-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
63 lines (56 loc) · 1.63 KB
/
.pre-commit-config.yaml
File metadata and controls
63 lines (56 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# https://pre-commit.com/
exclude: |
(?x)^(
^\.venv/.*$|
^\.pytest_cache/.*$
)$
default_language_version:
python: python3.13
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
hooks:
- id: check-added-large-files
args: ["--maxkb=1024"]
- id: check-case-conflict
- id: check-json
exclude: devcontainer.json
- id: check-merge-conflict
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-yaml
- id: debug-statements
- id: detect-private-key
- id: end-of-file-fixer
- id: mixed-line-ending
args: ["--fix=lf"]
- id: no-commit-to-branch
args: ["--branch", "develop", "--branch", "main", "--branch", "master"]
- id: trailing-whitespace
- repo: https://github.com/codespell-project/codespell
rev: v2.4.2
hooks:
- id: codespell
- repo: https://github.com/asottile/pyupgrade
rev: v3.21.0
hooks:
- id: pyupgrade
args: ["--py313-plus"]
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.11.8
hooks:
- id: ruff
args: ["--fix", "--exit-non-zero-on-fix"]
- id: ruff-format
# SECURITY
# Mirrors the trivy config scan in trivy-scan.yml CI workflow.
# Only the 'config' scan type is run here (IaC misconfig); the 'fs' vuln scan runs in CI only.
- repo: local
hooks:
- id: trivy-config
name: trivy config scan
entry: trivy config --severity HIGH,CRITICAL --exit-code 1 --config trivy.yaml .
language: system
pass_filenames: false
always_run: true