I like this approach. Something related I've been tinkering with are "protected bookmarks" - you declare what bookmarks (main, etc) are protected in your config.toml and the normal `jj bookmark` commands that change the bookmark pointer will fail, unless you pass a flag. So in your local "CI" script you can do `jj bookmark set main -r@ --allow-protected` iff the tests/lints pass. Pairs well with workspaces and something that runs a local CI (like a watcher/other automated process).

I haven't yet submitted it to upstream for design discussion, but I pushed up my branch[1]. You can also declare a revset that the target revision must match, for extra belts and suspenders (eg., '~conflicts()')

[1] https://github.com/paulsmith/jj/tree/protected-bookmarks

Cool! That would pair well with SelfCI's MQ daemon, preventing accidentally forgetting about merging in stuff without running the local CI.

Being visible is useful, this is probably better suited for an ide than a hook or a daemon.

That's a great idea, and I was just thinking about how it would pair with self hosted CI of some type.

Basically what I would want is write a commit (because I want to commit early and often) then run the lint (and tests) in a sandboxed environment. if they pass, great. if they fail and HERAD has moved ahead of the failing commit, create a "FIXME" branch off the failure. back on main or whatever branch head was pointed at, if tests start passing, you probably never need to revisit the failure.

I want to know about local test failures before I push to remote with full CI.

automatic branching and workflow stuff is optional. the core idea is great.

Yep, I think a watcher is better suited [0] to trigger on file changes.

I personally can't stand my git commit command to be slow or to fail.

[0]: such as https://github.com/watchexec/watchexec

That looks really cool! I've been looking for a more thought-out approach to hooks on JJ, I'll dig into this. Do you have any other higher level architecture/overview documentation other than what is in that repo? It has a sense of "you should already know what this does" from the documentation as is.

Also, how do you like Radicle?

I use exactly one such hook, and that's to add commit signoff because of a checklist-compliance item called DCO that fails all PRs unless they have the sign-off trailer added by `git commit -s`. I've long argued that we should be enforcing actual signed commits instead, but compliance has never been about doing the sensible thing.

It's as simple as a script with a cp command that I run after any clone of a repo that requires it; certainly doesn't require anything as elaborate as a hook manager.

Voting and comment rings are against HN guidelines

To entice people who are fluent in said language, or those who are looking for something compiled and performant. If I see a project written in (java|type)script, I know to avoid it.

Client-side pre-commit hooks are there to help you in the same way that type checking (or a powerful compiler) is there to help you avoid bugs. In particular with git, you can skip the hooks when committing.

Now, if the server enforces checks on push, that's a project policy that should be respected.

The value is in finding out something is going to fail locally before pushing it. Useful for agents and humans alike.

I like my pre-receive hooks.

I've used pre-commit very sparingly but it has happened and I also have no idea why this project need to exist? Why would pre-commit ever lead to performance problems? I get that the processes that are hooked in can be long running but the pre-commit itself? Why would it take any time at all?

The problem is that pre-commit hooks are much slower with a much higher false-positive rate than type checking.

Pre-commit checks should be opt-in with CI as the gate. It's useful to be able to commit code in a failing state.

They integrate well with CI.

You run the same hooks in CI as locally so it's DRY and pushes people to use the hooks locally to get the early feedback instead of failing in CI.

Hooks without CI are less useful since they will be constantly broken.

This might be a me problem but I extensively manipulate the git history all the time which makes me loathe git hooks. A commit should take milliseconds, not a minute.

Besides during commit, pre-commit/prek can run all hooks with `run`. So in CI/CD you can replace all discrete lint/format tool calls with one to pre-commit/prek. E.g. https://github.com/python/cpython/blob/main/.github/workflow....

This just seems like calling a shell script with extra steps.

I have a shell utility similar to make that CI/CD calls for each step (like for step build, run make build) that abstracts stuff. I'd have Prek call this tool, I guess, but then I don't get what benefit there is here.

prek is compatible with pre-commit so any hooks that can be used for pre-commit can be used with prek including the repo config file. Depending on if you're interested in buying into the existing pre-commit ecosystem, which is pretty extensive, then prek is a really good alternative

I think really they just need to implement some kind of plug-in or extension framework. Extensions are just not first class citizens but they really should be.

There should be a .gitextensions in the repo that the repo owners maintain just like .gitignores and . gitattributes etc etc. Everything can still be opt in by every user but at least all git clients would be able to know about, pull down, and install per user discretion.

It seems pretty basic in this day and age but it's still a gaping hole. You still need to manually call LFS install for goodness sake.

jj already pretty much does that with the oplog. A consistent way of making new snapshots in the background would be nice though. (Currently you have to run a jj command — any jj command — to capture the working directory.)

Why wouldn't I just call the same shell script in CI and locally though? What's the benefit here? All I'm seeing is circular logic.

Love mise, didn't know about hk. Will check this out but don't think $WORK (or me) needs more than lefthook at the moment, which we're quite happy with. Wonder if there are comparisons/example projects that showcases the unique value propositions.

Never had a problem. It adds negligible time to each commit and I have several hooks in use. Running tests takes several orders of magnitude more time.

it’s not just you.

i regularly edit history of PRs for a variety of reasons and avoid pre-commit when possible.

put it all in CI thank you please — gimme a big red X on my pipeline publicly telling me i’ve forgotten to do something considered important.

I don't think you have to, you can run the integrated watcher, no?

There's a config option for that :) https://prek.j178.dev/configuration/#default_install_hook_ty...

formatting should definitely be in pre-commit though, otherwise you'll destroy diffs.

"pre-commit the tool" supports the pre-push hook (as well as the various other hooks).

Run the light ones on commit, the heavy ones on push.

> Can people give examples of how they use pre-commit hooks that _cannot_ be replaced by a combination of the following?

I can't, because the point of our pre-commit use isn't to run logic in hooks that can't be run otherwise.

e.g. We use pre-commit to enforce that our language's whitespace formatting has been applied. This has the same configuration in the IDE, but sometimes devs ignore IDE warnings or just open files in a text editor for a quick edit and don't see IDE warnings or w/e.

"Replaced by CI" isn't really meaningful in our context - pre-commit is just a tool that runs as part of CI - some things get done as pre-commit hooks because they're fast and it's a convenient place to put them. Devs are encouraged to also run pre-commit locally, but there's no enforcement of this.

> Do you run tests? How do you know _which_ tests to run, and not just run every test CI would run, which could be slow?

We have performance metrics for pre-commit hooks and pre-push hooks. I forget the exact numbers, but we want stuff to "feel" fast, so e.g. if you're rebasing something locally with a few dozen commits it should only take seconds. Pre-push hooks have a bit more latitude.

It’s a question of feedback time and consistency: e.g. if you run Prettier/Ruff in CI, someone has to wait minutes rather than milliseconds and you either have to fix build failures or grant your CI system commit privileges and deal with merge conflicts. This also means more total CI runner usage while someone’s laptop probably has 10 idle cores.

If it’s on a pull/merge request, you’re wasting reviewer time.

If the hook is blocking secrets, you can’t un-push it with 100% certainty so you have to revoke credentials.

For texts, I tend to have the equivalent of “pytest tests/unit/“ since those are fast and a good sanity check, especially for things like refactoring.

I also run our pre-commit checks in CI for consistency so we’re never relying on someone’s local environment (web editors exist) and to keep everyone honest about their environment.

You do seem to be doing it wrong. Extensive manipulation of the record and slow hooks are both undesirable.

I never understood this argument.

The checks in those pre-commit hooks would need to be very fast - otherwise they'd be too slow to run on every commit.

Then why would it save time and money if they only get run at the pipeline stage? That would only save substantial time if the pipepline is architected in a suboptimal way: Those checks should get run immediately on push, and first in the pipeline so the make the pipeline fail fast if they don't pass. Instant Slack notification on fail.

But the fastest feedback is obviously in the editor, where such checks like linting / auto-formatting belong, IMHO. There I can see what gets changed, and react to it.

Pre-commit hooks sit in such a weird place between where I author my code (editor) and the last line of defense (CI).

The author of pre-commit is known to be pretty hostile :p You should make an issue for prek though!

Correct me if I'm wrong but lefthook doesn't run its hooks exclusively on the staged changes IIRC. pre-commit, and prek by extension, have a process to stash the unstaged changes using git and running the code only on the staged files. Last I used it, lefthook ran on every file regardless of git status. This annoyed me because I'd have a few stray files that were not ready to be checked in or tracked that would trigger failures in lefthook. At the time this also made some hooks run slower since it would run on every single file but I think most linters have become significantly faster now.

