-
Notifications
You must be signed in to change notification settings - Fork 1
/
.pre-commit-config.yaml
92 lines (92 loc) · 3.32 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: check-merge-conflict
- id: check-added-large-files
args: [--maxkb=500]
- id: trailing-whitespace
- id: detect-private-key
- id: end-of-file-fixer
- id: fix-encoding-pragma
- id: file-contents-sorter
- id: check-case-conflict
- id: mixed-line-ending
args: [--fix=lf]
# -----------------------------
# Checkov is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations
# that may lead to security or compliance problems.
# -----------------------------
# Checkov includes more than 750 predefined policies to check for common misconfiguration issues.
# Checkov also supports the creation and contribution of custom policies.
# https://www.checkov.io/4.Integrations/pre-commit.html
# -----------------------------
- repo: https://github.com/bridgecrewio/checkov.git
rev: 3.2.141
hooks:
- id: checkov
# -----------------------------
# Gitleaks SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos
# -----------------------------
# If you are knowingly committing something that is not a secret and gitleaks is catching it,
# you can add an inline comment of '# gitleaks:allow' to the end of that line in your file.
# This will instructs gitleaks to ignore that secret - example:
# some_non_secret_value = a1b2c3d4e5f6g7h8i9j0 # gitleaks:allow
# -----------------------------
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.4
hooks:
- id: gitleaks
# -----------------------------
# Generates Table of Contents in Markdown files
# -----------------------------
- repo: https://github.com/frnmst/md-toc
rev: 9.0.0
hooks:
- id: md-toc
args: [-p, github] # CLI options
# -----------------------------
# YAML Linting on yaml files for pre-commit and github actions
# -----------------------------
- repo: https://github.com/adrienverge/yamllint
rev: v1.35.1
hooks:
- id: yamllint
name: Check YAML syntax with yamllint
args: [--strict, -c=.yamllint.yaml, '.']
always_run: true
pass_filenames: true
# -----------------------------
# Install PYPI bumpversion check requirements
# -----------------------------
- repo: local
hooks:
- id: install-pypi_bumpversion_check-requirements
name: Install PYPI bumpversion check requirements
entry: pip3 install -r pypi_bumpversion_check/requirements.txt
language: system
files: pyproject.toml
# -----------------------------
# PYPI bumpversion check
# -----------------------------
- repo: local
hooks:
- id: pypi_bumpversion_check
name: Check version
entry: python3 pypi_bumpversion_check/check_version.py
language: system
files: pyproject.toml
# -----------------------------
# Unit Tests
# -----------------------------
- repo: local
hooks:
- id: unittest
name: Run unit tests
entry: python3 -m unittest tests.test_main
language: system
pass_filenames: false
always_run: true