Skip to content

Improve CI infrastructure for pre-commit#2110

Merged
EliahKagan merged 2 commits into
gitpython-developers:mainfrom
EliahKagan:pre-commit-infra
Mar 9, 2026
Merged

Improve CI infrastructure for pre-commit#2110
EliahKagan merged 2 commits into
gitpython-developers:mainfrom
EliahKagan:pre-commit-infra

Conversation

@EliahKagan

@EliahKagan EliahKagan commented Mar 9, 2026

Copy link
Copy Markdown
Member

On CI, the pre-commit job has two shortcomings:

  • It runs on a machine far more powerful than necessary, since anything slow should not be done in pre-commit at all (since some developers may run pre-commit locally).
  • We've haven't been using any automated means of keeping the pre-commit hook versions up to date, and as a results some of them are quite old. This includes ruff. (There is an external integration that can keep pre-commit hooks up to date on GitHub, but it requires providing access to the repository to an external service. This is sometimes a tradeoff worth making, but it's one we've avoided doing here for this purpose, I think rightly.)

These have both become easier to address recently:

  • A lighter-weight ubuntu-slim runner is available. Running it on that should work as well and be as fast, and give an indication that we're doing too much in pre-commit if that is ever not the case. It also frees up an ubuntu-latest runner, potentially making CI finish slightly earlier in some PRs where there have been a lot of pushes.
  • Dependabot now supports pre-commit as a beta ecosystem, so it can keep them up to date. I've tested this in my fork; the resulting grouped PR looks like EliahKagan#5. It's not ideal that the ecosystem is still in beta, but I think it's worth using--and if it turns out to have bugs I haven't yet observed, then this is an oppportunity for me to report them.

This PR uses the ubuntu-slim runner to run pre-commit on CI, and enables Dependabot version updates for pre-commit hooks.

The `ubuntu-slim` runner is lighter weight, being a container
rather than using a whole VM, and having only one vCPU, less RAM,
and a 15 minute time limit. It's not suitable for most of our CI
jobs in GitPython, but it should work well for our `pre-commit`
checks. (If it doesn't, that's reason to suspect they might be
better removed from `pre-commit` and run in a different way.)

- https://github.blog/changelog/2026-01-22-1-vcpu-linux-runner-now-generally-available-in-github-actions/
- https://github.com/actions/runner-images/blob/main/images/ubuntu-slim/ubuntu-slim-Readme.md
- Add `pre-commit` as an ecosystem for Dependabot version updates,
  now that it is available as a beta ecosystem. Enable beta
  ecosystems to allow this.

- Group the updates and use a monthly cadence to avoid getting
  swamped by frequent automated PRs.

- It would be valuable in the future to Use a 7-day cooldown period
  rather than taking new versions immediately once released. (This
  may also be of value to developers who use `pre-commit` locally.)
  However, this doesn't do that, since the Dependabot ecosystem for
  `pre-commit` does not currently support `cooldown`.

- Use a less busy style (less unnecessary quoting) than was being
  used in `dependabot.yml` before, since this new stanza is more
  elaborate than before. Apply that style to the existing stanzas
  for consistency.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adjusts CI configuration to make the pre-commit lint job run on a lighter runner and enables Dependabot updates for pre-commit hook versions, keeping hook tooling (e.g., ruff) current without relying on external integrations.

Changes:

  • Switch lint workflow job runner from ubuntu-latest to ubuntu-slim.
  • Enable Dependabot beta ecosystems and add grouped monthly updates for pre-commit hooks.
  • Minor YAML normalization in Dependabot config (remove unnecessary quoting).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/lint.yml Moves the lint job to ubuntu-slim to reduce CI resource usage for pre-commit.
.github/dependabot.yml Enables beta ecosystems and adds pre-commit ecosystem updates grouped into a single PR.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@EliahKagan EliahKagan left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this PR (intentionally) does not upgrade any actual pre-commit hooks. Dependabot should open a PR to do that once this merges.

@EliahKagan EliahKagan marked this pull request as ready for review March 9, 2026 19:44
@EliahKagan EliahKagan merged commit 9e6954c into gitpython-developers:main Mar 9, 2026
31 checks passed
@EliahKagan EliahKagan deleted the pre-commit-infra branch March 9, 2026 19:45
736-c41-2c1-e464fc974 pushed a commit to Swiss-Armed-Forces/Loom that referenced this pull request Apr 27, 2026
This MR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [gitpython](https://github.com/gitpython-developers/GitPython) | dev | patch | `3.1.46` → `3.1.47` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/gitpython-developers/GitPython/badge)](https://securityscorecards.dev/viewer/?uri=github.com/gitpython-developers/GitPython) |

---

### Release Notes

<details>
<summary>gitpython-developers/GitPython (gitpython)</summary>

### [`v3.1.47`](https://github.com/gitpython-developers/GitPython/releases/tag/3.1.47): - with security fixes

[Compare Source](gitpython-developers/GitPython@3.1.46...3.1.47)

