-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathexample.pre-commit-config.yaml
More file actions
90 lines (90 loc) · 4.08 KB
/
example.pre-commit-config.yaml
File metadata and controls
90 lines (90 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# In general, this file (when sourced from https://github.com/chainguard-dev/pre-commit-hooks)
# should be able to be used as-is in other repos such as wolfi-dev/os, enterprise-packages, and extra-packages,
# and can be assumed to be the "source of truth" for our pre-commit rules.
# See https://eng.inky.wtf/docs/technical/git/pre-commit for info on how to edit this file.
repos:
- repo: https://github.com/chainguard-dev/pre-commit-hooks
rev: 71fca50bcd1006b5cbcf71f03a3b493f48c4af7f
hooks:
- id: shellcheck-run-steps
files: '^[^.][^/]*\.yaml$' # matches non-hidden .yaml files at the top level only
args:
- "--" # options to hook before this, options to shellcheck after
- "-S"
- "error"
- "--" # terminates shellcheck options, rest will be filenames
- id: check-for-epoch-bump
files: |
(?x)^(
[^/]+\.ya?ml # matches .yaml or .yml files at the top level only
)$
- id: check-for-go-fips-test
files: '^[^.][^/]*\.yaml$' # matches non-hidden .yaml files at the top level only
- repo: https://github.com/chainguard-dev/yam
rev: 768695300c5f663012a77911eb4920c12e5ed2e5 # frozen: v0.2.26
hooks:
- id: yam
files: |
(?x)^(
[^/]+\.ya?ml | # matches .yaml or .yml files at the top level only
[^/]+/pombump[^/]*\.ya?ml | # pombump*.yaml exactly 1 dir deep
[^/]+/cargobump[^/]*\.ya?ml | # cargobump*.yaml exactly 1 dir deep
pipelines/.* | # anything under pipelines/
\.github/.* # anything under .github/
)$
exclude: |
(?x)^(
.*\.patch |
.*\.diff
)$
- repo: https://github.com/wolfi-dev/wolfictl
rev: 4be5d200e3c592e46686bcd50aab54e1064eb025 # frozen: v0.38.6
hooks:
- id: wolfictl-lint
- repo: https://github.com/golangci/misspell
rev: e78f9b6cd537559a24525b6ea7e182794edfd31f # frozen: v0.7.0
hooks:
- id: misspell
# To add exclusions, add (misspelled) words to the -i arg, comma separated, or
# add files to the exclude array (with trailing | unless last it's the last one).
# Syntax info: https://pre-commit.com/#regular-expressions
# Dictionary of corrections: https://github.com/golangci/misspell/blob/main/words.go
args:
- "-i=routeros,mosquitto,metagem,rela,exportfs"
files: |
(?x)^(
[^/]+\.ya?ml | # matches .yaml or .yml files at the top level only
[^/]+/pombump[^/]*\.ya?ml | # pombump*.yaml exactly 1 dir deep
[^/]+/cargobump[^/]*\.ya?ml | # cargobump*.yaml exactly 1 dir deep
pipelines/.* | # anything under pipelines/
\.github/.* # anything under .github/
)$
exclude: |
(?x)^(
aws-network-policy-agent/pkg/ebpf/c/vmlinux.h-aarch64|
aws-network-policy-agent/pkg/ebpf/c/vmlinux.h-x86_64|
.*\.patch
)$
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # v5.0.0
hooks:
- id: check-yaml
files: |
(?x)^(
[^/]+\.ya?ml | # matches .yaml or .yml files at the top level only
[^/]+/pombump[^/]*\.ya?ml | # pombump*.yaml exactly 1 dir deep
[^/]+/cargobump[^/]*\.ya?ml | # cargobump*.yaml exactly 1 dir deep
pipelines/.* | # anything under pipelines/
\.github/.* # anything under .github/
)$
exclude: |
(?x)^(
.*\.patch
)$
- id: forbid-submodules
- id: check-added-large-files
- id: check-case-conflict
- id: check-merge-conflict
- id: check-symlinks
- id: detect-private-key
exclude: ^(ruby-3\.0/0001-ruby-3\.0\.6-openssl-patch\.patch|gitleaks\.yaml)$