Skip to content

Second round SDK CI/CD sync + exceed #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jeremy merged 5 commits into from
Feb 28, 2026
Merged

Second round SDK CI/CD sync + exceed #167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b4fdfee
Fix dependabot auto-merge: exclude actions, include all other ecosystems
jeremy Feb 28, 2026
0919d49
Add schedule time/timezone and PR limit to dependabot config
jeremy Feb 28, 2026
7260eba
Add go-mod-tidy and go-test-short pre-commit hooks
jeremy Feb 28, 2026
d64bb30
Add errorlint relaxations and issues block to golangci config
jeremy Feb 28, 2026
0d31901
Add tidy-check target and strengthen make check gate
jeremy Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ updates:
schedule:
interval: weekly
day: monday
time: "06:00"
timezone: America/Chicago
open-pull-requests-limit: 10
groups:
go-dependencies:
patterns:
Expand All @@ -27,6 +30,9 @@ updates:
schedule:
interval: weekly
day: monday
time: "06:00"
timezone: America/Chicago
open-pull-requests-limit: 10
groups:
github-actions:
patterns:
Expand Down
27 changes: 16 additions & 11 deletions .github/workflows/dependabot-auto-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,27 @@ jobs:
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Auto-merge patch updates
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --squash "$PR_URL"
# CI is the safety gate — auto-merging action updates is circular.
- name: Approve patch and minor updates (excluding actions)
if: >-
(
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
steps.metadata.outputs.update-type == 'version-update:semver-minor'
) &&
steps.metadata.outputs.package-ecosystem != 'github_actions'
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Auto-merge minor github-actions updates
- name: Enable auto-merge for patch and minor updates (excluding actions)
if: >-
steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
steps.metadata.outputs.package-ecosystem == 'github_actions'
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --squash "$PR_URL"
(
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
steps.metadata.outputs.update-type == 'version-update:semver-minor'
) &&
steps.metadata.outputs.package-ecosystem != 'github_actions'
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3 changes: 3 additions & 0 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ jobs:
- name: Check SDK provenance
run: make provenance-check

- name: Check module tidiness
run: make tidy-check

- name: Check naming (no stale legacy references)
run: make check-naming

Expand Down
8 changes: 8 additions & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ linters:
- fieldalignment # Too noisy for minimal gains
- shadow # Too noisy - variable shadowing is common in Go

errorlint:
asserts: false
comparison: false

gosec:
excludes:
- G104 # Unhandled errors (covered by errcheck)
Expand Down Expand Up @@ -133,3 +137,7 @@ linters:
- text: "G117:|G703:|G704:"
linters:
- gosec

issues:
max-issues-per-linter: 0
max-same-issues: 0
21 changes: 20 additions & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# Pre-commit hooks for Basecamp CLI
# Install: pip install pre-commit && pre-commit install
# Install: pip install pre-commit && pre-commit install --install-hooks
# https://pre-commit.com

default_install_hook_types: [pre-commit, pre-push]

repos:
- repo: https://github.com/golangci/golangci-lint
rev: v2.1.6
Expand All @@ -14,6 +16,23 @@ repos:
hooks:
- id: gitleaks

- repo: local
hooks:
- id: go-mod-tidy
name: go mod tidy
entry: bash -c 'go mod tidy && git diff --exit-code go.mod go.sum'
language: system
pass_filenames: false
files: '(\.go$|go\.mod$|go\.sum$)'

- id: go-test-short
name: go test -short
entry: bash -c 'BASECAMP_NO_KEYRING=1 go test -short ./...'
language: system
pass_filenames: false
files: '(\.go$|go\.mod$|go\.sum$)'
stages: [pre-push]

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
Expand Down
23 changes: 21 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,24 @@ lint:
tidy:
$(GOMOD) tidy

# Verify go.mod/go.sum are tidy (CI gate)
# Restores original files on any failure so the check is non-mutating.
.PHONY: tidy-check
tidy-check:
@set -e; cp go.mod go.mod.tidycheck; cp go.sum go.sum.tidycheck; \
restore() { mv go.mod.tidycheck go.mod; mv go.sum.tidycheck go.sum; }; \
if ! $(GOMOD) tidy; then \
restore; \
echo "'go mod tidy' failed. Restored original go.mod/go.sum."; \
exit 1; \
fi; \
if ! git diff --quiet -- go.mod go.sum; then \
restore; \
echo "go.mod/go.sum are not tidy. Run 'make tidy' and commit the result."; \
exit 1; \
fi; \
rm -f go.mod.tidycheck go.sum.tidycheck

# Verify dependencies
.PHONY: verify
verify:
Expand All @@ -250,7 +268,7 @@ install:

# Run all checks (local CI gate)
.PHONY: check
check: fmt-check vet lint test test-e2e check-naming check-surface
check: fmt-check vet lint test test-e2e check-naming check-surface provenance-check tidy-check

# Generate CLI surface snapshot (validates binary produces valid output)
.PHONY: check-surface
Expand Down Expand Up @@ -366,7 +384,8 @@ help:
@echo " fmt Format code"
@echo " fmt-check Check code formatting"
@echo " lint Run golangci-lint"
@echo " check Run all checks (fmt-check, vet, lint, test, test-e2e)"
@echo " tidy-check Verify go.mod/go.sum are tidy"
@echo " check Run all checks (local CI gate)"
@echo " check-surface Generate CLI surface snapshot (validates --help --agent output)"
@echo " check-surface-diff Compare CLI surface snapshots (fails on removals)"
@echo ""
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ require (
github.com/gofrs/flock v0.13.0
github.com/mattn/go-runewidth v0.0.19
github.com/spf13/cobra v1.10.2
github.com/spf13/pflag v1.0.9
github.com/stretchr/testify v1.11.1
github.com/zalando/go-keyring v0.2.6
golang.org/x/sys v0.40.0
Expand Down Expand Up @@ -59,7 +60,6 @@ require (
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/spf13/pflag v1.0.9 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
github.com/yuin/goldmark v1.7.8 // indirect
github.com/yuin/goldmark-emoji v1.0.5 // indirect
Expand Down
Loading