ci, pre-commit: validate vendor hash via vendorhash check

Replace the grep/awk hash extraction in build.yml with a structured vendorhash check step; the PR review comment now reads expected/ actual values directly from $GITHUB_OUTPUT instead of scraping Nix stderr. Add a prek hook so divergence is caught locally before push.
2026-05-23 18:48:42 +09:00 · 2026-04-29 07:59:19 +00:00
parent e470774f6a
commit 9621a97ebe
2 changed files with 24 additions and 15 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -60,3 +60,13 @@ repos:
        language: system
        types: [go]
        pass_filenames: false
+
+      # vendor-hash keeps flakehashes.json in sync with go.mod/go.sum.
+      # Hot path (no input change) is a sha256 over two small files;
+      # only fires `go mod vendor` when the fingerprint actually drifts.
+      - id: vendor-hash
+        name: vendor-hash
+        entry: nix develop --command -- go run ./cmd/vendorhash check
+        language: system
+        files: ^(go\.mod|go\.sum|flakehashes\.json)$
+        pass_filenames: false