stack-nginx/.pre-commit-config.yaml at main · humblebeeai/stack-nginx · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
fail_fast: true
default_language_version:
  python: python3.10
exclude: |
  (?x)^(
      \.git/.*
    | \.venv/.*
    | \.env/.*
    | venv/.*
    | env/.*
    | site-packages/.*
    | node_modules/.*
    | volumes/.*
    | log/.*
    | logs/.*
    | backup/.*
    | backups/.*
    | data/.*
    | dataset/.*
    | datasets/.*
    | tmp/.*
  )$

repos:
  # --- Basic gatekeepers ---
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      # Common Checks
      - id: check-json
        name: "📄 check-json - Validate JSON files"
        files: \.json$
      - id: check-toml
        name: "📄 check-toml - Validate TOML files"
        files: \.toml$
      - id: check-yaml
        name: "📄 check-yaml - Validate YAML files"
        files: \.ya?ml$
        exclude: ^mkdocs\.ya?ml$
      - id: end-of-file-fixer
        name: "📄 end-of-file-fixer - Ensure files end with a newline"
      - id: mixed-line-ending
        name: "📄 mixed-line-ending - Ensure consistent line endings"
      - id: trailing-whitespace
        name: "📄 trailing-whitespace - Remove trailing whitespace"
        exclude: '\.md$'
      - id: fix-byte-order-marker
        name: "📄 fix-byte-order-marker - Remove BOM from files"
      - id: detect-private-key
        name: "🔑 detect-private-key - Detect private keys in files"
      # Filesystem Checks
      - id: check-case-conflict
        name: "📂 check-case-conflict - Check case conflicts in filenames"
      - id: check-symlinks
        name: "📂 check-symlinks - Check broken symlinks"
      - id: destroyed-symlinks
        name: "📂 destroyed-symlinks - Check symlinks that point to non-existent files"
      - id: check-executables-have-shebangs
        name: "📂 check-executables-have-shebangs - Ensure executables have a shebang"
      - id: check-shebang-scripts-are-executable
        name: "📂 check-shebang-scripts-are-executable - Ensure shebang scripts are executable"
      - id: check-illegal-windows-names
        name: "📂 check-illegal-windows-names - Check illegal Windows filenames"
      # Git Checks
      - id: check-merge-conflict
        name: "🌳 check-merge-conflict - Check merge conflict markers"
      - id: check-added-large-files
        name: "🌳 check-added-large-files - Prevent large files from being added"
        args: ["--maxkb=2500"] # 2.5 MB
      - id: no-commit-to-branch
        name: "🌳 no-commit-to-branch - Prevent commits to specific branches"
        args: ["--branch=main", "--branch=master"]

  # --- Security checks ---
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.28.0
    hooks:
      - id: gitleaks
        name: "🔐 gitleaks - Detect secrets in git history"

  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.5.0
    hooks:
      - id: detect-secrets
        name: "🔐 detect-secrets - Detect secrets in code"

  # --- Shell scripts ---
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.11.0.1
    hooks:
      - id: shellcheck
        name: "🐚 shellcheck - Lint shell scripts"
        files: \.sh$

  # --- Cleanup ---
  # - repo: local
  #   hooks:
  #     - id: cleanup
  #       name: "🧹 cleanup (local) - Remove leftover files"
  #       language: system
  #       entry: "./scripts/clean.sh"
  #       pass_filenames: false
  #       always_run: true