Conversation
There was a problem hiding this comment.
Pull request overview
Adds a pre-commit hook definition to let developers run apm audit --ci locally via pre-commit/prek, shifting audit failures earlier in the workflow.
Changes:
- Introduces a new
.pre-commit-hooks.yamlhook (apm_audit) that runsapm audit --ci. - Configures hook triggering via a
filesregex and disables filename passing (pass_filenames: false).
| .claude/.*| | ||
| .cursor/.*| | ||
| .github/agents/.*| | ||
| .github/instructions/.*| | ||
| .github/hooks/.*| |
There was a problem hiding this comment.
The default files list omits some APM-managed locations that are part of supported targets (notably .github/skills/ and .codex/). With the current regex, edits in those directories will not trigger apm audit --ci, which reduces the value of the hook for detecting drift in deployed assets. Consider adding those prefixes (or narrowing the description above so it matches the actual default behavior).
| .claude/.*| | |
| .cursor/.*| | |
| .github/agents/.*| | |
| .github/instructions/.*| | |
| .github/hooks/.*| | |
| .claude/.*| | |
| .codex/.*| | |
| .cursor/.*| | |
| .github/agents/.*| | |
| .github/instructions/.*| | |
| .github/hooks/.*| | |
| .github/skills/.*| |
|
@microsoft-github-policy-service agree |
|
It occurs to me that this might be done more slickly. For example, one error that can occur is |
... for shifting-left `apm audit` runs to developers who use [pre-commit](https://pre-commit.com/) or [prek](https://prek.j178.dev/). Please note prose in the `description` attribute. My choices with the files multiline regex may need extension to every `target` apm supports. Users can use the hook by pasting: ```yaml repos: ... - repo: https://github.com/microsoft/apm rev: {some tag or sha} hooks: id: apm_audit ``` ... into their `.pre-commit-config.yaml`. They can override any attribute in `-hooks` within their user-side config, which is how come I'm not overly concerned by the files regex being incomplete w.r.t. each supported `target`. I turned `pass_filenames` off because the command does not receive filenames as positional args (pre-commit will, as standard, pass a list of files to every hook; that list may be filtered to only contain the files changed in a given diff, to optimise runtime). Background docs: https://pre-commit.com/#new-hooks (I also noticed that `apm audit --help` suggests the command is just for finding hidden Unicode characters; that sounds stale given what else the command seems to do)
a0339ab to
b0a9d56
Compare
Description
... for shifting-left
apm auditruns to developers who use pre-commit or prek.Please note prose in the
descriptionattribute. My choices with the files multiline regex may need extension to everytargetapm supports.Users can use the hook by pasting:
... into their
.pre-commit-config.yaml. They can override any attribute in-hookswithin their user-side config, which is how come I'm not overly concerned by the files regex being incomplete w.r.t. each supportedtarget.I turned
pass_filenamesoff because the command does not receive filenames as positional args (pre-commit will, as standard, pass a list of files to every hook; that list may be filtered to only contain the files changed in a given diff, to optimise runtime).Background docs: https://pre-commit.com/#new-hooks
(I also noticed that
apm audit --helpsuggests the command is just for finding hidden Unicode characters; that sounds stale given what else the command seems to do)Type of change
Testing
`prek run apm_audit --all-files` - entry fires correctly and hook failed where my tree's apm deps was unclean
hook fires when a change to `apm.yml` (`files` regex match) is staged
All existing tests pass
n/a - no code changes
Added tests for new functionality (if applicable)
n/a - no code changes