Support pre-commit

[klane]

First off thank you for Dependabot! I am using it in several repos and am very happy with the results.

I use pre-commit in my CI to run various hooks for linting files. A typical .pre-commit-config.yaml file might look like:

repos:
  - repo: https://github.com/psf/black
    rev: 19.10b0
    hooks:
      - id: black
        language_version: python3.7
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v2.4.0
    hooks:
      - id: flake8
      - id: end-of-file-fixer
      - id: mixed-line-ending
      - id: trailing-whitespace

While there are hooks for multiple languages, pre-commit itself is written in Python. Could Dependabot's Python support be updated to include pre-commit? The CLI already has an autoupdate command to update versions in the config file. Individual hooks can be updated with the --repo flag.

[hugovk]

Duplicate of https://github.com/dependabot/feedback/issues/839.

[bachya]

@hugovk You say this is a duplicate of https://github.com/dependabot/feedback/issues/839, but in that ticket, you also say that it is a duplicate of this one. Which one is the source of truth?

[sfdye]

https://www.google.com/search?q=recursion

[slafs]

As mentioned in https://github.com/dependabot/dependabot-core/issues/2040 already, this issue isn't exactly the same as #2040.

This one here is about getting support for pre-commit hook/repos version updates (similar to pre-commit autoupdate).

While #2040 is asking for additional_dependencies sections within .pre-commit-config.yaml get updated just like setup.py and requirements.txt do.

[BeyondEvil]

Any news on this?

[nijel]

@BeyondEvil The pre-commit updates can be achieved via https://pre-commit.ci/

[BeyondEvil]

@BeyondEvil The pre-commit updates can be achieved via https://pre-commit.ci/

Thanks @nijel! I guess I can try to sync so dependabot and pre-commit runs the same time.

[jurre]

Any news on this?

Currently not on our roadmap. I'd suggest (for now at least) setting up an action (or any other CI job really) that runs after Dependabot that does any of this linting. We may revisit this in the future, but that's my best suggestion.

PS: If you decide to go this route, you may want to configure that action/ci job to commit using the [dependabot skip] tag, as that will ensure Dependabot will still automatically rebase/recreate the PR.

[guettli]

Sad to hear that you don't work on this. Here is a work-around: https://browniebroke.com/blog/gh-action-pre-commit-autoupdate/

[JacobCallahan]

@jurre we're coming up on the two-year anniversary since your update and passed 3 years since this was first filed. Is this on the current roadmap or should everyone just use external tools for pre-commit dependency management? Thanks!

[eggplants]

https://github.com/browniebroke/pre-commit-autoupdate-action

[EwoutH]

What's the current status of this issue? It would be amazing to have Dependabot support pre-commit configurations, as an alternative to pre-commit.ci.

[jorenham]

It would be of great help to have this. Are there any plans to implement it?

[wyardley]

side note that Renovate does have (experimental, but very functional) support for pre-commit: https://docs.renovatebot.com/modules/manager/pre-commit/

It would be nice if dependabot supported it as well, especially for cases where a tool has both a pre-commit hook and a version in some versioned thing that dependabot does support.