Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1387bd40fd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Pull request overview
This PR syncs CI/CD and developer tooling improvements from the SDK repo into this CLI repo, tightening dependency hygiene and adjusting Dependabot automation to avoid circular “actions update” auto-merges.
Changes:
- Adds a
tidy-checkgate (Makefile + CI) and updatesmake checkto include it andprovenance-check. - Adds local pre-commit hooks for
go mod tidy(commit) andgo test -short(pre-push). - Updates Dependabot scheduling and auto-merge policy; hardens golangci-lint config and tidies
go.mod.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Promotes github.com/spf13/pflag to a direct dependency to reflect actual imports. |
| Makefile | Adds tidy-check and includes it in check; updates help text accordingly. |
| .pre-commit-config.yaml | Introduces local hooks to enforce module tidiness and run short tests on pre-push. |
| .golangci.yml | Tweaks linter settings (errorlint relaxations, gosec exclusion, issue limits). |
| .github/workflows/test.yml | Adds a CI step to run make tidy-check. |
| .github/workflows/dependabot-auto-merge.yml | Changes auto-merge behavior to approve/enable auto-merge for patch+minor updates excluding GitHub Actions. |
| .github/dependabot.yml | Pins Dependabot schedule time/timezone and sets PR limits for predictability. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-actions
bot
added
enhancement
github-actions
bot
added
enhancement
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
CI is the safety gate — auto-merging action updates is circular since a broken update approves itself. Invert the policy to auto-merge patch+minor for all ecosystems except github_actions. The ecosystem name uses underscore (github_actions) because fetch-metadata derives it from the branch name, not dependabot.yml.
Pin schedule to 06:00 America/Chicago for predictable update timing. Set open-pull-requests-limit to 10 for both gomod and github-actions.
go-mod-tidy runs on commit to catch untidy modules before CI. go-test-short runs on push only to avoid slowing down commits. Uses files pattern instead of types: [go] so go.mod/go.sum-only changes also trigger the hooks. Adds default_install_hook_types so pre-commit install sets up both pre-commit and pre-push hooks.
Disable errorlint asserts/comparison checks — the CLI uses sentinel errors and type assertions like the SDK. Set max-issues-per-linter and max-same-issues to 0 so lint output is never silently truncated.
jeremy
force-pushed
the
ci/sdk-sync-round2
branch
from
b9a1fd2 to
4fd1a63
Compare
github-actions
bot
added
enhancement
jeremy
force-pushed
the
ci/sdk-sync-round2
branch
from
4fd1a63 to
fa9d231
Compare
github-actions
bot
added
enhancement
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add non-mutating tidy-check Makefile target that backs up go.mod/go.sum, runs go mod tidy, then verifies no diff — restoring originals on failure so make check never leaves the working tree dirty. Add both provenance-check and tidy-check to the check gate. Add tidy-check step to test.yml before unit tests. Fix pre-existing untidy go.mod (pflag was indirect but is directly imported).
jeremy
force-pushed
the
ci/sdk-sync-round2
branch
from
fa9d231 to
0d31901
Compare
github-actions
bot
added
enhancement
Summary
Port substantive SDK CI/CD improvements and close CLI gaps identified by thorough cross-repo comparison.
github_actionsopen-pull-requests-limit: 10go-mod-tidyon commit,go-test-shorton push. Usesfilespattern (nottypes: [go]) so go.mod/go.sum-only changes trigger hooks.default_install_hook_typesensures pre-push is installed automaticallyerrorlintrelaxations (asserts/comparison),issuesblock to prevent silent truncationtidy-checkto CI gate — new Makefile target +test.ymlstep, backs up go.mod/go.sum and restores on failure somake checknever leaves the working tree dirty. Fix pre-existing untidy go.mod (pflag was indirect but directly imported)make check— now includesprovenance-checkandtidy-checkTest plan
golangci-lint run ./...— 0 issuesmake check— full gate passes (includes new provenance-check + tidy-check)golangci-lint config verify— config schema valid