perf(ci): move slow pre-push hooks to CI and split into Lint/Security workflows#720
Merged
perf(ci): move slow pre-push hooks to CI and split into Lint/Security workflows#720
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files🚀 New features to boost your workflow:
|
Disable deadcode, golangci-lint, govulncheck, and osv-scanner from pre-push hooks (they remain defined but with enable=false) and run them as independent CI jobs via a nix-tools matrix using cachix/install-nix-action and nix run. go-generate-check stays in pre-push. Also adds a run-golangci-lint nix app and updates the pre-commit CI step to use --from-ref/--to-ref for diff-only checking instead of --all-files. closes #718 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move lint jobs (deadcode, golangci-lint, pre-commit) into lint.yml and security jobs (govulncheck, osv-scanner, trufflehog, CodeQL) into security.yml. Simplify CodeQL to build-mode: none (no build step needed) and drop its weekly cron schedule. CI workflow retains test, benchmarks, nix build, docs, and semantic release. closes #718 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Go's CodeQL extractor does not support build-mode: none. Restore the manual build mode with setup-go and explicit go build step, matching the original codeql.yml configuration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cpcloud
force-pushed
the
worktree-sharded-spinning-scroll
branch
from
85e34a0 to
20e43a8
Compare
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out |
Replace the nix-lint and nix-security matrix strategies with standalone jobs. Two entries don't justify the indirection of a matrix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cpcloud
changed the title
cpcloud
added a commit
that referenced
this pull request
Mar 19, 2026
… workflows (#720) ## Summary - Disable `deadcode`, `golangci-lint`, `govulncheck`, and `osv-scanner` from pre-push hooks (`enable = false`) so they no longer block `git push` - Keep `go-generate-check` as the sole remaining pre-push hook - Add `run-golangci-lint` nix app; the other three already existed - Update `run-pre-commit` nix app to accept optional args (defaults to `--all-files`, supports `--from-ref`/`--to-ref` passthrough) - Split CI into three focused workflows: - **CI** (`ci.yml`) — test matrix, benchmarks, nix build, docs, semantic release - **Lint** (`lint.yml`) — deadcode, golangci-lint, pre-commit (diff-only on PRs) - **Security** (`security.yml`) — govulncheck, osv-scanner, trufflehog, CodeQL - Merge `codeql.yml` into `security.yml`, simplify to `build-mode: none`, drop cron schedule closes #718 --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
deadcode,golangci-lint,govulncheck, andosv-scannerfrom pre-push hooks (enable = false) so they no longer blockgit pushgo-generate-checkas the sole remaining pre-push hookrun-golangci-lintnix app; the other three already existedrun-pre-commitnix app to accept optional args (defaults to--all-files, supports--from-ref/--to-refpassthrough)ci.yml) — test matrix, benchmarks, nix build, docs, semantic releaselint.yml) — deadcode, golangci-lint, pre-commit (diff-only on PRs)security.yml) — govulncheck, osv-scanner, trufflehog, CodeQLcodeql.ymlintosecurity.yml, simplify tobuild-mode: none, drop cron schedulecloses #718