cloud-landerox-data/.pre-commit-config.yaml at main · landerox/cloud-landerox-data · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# =============================================================================
# Pre-commit Configuration
# =============================================================================
#
# This file configures pre-commit hooks for code quality and security checks.
#
# Setup:
#   pip install pre-commit
#   pre-commit install
#
# Manual run:
#   pre-commit run --all-files
#
# Update hooks:
#   pre-commit autoupdate
#
# =============================================================================
default_install_hook_types: [pre-commit, commit-msg]

repos:
  # ---------------------------------------------------------------------------
  # General Hooks (Managed by pre-commit)
  # ---------------------------------------------------------------------------
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
      - id: trailing-whitespace
        exclude: \.md$
      - id: end-of-file-fixer
      - id: check-yaml
        args: [--unsafe]
      - id: check-json
      - id: check-added-large-files
        args: [--maxkb=1000]
      - id: check-merge-conflict
      - id: detect-private-key
      - id: no-commit-to-branch
        args: [--branch, main, --branch, master]

  # ---------------------------------------------------------------------------
  # Local Hooks (Uses uv-managed tools from pyproject.toml)
  # ---------------------------------------------------------------------------
  - repo: local
    hooks:
      - id: ruff-check
        name: ruff check
        entry: uv run ruff check --fix
        language: system
        types: [python]
        require_serial: true
      - id: ruff-format
        name: ruff format
        entry: uv run ruff format
        language: system
        types: [python]
        require_serial: true
      - id: detect-secrets
        name: detect-secrets
        entry: uv run detect-secrets-hook --baseline .config/.secrets.baseline
        language: system
        types: [text]
        exclude: uv.lock
      - id: pip-audit
        name: pip-audit
        entry: uv run pip-audit
        language: system
        pass_filenames: false
        always_run: true
      - id: ty
        name: ty (Type Checker)
        entry: uv run ty check
        language: system
        types: [python]
        pass_filenames: false

  # ---------------------------------------------------------------------------
  # CI/CD & Security Hooks
  # ---------------------------------------------------------------------------
  - repo: https://github.com/rhysd/actionlint
    rev: v1.7.11
    hooks:
      - id: actionlint

  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.30.1
    hooks:
      - id: gitleaks
        args: [--config, .config/.gitleaks.toml]

  # ---------------------------------------------------------------------------
  # Markdown Hooks
  # ---------------------------------------------------------------------------
  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.48.0
    hooks:
      - id: markdownlint
        args: [--fix, --config, .config/.markdownlint.yaml]

  # ---------------------------------------------------------------------------
  # Commit Message Hooks
  # ---------------------------------------------------------------------------
  - repo: https://github.com/commitizen-tools/commitizen
    rev: v4.13.9
    hooks:
      - id: commitizen
        stages: [commit-msg]