Skip to content

Autoupdate inconsistency #2366

Closed
Closed
Autoupdate inconsistency#2366
@tspearconquest

Description

@tspearconquest
tspearconquest
opened on Apr 27, 2022

describe your issue

2 days ago when I ran pre-commit autoupdate on one of my projects, the pre-commit hook repo https://github.com/crate-ci/typos was updated to a rev string with a completely different pattern than what we had been using

We were using v1.5.0 and attempting to upgrade to v1.7.1, but pre-commit picked typos-v0.9.1.
Today when I ran pre-commit autoupdate on a different project, the same repo was updated to typos-dict-v0.8.1.

The v1.7.1, typos-v0.9.1, and typos-dict-v0.8.1 releases were made on the same date and have the same commit hash, but could have different contents depending on how the CI that built it was designed. For my case, all 3 releases appear to be identical, but this could be used in malicious ways because of the unpredictability.

If I picked v1.5.0 as my rev string, I don't want pre-commit autoupdate to change the format of that (just update to the highest version which matches the same pattern), unless the owners of the hook repo tell pre-commit they have changed the format of the version string intentionally somehow, or they decide to stop publishing updates for an old format and tell users to manually change to the new format in order to continue receiving updates to the hook. In other words, changing version string pattern should be a breaking change and users should have notice about it. It should not be changed arbitrarily by pre-commit autoupdate.

The repo I mentioned above published 3 releases on the same day with the same commit hash but different names, and the official Github Release version is v1.7.1 as evidenced here: https://api.github.com/repos/crate-ci/typos/releases/latest so my goal with this issue is to get pre-commit to stick with the format already in use in my local .pre-commit-config.yml or at the very least check against the official release API from Github for the right version string to use when updating the hooks.

pre-commit --version

pre-commit 2.18.1

.pre-commit-config.yaml

repos:
- repo: https://github.com/crate-ci/typos
  rev: v1.5.0
  hooks:
  - id: typos
- repo: https://github.com/pre-commit/pre-commit-hooks
  rev: v4.1.0
  hooks:
  - id: check-added-large-files
  - id: check-shebang-scripts-are-executable
  - id: check-json
  - id: pretty-format-json
    args:
    - --autofix
  - id: check-merge-conflict
  - id: check-symlinks
  - id: destroyed-symlinks
  - id: check-yaml
  - id: detect-private-key
  - id: trailing-whitespace
  - id: end-of-file-fixer
  - id: check-docstring-first
  - id: debug-statements
  - id: fix-byte-order-marker
  - id: mixed-line-ending
  - id: requirements-txt-fixer
- repo: https://github.com/gruntwork-io/pre-commit
  rev: v0.1.17 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
  hooks:
  - id: tflint
    args:
    - "--module"
    - "--config=.tflint.hcl"
  - id: terraform-validate
  - id: terraform-fmt
  - id: shellcheck
- repo: https://github.com/antonbabenko/pre-commit-terraform
  rev: v1.62.3 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
  hooks:
  - id: terraform_tfsec
    args:
    - >
      --args=--no-color
  - id: terraform_docs
  - id: checkov
- repo: https://github.com/Checkmarx/kics
  rev: 'v1.5.0' # change to correct tag or sha
  hooks:
  - id: kics
    entry: kics scan --config .kics-config.yaml
- repo: https://github.com/golangci/golangci-lint
  rev: 'v1.43.0'
  hooks:
  - id: golangci-lint
    entry: golangci-lint run --fast -v --enable-all -D wsl

~/.cache/pre-commit/pre-commit.log (if present)

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions