williaby, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 8 minutes and 26 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 79f181c3-f133-45ee-bbf9-f5a6a0ecd716

📥 Commits

Reviewing files that changed from the base of the PR and between 2077d26 and 3a4515e.

📒 Files selected for processing (1)
  • .pre-commit-config.yaml
📝 Walkthrough

Walkthrough

This PR adds the Renovate config validator to the pre-commit hook pipeline. A new hook from renovatebot/pre-commit-hooks is registered with a pinned revision and explicit renovate@42.92.14 dependency to validate Renovate configuration files at commit time.

Changes

Renovate Hook Setup

Layer / File(s) Summary
Renovate config validator hook
.pre-commit-config.yaml
Registered renovatebot/pre-commit-hooks repository and enabled renovate-config-validator hook with pinned revision and explicit renovate@42.92.14 dependency.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit hops with glee so bright,
Adding hooks to pre-commit's might,
Renovate's checker stands on guard,
Validating configs, never hard,
Validation blooms where changes start! 🐰✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: adding a renovate-config-validator hook to the pre-commit configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/pc015-add-renovate-config-validator-hook

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented May 24, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Renovate config validation pre-commit hook so Renovate configuration issues can be caught locally, with the validator runtime pinned to match the homelab Renovate server version.

Changes:

  • Add renovate-config-validator hook from renovatebot/pre-commit-hooks.
  • Pin the hook’s runtime Renovate package via additional_dependencies to renovate@42.92.14.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .pre-commit-config.yaml
rev: 2a27c9fda39c7c05bc7488a10920c7700979c263 # v43.150.0
hooks:
- id: renovate-config-validator
additional_dependencies: ["renovate@42.92.14"]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 3a4515e: added stages: [pre-commit] to the renovate-config-validator hook so it matches every other hook in the file.

Comment thread .pre-commit-config.yaml Outdated
Comment on lines +39 to +42
rev: 2a27c9fda39c7c05bc7488a10920c7700979c263 # v43.150.0
hooks:
- id: renovate-config-validator
additional_dependencies: ["renovate@42.92.14"]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in 3a4515e: the version split is intentional (the v43+ validator silently accepts invalid manager IDs like uv that the v42 homelab server rejects, so the v42 runtime pin is what makes the hook catch the trap). Rather than aligning the versions, I added an inline NOTE comment above the hook explaining that rev pins the wrapper repo while additional_dependencies pins the runtime, why they must differ, and the lockstep-upgrade obligation (PC-015). Also annotated the rev comment as "wrapper only; runtime pinned below".

@williaby

Copy link
Copy Markdown
Contributor Author

PR Review

CI is fully green and the SonarCloud quality gate passed. One hard blocker and a couple of maintainability items.

🔴 Critical — merge blocked

  • Branch conflicts with main (mergeable_state: dirty, behind by 2, rebaseable: false). main appended a TIER 2 ruff block to the tail of .pre-commit-config.yaml while this branch appended the renovate block to the same spot. Fix: git merge origin/main, keep both hook blocks, push.

🟠 Important

  • Split versioning hazard at .pre-commit-config.yaml#L39: rev … # v43.150.0 pins the hook-wrapper repo to v43 while additional_dependencies: ["renovate@42.92.14"] pins the validator runtime to v42. This is intentional and correct (v43+ silently accepts invalid manager IDs; v42 catches the trap), but the file has no inline comment saying so — a future maintainer is likely to "align" the versions and silently break trap detection. Add a clarifying # comment referencing the PC-015 lockstep-upgrade rationale. (Matches Copilot review comment.)

🟡 Suggested

  • Missing stages: [pre-commit] on the renovate hook (L41). Functionally harmless (default_install_hook_types: [pre-commit]), but every other hook sets it explicitly. (Matches Copilot review comment.)

Positive: rev is correctly SHA-pinned with a tag annotation, and the PR body thoroughly documents the version-pin trap and lockstep-upgrade obligation.

🤖 Generated with Claude Code

Pins renovate-config-validator to renovate@42.92.14, the homelab
self-hosted Renovate server version. Default npx renovate-config-validator
resolves to v43+ which accepts invalid manager identifiers like "uv";
a v42-pinned validator is required to catch the trap documented in
feedback_renovate_uv_manager_trap.md.

When the homelab Renovate image bumps to a new major, this pin must
be updated in lockstep across all repos. Tracking: PC-015 in
docs/standards-manifest.yaml.
@williaby williaby force-pushed the chore/pc015-add-renovate-config-validator-hook branch from 2077d26 to 3a4515e Compare May 29, 2026 04:24
@williaby

Copy link
Copy Markdown
Contributor Author

PR Fix Summary

Resolved all findings from the review. Branch rebased onto main and force-pushed (3a4515e).

Merge conflict (Critical): Rebased onto main. The conflict was a trivial both-sides-append in .pre-commit-config.yaml (main added the TIER 2 ruff block; this branch added the renovate block). Resolved by keeping both. PR is now mergeable with linear history.

Review comments (both Copilot threads addressed):

  • Added stages: [pre-commit] to the renovate-config-validator hook for consistency with every other hook.
  • Added an inline NOTE explaining the deliberate rev (wrapper v43) vs additional_dependencies (runtime v42) split, why the versions must not be aligned, and the PC-015 lockstep-upgrade obligation. Annotated the rev comment accordingly.

Verification (local):

  • pre-commit run renovate-config-validator --all-files -> Passed (installed renovate@42.92.14, validated renovate.json).
  • All Tier 1 hygiene hooks pass on the changed file; YAML valid; no em-dash; no conflict markers.

CI re-run triggered by the push.

🤖 Generated with Claude Code

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants