-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
95 lines (84 loc) · 2.67 KB
/
.pre-commit-config.yaml
File metadata and controls
95 lines (84 loc) · 2.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
- id: check-merge-conflict
- id: check-ast
- id: check-json
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.1.6
hooks:
- id: ruff
args: [--fix, --exit-non-zero-on-fix]
- repo: https://github.com/psf/black
rev: 23.9.1
hooks:
- id: black
language_version: python3.11
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.5.1
hooks:
- id: mypy
additional_dependencies: [types-requests]
exclude: ^tests/
- repo: local
hooks:
- id: strip-bom
name: Strip UTF-8 BOM
entry: powershell
args: ["-File", "tools/strip_bom.ps1"]
language: system
files: \.(py|js|ts|json|html|css|md)$
- repo: local
hooks:
- id: check-bom
name: Check for UTF-8 BOM
entry: powershell
args: ["-Command", "Get-ChildItem -Recurse -Include *.py,*.js,*.ts,*.json,*.html,*.css,*.md | ForEach-Object { $bytes = [System.IO.File]::ReadAllBytes($_.FullName); if ($bytes.Length -ge 3 -and $bytes[0] -eq 0xEF -and $bytes[1] -eq 0xBB -and $bytes[2] -eq 0xBF) { Write-Error \"BOM found in $($_.FullName)\"; exit 1 } }"]
language: system
pass_filenames: false
- repo: local
hooks:
- id: pytest
name: Run fast unit tests
entry: python
args: ["-m", "pytest", "tests/unit", "-q"]
language: system
pass_filenames: false
stages: [push]
- repo: local
hooks:
- id: validate-openapi
name: Validate OpenAPI schema
entry: python
args: ["-c", "from api.main import app; import json; json.dumps(app.openapi())"]
language: system
pass_filenames: false
# Secret scanning for security
- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.4
hooks:
- id: gitleaks
# Crypto Rebal custom hooks - enforce project rules
- repo: local
hooks:
- id: check-risk-inversion
name: Check for Risk Score inversion
entry: python tools/check_risk_inversion.py
language: python
types_or: [python, javascript, ts, tsx]
files: '\.(py|js|ts|tsx)$'
- id: validate-commit-msg
name: Validate commit message format
entry: python tools/validate_commit_msg.py
language: python
stages: [commit-msg]