Task: ff354eb8-97f2-464e-8d05-f38f0a2df356, Time: 1739313782556

2025-02-11 19:43:02 -03:00 · 2025-02-11 19:43:02 -03:00 · 104c6e3c47
parent ae234c5e5b
commit 104c6e3c47
1 changed files with 94 additions and 0 deletions
--- a/.pre-commit-config.yaml.wip
+++ b/.pre-commit-config.yaml.wip
@ -0,0 +1,94 @@
+# Security-focused pre-commit configuration with autoupdate settings
+default_install_hook_types: [pre-commit, pre-push]
+default_stages: [pre-commit, pre-merge-commit]
+minimum_pre_commit_version: "3.5.0"
+
+ci:
+    autofix_commit_msg: 'chore(pre-commit): auto fixes from pre-commit hooks'
+    autoupdate_commit_msg: 'chore(pre-commit): update pre-commit hook versions'
+    autoupdate_schedule: weekly
+    submodules: true
+    skip: []
+
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-yaml
+    -   id: check-json
+    -   id: check-added-large-files
+        args: ['--maxkb=500']
+    -   id: check-merge-conflict
+    -   id: detect-private-key
+    -   id: mixed-line-ending
+        args: ['--fix=lf']
+    -   id: check-executables-have-shebangs
+    -   id: check-shebang-scripts-are-executable
+
+-   repo: https://github.com/Calinou/pre-commit-luacheck
+    rev: v1.0.0
+    hooks:
+    -   id: luacheck
+        args: ['--config', '.luacheckrc']
+
+-   repo: https://github.com/JohnnyMorganz/StyLua
+    rev: v2.0.2
+    hooks:
+    -   id: stylua
+        args: ['--config-path', 'stylua.toml']
+
+-   repo: https://github.com/zricethezav/gitleaks
+    rev: v8.23.3
+    hooks:
+    -   id: gitleaks
+        name: GitLeaks - Detect Secrets
+        description: Scan for hardcoded secrets and credentials
+        entry: gitleaks protect --verbose --redact --staged
+        stages: [pre-commit, pre-push]
+
+-   repo: https://github.com/PyCQA/bandit
+    rev: 1.8.2
+    hooks:
+    -   id: bandit
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: ['.[toml]']
+        stages: [pre-commit]
+
+-   repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 39.160.1
+    hooks:
+    -   id: renovate-config-validator
+        name: Validate Renovate Config
+        files: renovate\.json|\.renovaterc|\.renovaterc\.(json|yaml|yml)
+
+-   repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
+    rev: v1.1.2
+    hooks:
+    -   id: dockerfile_lint
+    -   id: markdown-toc
+
+-   repo: https://github.com/streetsidesoftware/cspell-cli
+    rev: v8.17.2
+    hooks:
+    -   id: cspell
+        name: Spell Check
+        args: ["--config", ".cspell.json"]
+        stages: [pre-commit]
+
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+    -   id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']
+        exclude: package-lock.json
+
+-   repo: local
+    hooks:
+    -   id: check-lua-syntax
+        name: Check Lua Syntax
+        entry: lua -e 'for f in pairs(arg) do assert(loadfile(f)) end'
+        language: system
+        files: \.(lua|rockspec)$
+        stages: [pre-commit]