This release introduces an experimental pure-Rust Pkl evaluator (pklr) as an opt-in backend, adds a required field for steps that need specific environment variables, and expands the builtins library with five new linter/scanner configurations. It also fixes an important staging bug where hk fix could inadvertently stage pre-existing untracked files.
Highlights
- Experimental pklr backend: Set
HK_PKL_BACKEND=pklrto evaluate.pklconfig files using a built-in Rust evaluator instead of shelling out to thepklCLI. This eliminates the pkl binary dependency entirely. Proxy, CA certificate, and HTTP rewrite settings are forwarded automatically. Note: pklr is experimental and may not support every pkl feature yet. requiredfield for steps: Steps can now declare environment variables that must be present for the step to run. If any are missing, the step is gracefully skipped with a clear message. This is designed for builtins likeaddlicensewhere running without user-provided configuration would produce incorrect results.- Five new builtins:
google_java_format,dclint,gitleaks,betterleaks, andmdschemajoin the built-in linter registry. - Staging correctness fix:
hk fixno longer stages untracked files that existed before the hook ran -- only files newly created by fixers are staged.
Added
-
pklrPkl backend: A pure-Rust Pkl evaluator is now available as an opt-in alternative to the externalpklCLI. Enable it withHK_PKL_BACKEND=pklr. Supports proxy settings, custom CA certificates viaHK_PKL_CA_CERTIFICATES, and HTTP rewrites viaHK_PKL_HTTP_REWRITE. (@jdx) #768, #769export HK_PKL_BACKEND=pklr hk run check # no pkl CLI needed
-
requiredfield on steps: Declare environment variables that must be set for a step to run. If any are missing, the step is skipped with a message likeskipped: missing required environment variable(s): LICENSE_FILE. Variables can be satisfied by the process environment, the globalenvblock, or the step's ownenvblock. (@timothysparg) #785["addlicense"] { required = List("LICENSE_FILE") check = "addlicense --check -f $LICENSE_FILE {{files}}" fix = "addlicense -f $LICENSE_FILE {{files}}" }
To see skip messages for missing required env vars, add
"missing-required-env"todisplay_skip_reasons. -
google_java_formatbuiltin: Format Java files using google-java-format. Matches**/*.java. (@timothysparg) #777 -
dclintbuiltin: Lint and fix Docker Compose files using dclint. Auto-detected viacompose.yml,docker-compose.yml, and variants. (@timothysparg) #779 -
gitleaksbuiltin: Scan for secrets in Git repositories using gitleaks. Auto-detected via.gitleaks.toml. (@hituzi-no-sippo) #749 -
betterleaksbuiltin: Scan for secrets using betterleaks. Auto-detected via.gitleaks.tomlor.betterleaks.toml. (@hituzi-no-sippo) #750 -
mdschemabuiltin: Validate Markdown documents against schemas using mdschema. Auto-detected via.mdschema.yml. (@hituzi-no-sippo) #748
Changed
-
excludedefaults toList(): Theexcludefield on steps now defaults to an empty list instead ofnull. This means you no longer need the null-coalescing operator when extending exclusions in Pkl configs. (@timothysparg) #781// Before (required null check) exclude = (Builtins.actionlint.exclude ?? List()) + List("**/ignored-dir/**") // After (just concatenate) exclude = Builtins.actionlint.exclude + List("**/ignored-dir/**")
Fixed
-
Pre-existing untracked files no longer staged by
hk fix: When using the defaultstage=<JOB_FILES>behavior, untracked files that existed before the hook started are no longer added to the git index. Only files newly created by fixers during the run are staged. Explicitstageglobs still opt into staging all matching untracked files. (@jdx) #788 -
Pkl package URIs use correct versioned format: Documentation and error messages now use the correct versioned Pkl package URI format (
/releases/download/vX.Y.Z/hk@X.Y.Z) instead of invalid/latest/paths. Error messages also now dynamically reflect the running hk version. (@jdx) #770
New Contributors
- @timothysparg made their first contribution in #777
Full Changelog: v1.39.0...v1.40.0