ci: Comment on PRs with the diff from the pre-commit hooks

.github/workflows/lint.yaml

@@ -3,6 +3,10 @@ name: Lint Charts
 on:
   pull_request:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number }}
+  cancel-in-progress: true
+
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -11,17 +15,30 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v3
+        with:
+          fetch-depth: 0
 
       - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # pin@v4
         with:
           python-version: 3.12
 
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # pin@v3
-        with:
-          go-version: ^1
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # [email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch "${{ github.event.pull_request.base.ref }}")
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
 
-      - name: Setup helm-docs
-        run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
+      - name: "Add NGINX Ingress and Bitnami Repository"
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx"
+          helm repo update
 
-      - name: Run pre-commit
-        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # [email protected]
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --config ct.yaml --target-branch "${{ github.event.pull_request.base.ref }}"

.github/workflows/pre-commit-comment.yaml

@@ -0,0 +1,143 @@
+name: Pre-commit Comment
+
+on:
+  workflow_run:
+    workflows: ["Pre-commit"]
+    types:
+      - completed
+
+jobs:
+  comment:
+    name: Comment on PR
+    runs-on: ubuntu-latest
+    # Only run if the pre-commit workflow completed (not necessarily succeeded)
+    if: github.event.workflow_run.event == 'pull_request'
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Download artifact
+        id: download
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        continue-on-error: true
+        with:
+          name: pre-commit-diff
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Check artifact and extract PR number
+        id: extract
+        if: steps.download.outcome == 'success'
+        run: |
+          if [ -f pr-number.txt ]; then
+            echo "PR_NUMBER=$(cat pr-number.txt)" >> $GITHUB_OUTPUT
+            echo "HAS_DIFF=true" >> $GITHUB_OUTPUT
+          else
+            echo "HAS_DIFF=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Get PR number from workflow run
+        id: pr-number
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            // Try to get PR number from artifact first, otherwise from the workflow run
+            let prNumber = ${{ steps.extract.outputs.PR_NUMBER || 'null' }};
+
+            if (!prNumber) {
+              // Get PR number from the workflow run event
+              const headRepo = context.payload.workflow_run.head_repository.owner.login;
+              const headBranch = context.payload.workflow_run.head_branch;
+
+              console.log(`Looking for PR with head: ${headRepo}:${headBranch}`);
+
+              const { data: pullRequests } = await github.rest.pulls.list({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                state: 'open',
+                head: `${headRepo}:${headBranch}`,
+              });
+
+              if (pullRequests.length > 0) {
+                prNumber = pullRequests[0].number;
+                console.log(`Found PR #${prNumber} for branch ${headBranch}`);
+              } else {
+                console.log('No open PR found for this workflow run');
+                console.log('This might be a push to a non-PR branch, skipping comment workflow');
+                return;
+              }
+            }
+
+            core.setOutput('number', prNumber);
+
+      - name: Delete previous pre-commit failure comments
+        if: steps.pr-number.outputs.number
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            const prNumber = ${{ steps.pr-number.outputs.number }};
+
+            // Get all comments on the PR
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+
+            console.log(`Found ${comments.length} total comments on PR #${prNumber}`);
+
+            // Filter comments created by github-actions bot that contain our marker
+            const botComments = comments.filter(comment => {
+              const isBot = comment.user.login === 'github-actions[bot]';
+              const hasMarker = comment.body && comment.body.includes('⚠️ Pre-commit Hook Failures');
+              if (isBot && hasMarker) {
+                console.log(`Found matching comment ${comment.id} to delete`);
+              }
+              return isBot && hasMarker;
+            });
+
+            console.log(`Found ${botComments.length} pre-commit failure comment(s) to delete`);
+
+            // Delete each matching comment
+            for (const comment of botComments) {
+              console.log(`Deleting comment ${comment.id}`);
+              await github.rest.issues.deleteComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: comment.id,
+              });
+            }
+
+            console.log(`Successfully deleted ${botComments.length} previous pre-commit failure comment(s).`);
+
+      - name: Post comment
+        if: steps.extract.outputs.HAS_DIFF == 'true'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            const fs = require('fs');
+            const prNumber = ${{ steps.pr-number.outputs.number }};
+            const diff = fs.readFileSync('diff.txt', 'utf8');
+
+            const body = `## ⚠️ Pre-commit Hook Failures
+
+            <details>
+            <summary>View diff</summary>
+
+            \`\`\`diff
+            ${diff}
+            \`\`\`
+
+            </details>
+
+            Please apply the above diff in your PR branch (or run \`pre-commit run --all-files\` locally) and push the changes.
+
+            For more information on pre-commit, see the [pre-commit documentation](https://pre-commit.com/#install).`;
+
+            await github.rest.issues.createComment({
+              issue_number: prNumber,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
+
+            console.log('Successfully posted PR comment with diff.');

.github/workflows/pre-commit.yaml

@@ -0,0 +1,64 @@
+name: Pre-commit
+
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number }}
+  cancel-in-progress: true
+
+jobs:
+  pre-commit:
+    name: Pre-commit
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # pin@v4
+        with:
+          python-version: 3.12
+
+      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # pin@v3
+        with:
+          go-version: ^1
+
+      - name: Setup helm-docs
+        run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
+
+      - name: Run pre-commit
+        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # [email protected]
+        continue-on-error: true  # Don't fail immediately; we'll handle it below
+        with:
+          extra_args: --verbose --all-files --show-diff-on-failure
+
+      - name: Check for changes after pre-commit
+        id: diff-checker
+        run: |
+          echo "CHANGED=$(if git diff --quiet; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT
+
+      - name: Save diff and PR metadata
+        if: ${{ steps.diff-checker.outputs.CHANGED == 'true' }}
+        run: |
+          mkdir -p ./pr-comment
+          git diff > ./pr-comment/diff.txt
+          echo "${{ github.event.number }}" > ./pr-comment/pr-number.txt
+          echo "Pre-commit hooks made changes. See diff artifact."
+
+      - name: Upload diff artifact
+        if: ${{ steps.diff-checker.outputs.CHANGED == 'true' }}
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
+        with:
+          name: pre-commit-diff
+          path: pr-comment/
+          retention-days: 1
+
+      - name: Fail if changes were made
+        if: ${{ steps.diff-checker.outputs.CHANGED == 'true' }}
+        run: |
+          echo "::error::Pre-commit hooks made changes. Please review the diff in the PR comment and apply the fixes."
+          exit 1

.github/workflows/test.yml

@@ -3,6 +3,10 @@ name: Test Charts
 on:
   pull_request:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number }}
+  cancel-in-progress: true
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -24,19 +28,28 @@ jobs:
       - name: Set up chart-testing
         uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # [email protected]
 
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch "${{ github.event.pull_request.base.ref }}")
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: "Add NGINX Ingress and Bitnami Repository"
+        if: steps.list-changed.outputs.changed == 'true'
         run: |
           helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx"
           helm repo update
 
-      - name: Run chart-testing (lint)
-        run: ct lint --config ct.yaml
-
       - name: Create KIND Cluster
+        if: steps.list-changed.outputs.changed == 'true'
         uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # [email protected]
 
       - name: Install Ingress Controller
+        if: steps.list-changed.outputs.changed == 'true'
         run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false"
 
       - name: Run chart-testing (install)
-        run: ct install --config ct-install.yaml
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --config ct-install.yaml --target-branch "${{ github.event.pull_request.base.ref }}"