#### Advisories

- <GHSA-rpm5-65cw-6hj4>
- <GHSA-x2qx-6953-8485>

#### What's Changed

- Prepare next release by [@&#8203;Byron](https://github.com/Byron) in [#&#8203;2095](gitpython-developers/GitPython#2095)
- Bump git/ext/gitdb from `335c0f6` to `4c63ee6` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2096](gitpython-developers/GitPython#2096)
- DOC: README Add urls and updated a relative url by [@&#8203;Timour-Ilyas](https://github.com/Timour-Ilyas) in [#&#8203;2098](gitpython-developers/GitPython#2098)
- Fix GitConfigParser ignoring multiple \[include] path entries by [@&#8203;daniel7an](https://github.com/daniel7an) in [#&#8203;2100](gitpython-developers/GitPython#2100)
- Switch back from Alpine to Debian for WSL by [@&#8203;EliahKagan](https://github.com/EliahKagan) in [#&#8203;2108](gitpython-developers/GitPython#2108)
- Bump git/ext/gitdb from `4c63ee6` to `5c1b303` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2106](gitpython-developers/GitPython#2106)
- Run `gc.collect()` twice in `test_rename` on Python 3.12 by [@&#8203;EliahKagan](https://github.com/EliahKagan) in [#&#8203;2109](gitpython-developers/GitPython#2109)
- fix: guard AutoInterrupt terminate during interpreter shutdown by [@&#8203;lweyrich1](https://github.com/lweyrich1) in [#&#8203;2105](gitpython-developers/GitPython#2105)
- Improve CI infrastructure for pre-commit by [@&#8203;EliahKagan](https://github.com/EliahKagan) in [#&#8203;2110](gitpython-developers/GitPython#2110)
- Bump the pre-commit group with 5 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2111](gitpython-developers/GitPython#2111)
- Upgrade Sphinx for 3.14 support; drop doc build support on 3.8; test 3.14 by [@&#8203;EliahKagan](https://github.com/EliahKagan) in [#&#8203;2112](gitpython-developers/GitPython#2112)
- Fix `Repo.active_branch` resolution for reftable-backed repositories by [@&#8203;Copilot](https://github.com/Copilot) in [#&#8203;2114](gitpython-developers/GitPython#2114)
- docs: warn about GitDB performance with large commits by [@&#8203;mvanhorn](https://github.com/mvanhorn) in [#&#8203;2115](gitpython-developers/GitPython#2115)
- cmd: fix kwarg formatting in docstring example by [@&#8203;UweSchwaeke](https://github.com/UweSchwaeke) in [#&#8203;2117](gitpython-developers/GitPython#2117)
- Bump <https://github.com/astral-sh/ruff-pre-commit> from v0.15.5 to 0.15.8 in the pre-commit group by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2122](gitpython-developers/GitPython#2122)
- Add trailer support for commit creation by [@&#8203;Krishnachaitanyakc](https://github.com/Krishnachaitanyakc) in [#&#8203;2116](gitpython-developers/GitPython#2116)
- Harden commit trailer subprocess handling and align trailer I/O paths by [@&#8203;Copilot](https://github.com/Copilot) in [#&#8203;2125](gitpython-developers/GitPython#2125)
- git.cmd.Git.execute(..): fix `with_stdout=False` by [@&#8203;ngie-eign](https://github.com/ngie-eign) in [#&#8203;2126](gitpython-developers/GitPython#2126)
- Make sure that multi-options are checked after splitting them with `shlex` by [@&#8203;Byron](https://github.com/Byron) in [#&#8203;2130](gitpython-developers/GitPython#2130)
- Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 by [@&#8203;WesR](https://github.com/WesR) in [#&#8203;2131](gitpython-developers/GitPython#2131)

#### New Contributors

- [@&#8203;Timour-Ilyas](https://github.com/Timour-Ilyas) made their first contribution in [#&#8203;2098](gitpython-developers/GitPython#2098)
- [@&#8203;daniel7an](https://github.com/daniel7an) made their first contribution in [#&#8203;2100](gitpython-developers/GitPython#2100)
- [@&#8203;lweyrich1](https://github.com/lweyrich1) made their first contribution in [#&#8203;2105](gitpython-developers/GitPython#2105)
- [@&#8203;Copilot](https://github.com/Copilot) made their first contribution in [#&#8203;2114](gitpython-developers/GitPython#2114)
- [@&#8203;mvanhorn](https://github.com/mvanhorn) made their first contribution in [#&#8203;2115](gitpython-developers/GitPython#2115)
- [@&#8203;UweSchwaeke](https://github.com/UweSchwaeke) made their first contribution in [#&#8203;2117](gitpython-developers/GitPython#2117)
- [@&#8203;Krishnachaitanyakc](https://github.com/Krishnachaitanyakc) made their first contribution in [#&#8203;2116](gitpython-developers/GitPython#2116)
- [@&#8203;ngie-eign](https://github.com/ngie-eign) made their first contribution in [#&#8203;2126](gitpython-developers/GitPython#2126)
- [@&#8203;WesR](https://github.com/WesR) made their first contribution in [#&#8203;2131](gitpython-developers/GitPython#2131)

**Full Changelog**: <gitpython-developers/GitPython@3.1.46...3.1.47>

</details>

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZSJdfQ==-->

See merge request swiss-armed-forces/cyber-command/cea/loom!486

Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants