Configure pre-commit hooks and lean GitHub Actions for shift-left quality assurance. Use when adding or auditing CI/CD to maximize local test coverage and minimize CI cost. Skip for Terraform/K8s, deployment pipelines, or non-GitHub CI providers.
Instalação
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Configure pre-commit hooks and lean GitHub Actions for shift-left quality assurance. Use when adding or auditing CI/CD to maximize local test coverage and minimize CI cost. Skip for Terraform/K8s, deployment pipelines, or non-GitHub CI providers.
Implement comprehensive DevOps quality gates adapted to project type, with a shift-left philosophy: run as many checks as possible locally via pre-commit so developers get fast feedback and CI is a safety net rather than the primary gate.
Core principle: If a check can run locally in under ~60 seconds, it belongs in pre-commit. GitHub Actions should handle things that can't run locally: matrix version testing, secrets-based security scans, deployment, and reporting.
To stay within the agent's context budget, this SKILL keeps templates short and links to references/*.md for language-specific configs, workflow templates, and the CLI E2E script.
Repo Sync Before Edits (mandatory)
Before creating/updating/deleting files in an existing repository, sync the current branch with remote:
Flaky or environment-sensitive tests that need a clean VM
CLI End-to-End Testing
If the project is a CLI tool, create scripts/e2e_test.sh that exercises every command/subcommand to verify the CLI works end-to-end (not just compiles). Wire it into pre-commit on the push stage.
See references/cli-e2e.md for command discovery patterns, the script template, and the pre-commit hook snippet.
Install hooks:
pre-commit install
pre-commit install --hook-type pre-push # also install push-stage hooks
pre-commit run --all-files # Test on existing code
3. Create GitHub Actions Workflows (lean CI)
Create .github/workflows/ci.yml — but keep it lean since pre-commit already catches most issues. See references/github-actions.md for workflow templates.
Matrix testing across language versions (important for libraries)
Upload coverage reports (Codecov, etc.)
Deployment on merge to main
PR status comments/badges
Secrets-dependent scans
Since pre-commit already runs lint, format, type-check, unit tests, and E2E tests — the CI workflow can be simpler: install deps → run pre-commit → run tests with coverage upload → build artifact.
# Minimal CI when pre-commit covers everything locally:-name:Runpre-commitrun:pre-commitrun--all-files-name:Runtestswithcoveragerun:<test-command>--cov--cov-report=xml-name:Uploadcoverageuses:codecov/codecov-action@v4
4. Verify Pipeline
# Test all pre-commit hooks (commit stage)
pre-commit run --all-files
# Test push-stage hooks (includes E2E)
pre-commit run --all-files --hook-stage push
# Verify the CLI E2E script directly
bash scripts/e2e_test.sh
If all local checks pass, GitHub Actions becomes a thin verification layer, not the primary quality gate.
Tool Selection by Language
Language
Formatter
Linter
Type Check
Security
Tests
JS/TS
Prettier
ESLint
tsc
npm audit
Jest/Vitest
Python
Ruff/Black
Ruff
mypy
Bandit + detect-secrets
pytest
Go
gofmt
golangci-lint
built-in
gosec
go test
Rust
rustfmt
Clippy
built-in
cargo-audit
cargo test
Java
google-java-format
Checkstyle
-
SpotBugs
mvn test
Where each check runs (commit-stage pre-commit, push-stage pre-commit, or GitHub Actions only) is set out in Workflow steps 2 and 3 above — do not re-split checks differently here.
Expected Output
After running the skill, the repository contains:
.pre-commit-config.yaml — hooks for formatting, linting, type-checking, and unit tests on commit stage; full test suite and E2E tests on push stage.
.github/workflows/ci.yml — lean CI that re-runs pre-commit and uploads coverage; no duplicate lint/format steps.
.pre-commit-config.yaml exists at the repo root and lists at least one hook for the detected primary language (formatter, linter, or type checker).
All checks runnable locally in under ~60 seconds are configured in pre-commit, not GitHub Actions.
At least one .github/workflows/*.yml exists and runs only the things pre-commit cannot (matrix builds, secret-scanning, deployment, or release).
pre-commit run --all-files succeeds (or its failures are surfaced explicitly to the user, not auto-suppressed).
For CLI projects, an E2E test step is wired into either pre-commit or CI per the language reference files.
No duplication: the same check (e.g., eslint, ruff) does not run in both pre-commit and CI on the same trigger.
Edge Cases
No package manager detected: Prompt the user for the language/build system before generating hooks; never guess silently.
Pre-commit not installed: Emit the install command (pip install pre-commit or brew install pre-commit) and stop; don't generate config files for a tool that isn't present.
Existing .pre-commit-config.yaml: Merge new hooks into the existing file rather than overwriting; preserve user-defined hooks and pinned revs.
Monorepo with multiple languages: Generate one config with per-language hook sections and files: path filters so hooks only run on relevant subdirectories.
No origin remote: Skip the repo-sync step and inform the user; proceed with local-only setup.
Tests take >60 seconds: Move slow tests to push stage or GitHub Actions only; note the decision explicitly in the generated config with a comment.
Windows-only repo: Substitute PowerShell-compatible hook entries and flag any Unix-specific commands.
Step Completion Reports
After completing each major step, output a status report in this format:
Adapt the check names to match what the step actually validates. Use √ for pass, × for fail, and — to add brief context. The "Criteria" line summarizes how many acceptance criteria were met. The "Result" line gives the overall verdict.