Current tagging strategy does not work well with pre-commit autoupdate

[benbridts]

Currently the readme points users to install the pre-commit hook like this:

repos:
  - repo: https://github.com/aws-cloudformation/cloudformation-guard
    rev: pre-commit-v0.0.1
# [...]

however, when running pre-commit autoupdate, this becomes (today)

repos:
  - repo: https://github.com/aws-cloudformation/cloudformation-guard
    rev: action-v0.0.4
# [...]

because pre-commit autoupdate "update[s] to latest tag on [the] default branch".

This means, that depending on what happened latest, it might update to:

• the latest release of the guard rust code (e.g tag 3.1.1)
• the latest release of the github action (e.g tag action-v0.0.4)
• the latest release of the pre-commit hook (e.g tag pre-commit-v0.0.1).

It would be better if there was one release tag for all three systems, if they stay in one repository.

(note: there might be a similar problem with the github action and dependabot, I have not looked into how that determines when updates are needed. See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)

[dannyvassallo]

Thanks for this! Will look into this.

[dannyvassallo]

@benbridts Working on a more robust solution so there's no burden on the user but I have 2 proposed solutions for you immediately if this is bringing you pain. I'll look into the impact on dependabot and the action also.

1. You should be able to freeze the dependencies using a hash with the --freeze param during autoupdate. Setting the hash manually may solve your problem.
2. You can leverage the pre-commit-update hook and make an exclusion for the hook. Once done you can allow the hooks to update themselves instead of running autoupdate (assuming this meets your use case). This hook was made specifically to make pre-commit autoupdate more versatile.

For example:

repos:
-   repo: https://gitlab.com/vojko.pribudic.foss/pre-commit-update
    rev: v0.3.3post1
    hooks:
    -   id: pre-commit-update
        args: [--exclude, cfn-guard]
-   repo: https://github.com/aws-cloudformation/cloudformation-guard
    rev: pre-commit-v0.0.1
    hooks:
    -   id: cfn-guard
        args:
        -   --operation=validate
        -   --rules=guard/resources/validate/rules-dir/
        files: ^guard/resources/validate/data-dir/.*
    -   id: cfn-guard
        args:
        -   --operation=test
        -   --dir=pre_commit_hooks_tests/resources/
        files: ^pre_commit_hooks_tests/resources.*

[benbridts]

@dannyvassallo Thanks! I'm currently okay with the rev: being weird in my config file (or changing it back manually), as the commit history is pretty linear

[dannyvassallo]

Closing this for now - added the suggested solutions to the readme. Thanks for calling this out @benbridts !

[dmanthing]

hey @dannyvassallo, @benbridts

1) for exclusions (and most of the other options inside pre-commit-update) you have to use REPO_URL_TRIM, not the hook id.

```
-   repo: https://gitlab.com/vojko.pribudic.foss/pre-commit-update
    rev: v0.3.3post1
    hooks:
    -   id: pre-commit-update
       args: [--exclude, cloudformation-guard]
```

So, setting the `--exclude` to `cloudformation-guard` instead of `cfn-guard` would be the correct way to do this :)

2) I just released pre-commit-update 0.5.0 and it now supports custom tag prefix schema:

```
-   repo: https://gitlab.com/vojko.pribudic.foss/pre-commit-update
    rev: v0.5.0
    hooks:
    -   id: pre-commit-update
        args: [--tag-prefix, cloudformation-guard, pre-commit-v]
```

This should now display:

```
✘ cloudformation-guard - pre-commit-v0.0.1 -> pre-commit-v0.0.2
Changes detected
```

As, in my case, I set the `rev` to `pre-commit-v0.0.1`.

Anyway, thanks for making use of pre-commit-update

[dannyvassallo]

@dmanthing Awesome! Thanks for this and thanks for the great work on pre-commit-update!