-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
150 lines (132 loc) · 3.93 KB
/
.pre-commit-config.yaml
File metadata and controls
150 lines (132 loc) · 3.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Pre-commit hooks for TinyIntent
# See https://pre-commit.com for more information
repos:
# Python code formatting and linting
- repo: https://github.com/psf/black
rev: 23.12.1
hooks:
- id: black
language_version: python3
args: [--line-length=100]
- repo: https://github.com/pycqa/flake8
rev: 7.0.0
hooks:
- id: flake8
args: [--max-line-length=100, --extend-ignore=E203,W503]
- repo: https://github.com/pycqa/isort
rev: 5.13.2
hooks:
- id: isort
args: [--profile=black, --line-length=100]
# Security checks
- repo: https://github.com/PyCQA/bandit
rev: 1.7.5
hooks:
- id: bandit
args: [-r, ., -x, tests/]
# General file checks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-json
- id: check-toml
- id: check-added-large-files
args: [--maxkb=1000]
- id: check-case-conflict
- id: check-merge-conflict
- id: debug-statements
- id: requirements-txt-fixer
# Python-specific checks
- repo: https://github.com/pre-commit/pygrep-hooks
rev: v1.10.0
hooks:
- id: python-check-blanket-noqa
- id: python-check-blanket-type-ignore
- id: python-no-log-warn
- id: python-use-type-annotations
# Type checking
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.8.0
hooks:
- id: mypy
additional_dependencies: [types-requests, types-PyYAML]
args: [--ignore-missing-imports, --no-strict-optional]
# Documentation checks
- repo: https://github.com/pycqa/pydocstyle
rev: 6.3.0
hooks:
- id: pydocstyle
args: [--convention=google, --add-ignore=D100,D101,D102,D103,D104,D105,D107]
# Secrets detection
- repo: https://github.com/Yelp/detect-secrets
rev: v1.4.0
hooks:
- id: detect-secrets
args: [--baseline, .secrets.baseline]
# YAML formatting
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
hooks:
- id: prettier
files: \.(yml|yaml)$
# Dockerfile linting
- repo: https://github.com/hadolint/hadolint
rev: v2.12.0
hooks:
- id: hadolint-docker
args: [--ignore, DL3008, --ignore, DL3009]
# Shell script linting
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.9.0.6
hooks:
- id: shellcheck
# Custom local hooks
- repo: local
hooks:
# Security validation
- id: security-tests
name: Run security tests
entry: python
args: [tests/test_security_fixes.py]
language: system
types: [python]
pass_filenames: false
stages: [push]
# Fast unit tests
- id: unit-tests
name: Run unit tests
entry: python
args: [-m, pytest, tests/, -x, --tb=short, --quiet]
language: system
types: [python]
pass_filenames: false
stages: [push]
# Check for TODO/FIXME comments in production code
- id: no-todos
name: No TODO/FIXME in production code
entry: 'TODO|FIXME'
language: pygrep
exclude: ^(tests/|docs/|\.pre-commit-config\.yaml)
stages: [push]
# Validate helper manifests
- id: validate-helpers
name: Validate helper manifests
entry: python
args: [-m, helpers.manifest, validate-all]
language: system
files: ^helpers/.*\.(yaml|json)$
pass_filenames: false
# Check for hardcoded secrets
- id: no-hardcoded-secrets
name: No hardcoded secrets
entry: 'TINYINTENT_SECRET|SHORTCUT_TOKEN|password|secret|key.*='
language: pygrep
exclude: ^(tests/|docs/|\.pre-commit-config\.yaml|SECURITY\.md)
args: [--ignore-case]
# Pre-commit configuration
default_stages: [commit]
fail_fast: false
minimum_pre_commit_version: '3.0.0'