INF-1484/fix: stop swallowing pre-commit hook failures#24
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request modifies action.yaml to capture the exit code of the pre-commit run by disabling immediate exit on error (set +e) and removing continue-on-error: true. It also ensures the final status reporting step fails loud if the exit code is missing. However, a critical issue was identified: because the last command in the pre-commit step (echo) always succeeds, the step's outcome will always be evaluated as 'success'. This causes the subsequent step to mistakenly post a "Pre-commit success" comment on the PR even when hooks fail. A fix was suggested to determine the outcome using the captured EXIT_CODE instead of the step outcome.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
The python-modules refactor (#21) dropped the set +e exit-code capture: under the composite shell's bash -e, a hook failure aborted the step before EXIT_CODE was written, continue-on-error masked the step failure, and the report step ran exit '' which succeeds. Every hook failure since has reported green. Restore the capture with -e disabled, drop the now-pointless continue-on-error, and make the report step fail loud if the exit code is ever missing.
brtkwr
force-pushed
the
inf-1484-fix-exit-code
branch
from
6e13cc7 to
e5a5ee2
Compare
1 participant
Context
Spotted on workflow-portal#120: prettier failed inside the action's log ("files were modified by this hook") but the
pre-commitcheck reported success. The INF-1484 python-modules refactor (#21) replaced the oldset +eexit-code capture with:Composite
shell: bashruns with-e, so a hook failure aborts the step beforeEXIT_CODEis written;continue-on-error: truemasks the step failure; and the report step then runsexit '', which is exit 0. Every consumer's pre-commit check has reported green regardless of hook failures since #21 merged.Changes
set +e(as the pre-INF-1484/feat: extract inline shell to Python modules + add pytest #21 shell did), soEXIT_CODEis always written.continue-on-error: true- the step can no longer fail spuriously, and keeping it would mask real infra errors (e.g. uvx unavailable).exit ${{ steps.pre-commit.outputs.EXIT_CODE || '1' }}- fail loud if the output is ever missing instead of silently succeeding.render_comment.py(the step outcome is always success now that the exit code is captured) - thePRE_COMMIT_OUTCOMEenv is gone. Tests updated.Validation
run_hooks.pyalready propagates the subprocess return code viasys.exit(covered by pytest); the bug was purely in the yaml wiring.Ticket
🤖 Generated with Claude Code