build: Replace pre-commit with prek

[koxudaxi]

Summary by CodeRabbit

• Chores
  • Added an automated lint workflow that runs on pushes and pull requests and can auto-commit style fixes when applicable.
  • Re-enabled readme validation in CI and widened trigger conditions for docs/update jobs to support labeled PR flows and safer checkout of PR head refs.
  • Switched development tooling to use the newer "prek" executor in fix workflows and related configs.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@koxudaxi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 21 minutes and 33 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 6ce0f61 and 8b5112c.

📒 Files selected for processing (3)

• .github/workflows/cli-docs.yaml (1 hunks)
• .github/workflows/lint.yaml (1 hunks)
• .github/workflows/readme.yaml (1 hunks)

Walkthrough

Replaces pre-commit-uv with prek across tooling, re-enables the readme pre-commit hook, updates tox to call prek, and adds/adjusts GitHub Actions workflows including a new .github/workflows/lint.yaml plus modifications to existing CI workflows' trigger and checkout logic.

Changes

Cohort / File(s)	Summary
New lint workflow .github/workflows/lint.yaml	Adds a "Lint" GitHub Actions workflow triggered on pushes to main, pull_request, and labeled pull_request_target; sets up checkout (with PAT/token fallback), installs uv and Python 3.14, runs uvx prek ... and conditionally commits auto-fixes via git-auto-commit-action.
Existing workflows updated .github/workflows/cli-docs.yaml, .github/workflows/readme.yaml	Adds pull_request_target labeled trigger blocks and widens job conditionals to allow runs for specific authors/actors or labeled PRs; changes checkout step to use PR head ref and head repository settings.
Pre-commit & tooling config .pre-commit-config.yaml, pyproject.toml, tox.ini	Removes top-level ci: skip: [readme] (enabling readme hook), replaces dependency pre-commit-uv>=4.1.4 with prek>=0.2.22 in pyproject.toml, and changes [testenv:fix] command from pre-commit run ... to prek run ... in tox.ini.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify prek CLI flags and parity with previous pre-commit-uv invocation (--all-files, --show-diff-on-failure, etc.).
• Inspect .github/workflows/lint.yaml conditionals for correct event/actor filtering and secret usage (PAT fallback).
• Confirm checkout modifications in cli-docs.yaml and readme.yaml correctly use PR head ref/repo and do not introduce permission issues.
• Ensure enabling the readme hook in .pre-commit-config.yaml has no unintended failures in CI.

Poem

🐰 I hopped in code to swap a tool,
traded old hooks for something cool.
Readme winks and workflows sing—
linting bells and a tidy spring.
✨🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: replacing pre-commit with prek across build configuration files, workflows, and dependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a31749d and 55a25d2.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/lint.yaml (1 hunks)
• .pre-commit-config.yaml (0 hunks)
• pyproject.toml (1 hunks)
• tox.ini (1 hunks)

💤 Files with no reviewable changes (1)

• .pre-commit-config.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: 3.10 on macOS
• GitHub Check: 3.11 on Windows
• GitHub Check: 3.13 on Windows
• GitHub Check: 3.10 on Windows
• GitHub Check: 3.14 on macOS
• GitHub Check: 3.12 on Windows
• GitHub Check: 3.14 on Windows
• GitHub Check: benchmarks
• GitHub Check: Analyze (python)

🔇 Additional comments (6)

.github/workflows/lint.yaml (4)

1-6: Consider the interaction between triggers and auto-commit.

The workflow runs on both pushes to main and pull requests, and auto-commits style fixes. This could create commit loops if the auto-commit action triggers another workflow run. Verify that the git-auto-commit-action in this workflow doesn't trigger itself or other workflows recursively.

---

19-19: Note the difference in prek flags between tox.ini and this workflow.

The tox.ini uses prek run --all-files --show-diff-on-failure, while this workflow only uses --all-files. This may be intentional for CI (to allow auto-commit to fix issues silently), but verify this is the desired behavior.

---

16-18: No action required—Python 3.14 is available in GitHub Actions.

Python 3.14 was released on 7 October 2025 and is available in GitHub Actions with patch versions 3.14.1 and 3.14.2. The workflow will not fail due to version unavailability.

---

11-14: Ensure the PAT secret is configured in the repository.

The workflow uses an auto-commit action to push linting fixes, which requires authenticated git credentials. The PAT must have the necessary permissions (repo scope minimum) to push commits to branches.

pyproject.toml (1)

116-116: prek version 0.2.22 is available and has no known security vulnerabilities.

The specified version exists and is actively used by major projects including Apache Airflow and Apache Iceberg. No security advisories or CVEs were found for the prek package.

tox.ini (1)

61-61: prek supports both --all-files and --show-diff-on-failure flags; no action needed on the flags themselves. Both are actively used in production projects like Apache Airflow.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.43%. Comparing base (a31749d) to head (8b5112c).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2702   +/-   ##
=======================================
  Coverage   99.43%   99.43%           
=======================================
  Files          81       81           
  Lines       11381    11381           
  Branches     1359     1359           
=======================================
  Hits        11317    11317           
  Misses         38       38           
  Partials       26       26           

Flag	Coverage Δ
unittests	99.43% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codspeed-hq]

CodSpeed Performance Report

Merging #2702 will not alter performance

_{Comparing replace-pre-commit-with-prek (8b5112c) with main (a31749d)}

Summary

✅ 52 untouched
⏩ 10 skipped¹

Footnotes

1. 10 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 55a25d2 and 6ce0f61.

📒 Files selected for processing (3)

• .github/workflows/cli-docs.yaml (1 hunks)
• .github/workflows/lint.yaml (1 hunks)
• .github/workflows/readme.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: 3.10 on macOS
• GitHub Check: 3.12 on Windows
• GitHub Check: 3.11 on macOS
• GitHub Check: 3.12 on macOS
• GitHub Check: py312-pydantic1 on Ubuntu
• GitHub Check: py312-isort7 on Ubuntu
• GitHub Check: 3.10 on Windows
• GitHub Check: 3.11 on Windows
• GitHub Check: benchmarks
• GitHub Check: 3.13 on macOS
• GitHub Check: 3.14 on Windows
• GitHub Check: 3.13 on Windows
• GitHub Check: Analyze (python)

🔇 Additional comments (4)

.github/workflows/lint.yaml (2)

30-42: Auto-commit conditional logic looks comprehensive.

The condition properly gates auto-commits to:

• Push events (direct commits to main)
• Same-repository PRs (not forks)
• Trusted actors by username
• Labeled pull_request_target events from trusted senders

This addresses the concerns from the previous review about auto-committing to untrusted branches.

---

26-28: Python 3.14 is now stable. Python 3.14 was released on 7 October 2025, so it is no longer in pre-release. The GitHub Actions setup-python action includes Python 3.14, so this version is fully supported. No changes needed.

Likely an incorrect or invalid review comment.

.github/workflows/cli-docs.yaml (1)

20-27: Trigger and conditional logic look correct.

The pull_request_target trigger with paths filter and the job conditional properly gate execution to trusted scenarios. The pattern aligns with the lint workflow for consistency.

Also applies to: 34-43

.github/workflows/readme.yaml (1)

12-15: Trigger and conditional logic are consistent with other workflows.

The pull_request_target trigger with paths filter and the job conditional follow the same pattern as cli-docs.yaml and lint.yaml, maintaining consistency across workflows.

Also applies to: 22-31

[ilovelinux]

Note that prek is a pre-commit reimplementation in Rust backed by a single guy. I tried it and it's way faster.

I don't trust the author/his company enough to use it in private projects because of potential supply-chain attack, but using it in CI looks like a good idea! :)

[koxudaxi]

@ilovelinux
I've been frustrated with pre-commit's slowness for a while. Especially since I run it many times a day on this and other projects, it felt like a significant time sink.
That's a fair point about the risk. Then again, the same could be said for OSS in general. But since this does force local execution, feel free to reject this PR if you're not comfortable with it 😉

[ilovelinux]

It's okay for me to locally execute it even if it's not going to be executed in an isolated environment. It's the developer's responsibility to take precautions and isolate different environments. Let's give a shot to prek! :)