chore: add pre-commit configuration for code quality checks

[Muneerali199]

Addressed Issues:

Fixes #18

Screenshots/Recordings:

Not applicable (configuration-only changes)

Additional Notes:

This PR adds a .pre-commit-config.yaml file to enforce code quality checks before commits.

The configuration includes hooks for:

• File hygiene (trailing whitespace, merge conflicts, large files)
• Config validation (YAML, JSON, TOML)
• Secret detection

Checklist

• My code follows the project's code style and conventions
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have joined the Discord server and I will share a link to this PR with the project maintainers there
• I have read the Contributing Guidelines

Summary by CodeRabbit

• Chores
  • Implemented automated code quality and security checks in the development workflow to maintain consistent code standards, validate configuration files, and detect potential security vulnerabilities.

[coderabbitai]

Warning

Rate limit exceeded

@Muneerali199 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 26 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b2300093-ee1d-4e81-9d7f-7e3ffbe08173

📥 Commits

Reviewing files that changed from the base of the PR and between 1d57b5d and 362ee22.

📒 Files selected for processing (2)

• .pre-commit-config.yaml
• src/social-share-button.js

Walkthrough

A .pre-commit-config.yaml file has been added to configure automated pre-commit hooks. The configuration includes three groups of hooks: file hygiene checks (trailing whitespace, end-of-file fixer, merge conflict detection, large file detection), data validation (YAML, JSON, TOML), and security scanning (detect-secrets) with specific tool versions and documentation notes.

Changes

Cohort / File(s)	Summary
Pre-commit Configuration .pre-commit-config.yaml	Added comprehensive pre-commit hook configuration with file hygiene checks, data validation rules (YAML, JSON, TOML), and detect-secrets integration for security scanning. Includes version pinning for pre-commit-hooks v4.5.0 and detect-secrets v1.4.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

Linter

Suggested reviewers

• kpj2006

Poem

🐰 A config file hops into view,
With pre-commit hooks shiny and new,
Trailing spaces? Secrets? Begone!
Best practices now live and live on! ✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change—adding a .pre-commit-config.yaml file for code quality checks, which matches the primary objective of the PR.
Linked Issues check	✅ Passed	The PR implements .pre-commit-config.yaml as specified in issue #18, which requests adoption of open-source best practices including this configuration file from the template repository.
Out of Scope Changes check	✅ Passed	All changes in the PR are within scope—only the .pre-commit-config.yaml file is added, directly addressing the requirements specified in issue #18.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.pre-commit-config.yaml:
- Around line 14-36: Consolidate the duplicate pre-commit repo entries for
https://github.com/pre-commit/pre-commit-hooks rev v4.5.0 by merging the hooks
lists (trailing-whitespace, end-of-file-fixer, check-merge-conflict,
check-added-large-files, mixed-line-ending, check-yaml, check-json, check-toml)
into a single repo block; remove the second redundant block and ensure the
combined hooks include the mixed-line-ending args ['--fix=lf'] so behavior is
preserved (look for the two repo blocks containing the URL and rev values to
update).
- Around line 18-19: Update the pinned pre-commit-hooks revision by changing the
rev value for the repo entry "https://github.com/pre-commit/pre-commit-hooks"
from v4.5.0 to v6.0.0 in .pre-commit-config.yaml; locate the block containing
the repo line and the associated rev key and replace the existing rev string
with "v6.0.0" so the pre-commit configuration uses the latest stable release.
- Around line 41-46: The detect-secrets hook block (repo:
https://github.com/Yelp/detect-secrets, rev:, hooks: id: detect-secrets) needs
clearer baseline guidance and an update: change the commented YAML note into a
plain-text instruction or move it into the repository README explaining
maintainers should add a .secrets.baseline file or open an issue to track
creating one, update rev from v1.4.0 to v1.5.0 to use the newer release, and
either enable args: ['--baseline', '.secrets.baseline'] on the hook or ensure an
issue is created and referenced so secret scanning uses the baseline.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 48c7c085-f7a9-45c0-9de9-1a9310fee8ae

📥 Commits

Reviewing files that changed from the base of the PR and between 9e7e113 and 1d57b5d.

📒 Files selected for processing (1)

• .pre-commit-config.yaml

[kpj2006]

@Muneerali199 fix coderabbit flag

[kpj2006]

@CodeRabbit also open issue in https://github.com/AOSSIE-Org/Template-Repo as this also contains this version.
https://github.com/AOSSIE-Org/Template-Repo/blob/main/.pre-commit-config.yaml

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

Let me first inspect the Template-Repo's .pre-commit-config.yaml file and check the latest versions of the hooks before opening the issue.

