Skip to content

HYPERFLEET-1315 - chore: scope golangci-lint hook findings to changed lines only#68

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift-hyperfleet:mainfrom
pnguyen44:HYPERFLEET-1315
Jul 2, 2026
Merged

HYPERFLEET-1315 - chore: scope golangci-lint hook findings to changed lines only#68
openshift-merge-bot[bot] merged 1 commit into
openshift-hyperfleet:mainfrom
pnguyen44:HYPERFLEET-1315

Conversation

@pnguyen44

@pnguyen44 pnguyen44 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

HYPERFLEET-1315

Scope the golangci-lint Claude Code hook to only report findings on changed lines, so pre-existing lint issues don't block Claude.

Changes

  • Only report lint issues on lines changed since the last commit
  • Ensure brand-new files are fully linted (all lines treated as new)
  • Fall back to full-package linting when no git baseline exists
  • Differentiate error messages based on scoping mode
  • Bump plugin version to 0.2.0
  • Update README and AGENTS.md

Testing

  1. Commit a file with a pre-existing lint issue (e.g., line > 120 chars)
  2. Have Claude edit a different line in the same file
  3. Verify the hook does NOT block on the pre-existing issue
  4. Have Claude introduce a new lint issue on a changed line
  5. Verify the hook DOES block with only that issue shown
  6. Have Claude create a brand-new .go file with a lint issue
  7. Verify the hook DOES block with the issue shown

@openshift-ci openshift-ci Bot requested review from crizzo71 and tirthct July 1, 2026 15:37
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

hyperfleet-hooks is updated to version 0.2.0 in the manifest and inventory. lint-go.sh now branches on git HEAD availability, optionally stages an untracked file with git add -N, and runs golangci-lint with --new-from-rev=HEAD or full-package linting. README.md and AGENTS.md are updated to match the new version and lint behavior; the Boundaries spacing change is markdown-only.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: scoping golangci-lint hook findings to changed lines only.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed PASS: no slog/logr/zap/fmt.Print* statements with token/password/credential/secret in changed non-test files; docs-only token mention, so no CWE-532 issue.
No Hardcoded Secrets ✅ Passed No hardcoded secrets found; only version/docs/script changes, with no apiKey/secret/token/password literals, credential URLs, or long base64 blobs (CWE-798/CWE-321).
No Weak Cryptography ✅ Passed Touched files are README/JSON/shell only; no crypto imports/primitives, ECB, SHA1-for-security, or secret comparisons found. CWE-327/CWE-208 not triggered.
No Injection Vectors ✅ Passed PASS: No CWE-78/89/79/502 patterns in touched files; shell hook uses quoted args and no exec.Command, SQL, template.HTML, or yaml.Unmarshal.
No Privileged Containers ✅ Passed Changed files are hook/docs/plugin metadata only; no K8s/OpenShift manifests or Dockerfiles, and repo scan found no privileged, hostPID/Network/IPC, SYS_ADMIN, or root settings.
No Pii Or Sensitive Data In Logs ✅ Passed No CWE-532 issue found: touched files contain only generic docs and a hook that logs linter status/output, not PII, request bodies, session IDs, or credentials.
Description check ✅ Passed The description matches the hook scoping, version bump, and README/AGENTS updates in the changeset.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
hyperfleet-hooks/README.md (1)

17-17: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Doc doesn't flag the untracked-file gap.

Docs state the hook runs after a file is "edited or created" and only reports "lines changed since the last commit." As raised in lint-go.sh, that guarantee doesn't actually hold for newly-created (untracked) files under --new-from-rev=HEAD — they'll get zero lint feedback instead of falling back cleanly. Once the root-cause fix in lint-go.sh lands, update this line to reflect actual behavior for new files.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hyperfleet-hooks/README.md` at line 17, Update the README wording for the
golangci-lint hook to match the real behavior for newly created untracked Go
files; the current “edited or created” and “lines changed since the last commit”
description is too strong for the `lint-go.sh` flow. Adjust the hook description
in `README.md` so it accurately reflects the `lint-go.sh` behavior after the
root-cause fix, especially around fallback and coverage for new files, using the
hook’s linting step as the reference point.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hyperfleet-hooks/hooks/lint-go.sh`:
- Around line 31-44: The lint-go.sh logic around USE_NEW_FROM_REV and LINT_ARGS
should account for untracked .go files, since --new-from-rev=HEAD can miss
brand-new files that are not yet in git diff. Update the flow near the
rev-parse/--new-from-rev setup to detect untracked paths under LINT_DIR and
either stage them with git add -N before running golangci-lint or disable the
diff-scoped flag for that run. Keep the fix localized to the lint argument
assembly so existing behavior for tracked files remains unchanged.

---

Duplicate comments:
In `@hyperfleet-hooks/README.md`:
- Line 17: Update the README wording for the golangci-lint hook to match the
real behavior for newly created untracked Go files; the current “edited or
created” and “lines changed since the last commit” description is too strong for
the `lint-go.sh` flow. Adjust the hook description in `README.md` so it
accurately reflects the `lint-go.sh` behavior after the root-cause fix,
especially around fallback and coverage for new files, using the hook’s linting
step as the reference point.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 37475303-aaf9-4a6a-8eb8-c5e8164d0240

📥 Commits

Reviewing files that changed from the base of the PR and between 15df83b and 01a488c.

📒 Files selected for processing (4)
  • AGENTS.md
  • hyperfleet-hooks/.claude-plugin/plugin.json
  • hyperfleet-hooks/README.md
  • hyperfleet-hooks/hooks/lint-go.sh
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)

Comment thread hyperfleet-hooks/hooks/lint-go.sh
@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved label Jul 2, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 5d436b5 into openshift-hyperfleet:main Jul 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants