Skip to content

test(ci): add assertion for uv lock refresh step in CI workflow#303

Merged
ichoosetoaccept merged 2 commits intomainfrom
fix/ci-test-lockfile-refresh-step
Apr 12, 2026
Merged

test(ci): add assertion for uv lock refresh step in CI workflow#303
ichoosetoaccept merged 2 commits intomainfrom
fix/ci-test-lockfile-refresh-step

Conversation

@ichoosetoaccept
Copy link
Copy Markdown
Member

@ichoosetoaccept ichoosetoaccept commented Apr 12, 2026

Closes #

@ichoosetoaccept
Copy link
Copy Markdown
Member Author

ichoosetoaccept commented Apr 12, 2026
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

@greptile-apps
Copy link
Copy Markdown

greptile-apps bot commented Apr 12, 2026
edited
Loading

Greptile Summary

This PR adds a test asserting that the CI prek job refreshes uv.lock before running hooks (follow-up to #302), and separately pins GitHub Actions in docs.yml.jinja to commit SHAs for supply-chain security. Both previous review concerns — exact-match assertion and ordering verification — were addressed in d7e17e0.

Confidence Score: 5/5

Safe to merge — no P0/P1 issues; all previous review concerns have been addressed.

Both iterations of feedback from prior review rounds were incorporated in d7e17e0: the assertion uses "run: uv lock " (exact, newline-terminated) to prevent false positives from --frozen/--locked variants, and the ordering check lock_idx < prek_idx is in place. The SHA-pinning in docs.yml.jinja is correct security hygiene. No remaining findings rise above P2.

No files require special attention.

Important Files Changed

Filename Overview
tests/test_template.py Adds test_ci_prek_refreshes_lockfile: checks run: uv lock\n (exact, newline-terminated) and verifies it appears before j178/prek-action; previous review concerns fully addressed.
project/.github/workflows/docs.yml.jinja Pins all five GitHub Actions steps to full commit SHAs with version comments; good supply-chain hardening for generated projects.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[CI prek job triggered] --> B[actions/checkout]
    B --> C[astral-sh/setup-uv]
    C --> D["run: uv lock\n(Refresh lockfile)"]
    D --> E[j178/prek-action\nSKIP: no-commit-to-main,pytest-testmon,lychee,uv-lock]

    subgraph Test["test_ci_prek_refreshes_lockfile"]
        T1["assert 'run: uv lock\n' in content"]
        T2["lock_idx = content.index('run: uv lock')"]
        T3["prek_idx = content.index('j178/prek-action')"]
        T4["assert lock_idx < prek_idx"]
        T1 --> T2 --> T3 --> T4
    end

    D -.verified by.-> Test
Loading

Reviews (3): Last reviewed commit: "fix(ci): pin GitHub Actions in docs.yml ..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 12, 2026
View reviewed changes
@ichoosetoaccept ichoosetoaccept force-pushed the fix/ci-test-lockfile-refresh-step branch from 534e294 to d7e17e0 Compare April 12, 2026 20:12
@ichoosetoaccept ichoosetoaccept merged commit 87b38f0 into main Apr 12, 2026
6 checks passed
@ichoosetoaccept ichoosetoaccept deleted the fix/ci-test-lockfile-refresh-step branch April 12, 2026 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ichoosetoaccept