---

🏁 Script executed:

#!/bin/bash
# Fetch the .pre-commit-config.yaml from the Template-Repo
gh api repos/AOSSIE-Org/Template-Repo/contents/.pre-commit-config.yaml \
  --jq '.content' | base64 --decode

Length of output: 1685

---

🏁 Script executed:

#!/bin/bash
# Check latest releases of pre-commit-hooks and detect-secrets
echo "=== pre-commit/pre-commit-hooks latest release ==="
gh api repos/pre-commit/pre-commit-hooks/releases/latest --jq '.tag_name'

echo "=== Yelp/detect-secrets latest release ==="
gh api repos/Yelp/detect-secrets/releases/latest --jq '.tag_name'

Length of output: 107

---

The Template-Repo has the same outdated versions flagged in PR #107:

• pre-commit-hooks: v4.5.0 → latest is v6.0.0
• detect-secrets: v1.4.0 → latest is v1.5.0

Opening the issue now.

---

🏁 Script executed:

#!/bin/bash
gh issue create \
  --repo AOSSIE-Org/Template-Repo \
  --title "chore: update outdated pre-commit hook versions in .pre-commit-config.yaml" \
  --assignee kpj2006 \
  --body "## Summary

The \`.pre-commit-config.yaml\` file in this repository uses outdated versions of two pre-commit hooks. These should be bumped to their latest releases to benefit from bug fixes, security patches, and new features.

## Outdated Dependencies

| Hook repo | Current version | Latest version |
|---|---|---|
| \`pre-commit/pre-commit-hooks\` | \`v4.5.0\` | \`v6.0.0\` |
| \`Yelp/detect-secrets\` | \`v1.4.0\` | \`v1.5.0\` |

## Suggested Fix

Update \`.pre-commit-config.yaml\`:

\`\`\`yaml
- repo: https://github.com/pre-commit/pre-commit-hooks
  rev: v6.0.0   # was v4.5.0
  ...

- repo: https://github.com/Yelp/detect-secrets
  rev: v1.5.0   # was v1.4.0
  ...
\`\`\`

## References

- Identified via review of AOSSIE-Org/SocialShareButton#107
- Requested by `@kpj2006` in comment: https://github.com/AOSSIE-Org/SocialShareButton/pull/107
- \`pre-commit-hooks\` releases: https://github.com/pre-commit/pre-commit-hooks/releases
- \`detect-secrets\` releases: https://github.com/Yelp/detect-secrets/releases"

Length of output: 54

---

@kpj2006 Done! I've opened the issue in the Template-Repo: AOSSIE-Org/Template-Repo#104

The issue covers both outdated hook versions found in .pre-commit-config.yaml:

Hook	Current	Latest
pre-commit/pre-commit-hooks	v4.5.0	v6.0.0
Yelp/detect-secrets	v1.4.0	v1.5.0

It's assigned to you and references back to this PR (#107).

---

🧠 Learnings used

Learnt from: kpj2006
Repo: AOSSIE-Org/SocialShareButton PR: 0
File: :0-0
Timestamp: 2026-03-10T07:25:17.136Z
Learning: For the AOSSIE-Org/SocialShareButton repository, kpj2006 wants contributors to add proper inline comments to all methods in library source files (especially src/social-share-button.js). The preferred enforcement mechanism is CodeRabbit path-based review instructions (skills) in .coderabbit.yaml rather than scripts or workflows. Flag any newly added or modified function that lacks a descriptive comment during reviews.

---

Learnt from: kpj2006
Repo: AOSSIE-Org/SocialShareButton PR: 0
File: :0-0
Timestamp: 2026-03-10T07:25:17.136Z
Learning: For the AOSSIE-Org/SocialShareButton repository, kpj2006 wants contributors to add proper inline comments to all methods in library source files (especially src/social-share-button.js). The preferred enforcement mechanism is CodeRabbit path-based review instructions (skills) in .coderabbit.yaml, rather than scripts or workflows. During reviews, flag any newly added or modified function that lacks a descriptive comment explaining what it does, why it exists, and its parameters/return values.

[kpj2006]

Remove formatting from this file

And all single quotes as well.

[github-actions]

⚠️ This PR has merge conflicts.

Please resolve the merge conflicts before review.

Your PR will only be reviewed by a maintainer after all conflicts have been resolved.

📺 Watch this video to understand why conflicts occur and how to resolve them:
https://www.youtube.com/watch?v=Sqsz1-o7nXk