Task: ff354eb8-97f2-464e-8d05-f38f0a2df356, Time: 1739313782556
This commit is contained in:
juliano.barbosa
parent
ae234c5e5b
commit
104c6e3c47
|
|
@ -0,0 +1,94 @@
|
||||||
|
# Security-focused pre-commit configuration with autoupdate settings
|
||||||
|
default_install_hook_types: [pre-commit, pre-push]
|
||||||
|
default_stages: [pre-commit, pre-merge-commit]
|
||||||
|
minimum_pre_commit_version: "3.5.0"
|
||||||
|
|
||||||
|
ci:
|
||||||
|
autofix_commit_msg: 'chore(pre-commit): auto fixes from pre-commit hooks'
|
||||||
|
autoupdate_commit_msg: 'chore(pre-commit): update pre-commit hook versions'
|
||||||
|
autoupdate_schedule: weekly
|
||||||
|
submodules: true
|
||||||
|
skip: []
|
||||||
|
|
||||||
|
repos:
|
||||||
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
|
rev: v5.0.0
|
||||||
|
hooks:
|
||||||
|
- id: trailing-whitespace
|
||||||
|
- id: end-of-file-fixer
|
||||||
|
- id: check-yaml
|
||||||
|
- id: check-json
|
||||||
|
- id: check-added-large-files
|
||||||
|
args: ['--maxkb=500']
|
||||||
|
- id: check-merge-conflict
|
||||||
|
- id: detect-private-key
|
||||||
|
- id: mixed-line-ending
|
||||||
|
args: ['--fix=lf']
|
||||||
|
- id: check-executables-have-shebangs
|
||||||
|
- id: check-shebang-scripts-are-executable
|
||||||
|
|
||||||
|
- repo: https://github.com/Calinou/pre-commit-luacheck
|
||||||
|
rev: v1.0.0
|
||||||
|
hooks:
|
||||||
|
- id: luacheck
|
||||||
|
args: ['--config', '.luacheckrc']
|
||||||
|
|
||||||
|
- repo: https://github.com/JohnnyMorganz/StyLua
|
||||||
|
rev: v2.0.2
|
||||||
|
hooks:
|
||||||
|
- id: stylua
|
||||||
|
args: ['--config-path', 'stylua.toml']
|
||||||
|
|
||||||
|
- repo: https://github.com/zricethezav/gitleaks
|
||||||
|
rev: v8.23.3
|
||||||
|
hooks:
|
||||||
|
- id: gitleaks
|
||||||
|
name: GitLeaks - Detect Secrets
|
||||||
|
description: Scan for hardcoded secrets and credentials
|
||||||
|
entry: gitleaks protect --verbose --redact --staged
|
||||||
|
stages: [pre-commit, pre-push]
|
||||||
|
|
||||||
|
- repo: https://github.com/PyCQA/bandit
|
||||||
|
rev: 1.8.2
|
||||||
|
hooks:
|
||||||
|
- id: bandit
|
||||||
|
args: ["-c", "pyproject.toml"]
|
||||||
|
additional_dependencies: ['.[toml]']
|
||||||
|
stages: [pre-commit]
|
||||||
|
|
||||||
|
- repo: https://github.com/renovatebot/pre-commit-hooks
|
||||||
|
rev: 39.160.1
|
||||||
|
hooks:
|
||||||
|
- id: renovate-config-validator
|
||||||
|
name: Validate Renovate Config
|
||||||
|
files: renovate\.json|\.renovaterc|\.renovaterc\.(json|yaml|yml)
|
||||||
|
|
||||||
|
- repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
|
||||||
|
rev: v1.1.2
|
||||||
|
hooks:
|
||||||
|
- id: dockerfile_lint
|
||||||
|
- id: markdown-toc
|
||||||
|
|
||||||
|
- repo: https://github.com/streetsidesoftware/cspell-cli
|
||||||
|
rev: v8.17.2
|
||||||
|
hooks:
|
||||||
|
- id: cspell
|
||||||
|
name: Spell Check
|
||||||
|
args: ["--config", ".cspell.json"]
|
||||||
|
stages: [pre-commit]
|
||||||
|
|
||||||
|
- repo: https://github.com/Yelp/detect-secrets
|
||||||
|
rev: v1.5.0
|
||||||
|
hooks:
|
||||||
|
- id: detect-secrets
|
||||||
|
args: ['--baseline', '.secrets.baseline']
|
||||||
|
exclude: package-lock.json
|
||||||
|
|
||||||
|
- repo: local
|
||||||
|
hooks:
|
||||||
|
- id: check-lua-syntax
|
||||||
|
name: Check Lua Syntax
|
||||||
|
entry: lua -e 'for f in pairs(arg) do assert(loadfile(f)) end'
|
||||||
|
language: system
|
||||||
|
files: \.(lua|rockspec)$
|
||||||
|
stages: [pre-commit]
|
||||||
Loading…
Reference in New Issue