That’s what --no-verify is for.

I leave unstaged files all the time, not sure what you mean.

> they … aren’t compatible with commits that leave unstaged files in your tree.

It's a little surprising that git doesn't pass pre-commit hooks any information, like a list of which files were changed in the soon-to-be-made commit. git does so for pre-push, where it writes to a hook's stdin some information about the refs and remotes involved in the push.

I wonder if many pre-commit hooks, like the kind which run formatters, would be better off as `clean` filters, which run on files when they are staged. The filter mechanism makes it easier to apply just to the files which were changed. In the git docs, they even use a formatter (`indent`) as an example.

https://git-scm.com/book/ms/v2/Customizing-Git-Git-Attribute...

pre-commit provides a convenient way to organize running a collection of shell scripts.

The point is enforcement. If there's a newcomer to developing your repo, you can ask them to install the hooks and from thereon everything they commit will be compatible with the processes in your CI. You don't need to manually run the scripts they'll run automatically as part of the commit or push or whatever process

Yes, you can run the CI script locally so you detect errors faster.

> Then why would it save time and money if they only get run at the pipeline stage? That would only save substantial time if the pipepline is architected in a suboptimal way: Those checks should get run immediately on push, and first in the pipeline so the make the pipeline fail fast if they don't pass. Instant Slack notification on fail.

That's still multiple minutes compared to an error thrown on push - i.e. long enough for the dev in question to create a PR, start another task, and then leave the PR open with CI failures for days afterwards.

> But the fastest feedback is obviously in the editor, where such checks like linting / auto-formatting belong, IMHO.

There are substantial chunk of fast checks that can't be configured in <arbitrary editor> or that require a disproportionate time investment. (e.g. you could write and maintain a Visual Studio extension vs just adding a line to grep for pre-commit)

in hk you can not only have a mix of staged/unstaged files but it even deals with staged/unstaged HUNKS in the same file (best it can at least)

I would reckon cleaning up your branch before opening a pull request is good practice. I also rebase a lot, aswell as git reset, and I use wip commits.

Slow hooks are also not a problem in projects I manage as I don't use them.

Please look at the example that is literally on the front page of the lefthook website: https://lefthook.dev/

Ah ok the home page actually reminded me what the actual issue was. It can pass the list of staged files to the command but since it doesn't actually stash anything, it's not compatible with commands that don't accept a list of files. golangci-lint for example doesn't accept a list of files like this and will run on every single file in the repo. I don't know if this behaviour has changed in lefthook or golangci-lint now.

No, I would not and don't do that. It is better to leave the PR commits separate and atomic so reviewers can digest them more easily. You just squash on merge.

> Slow hooks are also not a problem in projects I manage as I don't use them.

You bypass the slow hooks you mentioned? Why even have hooks then?

> It is better to leave the PR commits separate and atomic so reviewers can digest them more easily.

So reviewers have to digest all of the twists and turns I took to get to the final result? Why oh why oh why?

Sure, if they've already seen some of it, then there should be an easy way for them to see the updates. (Either via separate commits or if you're fortunate enough to have a good review system, integrated interdiffs so you can choose what view to use.)

In a better world, it would be the code author's responsibility to construct a meaningful series of commits. Unless you do everything perfectly right the first time, that means updating commits or using fixup commits. This doesn't just benefit reviewers, it's also enormously valuable when something goes wrong and you can bisect it down to one small change rather than half a dozen not-even-compiling ones.

But then, you said "atomic", which suggests you're already trying to make clean commits. How do you do that without modifying past commits once you discover another piece that belongs with an earlier step?

> You just squash on merge.

I'd rather not. Or more specifically, optimal review granularity != optimal final granularity. Some things should be reviewed separately then squashed together (eg a refactoring + the change on top). Some things should stay separate (eg making a change to one scary area and then making it to another). And optimal authoring granularity can often be yet another thing.

But I'll admit, git + github tooling kind of forces a subpar workflow.

I do leave PR commits separate. In my teams I don't set up pre-commit hooks altogether, unless others feel strongly otherwise. In projects where they are forced upon me I frequently --no-verify hooks if they are slow, as the linter runs on save and I run tests during development. CI failing unintentionally is usually not a problem for me.