-
Notifications
You must be signed in to change notification settings - Fork 3
/
.pre-commit-config.yaml
93 lines (84 loc) · 2.87 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
# Checks for files that contain merge conflict strings.
- id: check-merge-conflict
# Detects aws credentials from the aws cli credentials file.
- id: detect-aws-credentials
args: [--allow-missing-credentials]
# detects the presence of private keys.
- id: detect-private-key
# Trims trailing whitespace in codebase.
- id: trailing-whitespace
# Protect commit to main branch
- id: no-commit-to-branch
args: [--branch,main]
# Check is the Commit is Signed off using `--signoff/-s`
- repo: https://github.com/KAUTH/pre-commit-git-checks
rev: v0.0.1 # Use the SHA or tag you want to point to
hooks:
- id: git-signoff
stages: [commit-msg]
# Checks your git commit messages for style.
- repo: https://github.com/jorisroovers/gitlint
rev: v0.19.1
hooks:
- id: gitlint
name: Scan Commit messages
# Detects hardcoded secrets, security vulnerabilities and policy breaks using GGShield
- repo: https://github.com/zricethezav/gitleaks
rev: v8.18.1
hooks:
- id: gitleaks
name: Detect hardcoded secrets
description: Detect hardcoded secrets using Gitleaks
entry: gitleaks protect --verbose --redact --staged
language: golang
pass_filenames: false
- repo: https://github.com/Bahjat/pre-commit-golang
rev: v1.0.3
hooks:
# Formats Go code
# - id: gofumpt # requires gofumpt to be installed from github.com/mvdan/gofumpt
# name: Go formatter
# description: Runs a strict Go formatter
- id: go-fmt-import
name: Go formatter
description: Go formatter with fmt and imports
# Runs Unit tests
- id: go-unit-tests
name: Run Unit tests
desription: Runs all the unit tests in the repo
# Runs static analysis of the Go code
- id: go-static-check
name: Go Static Check
description: Finds bugs and performance issues
# Local hooks
- repo: https://github.com/intelops/gitrepos-templates-policies
rev: v0.0.1
hooks:
- id: check-devcontainer
name: Check devcontainer
description: Checks for existance of .devcontainer.json in the project
- id: check-gitsign
name: Check gitsign
description: Check if the last commit is signed with Sigstore gitsign
# - id: check-multistage-dockerfile
# name: Check multi-stage Dockerfile
# description: Check the existance of Dockerfile in the project and verify that its a multi-stage Dockerfile
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: check-yaml
name: Verify YAML syntax
args:
- --allow-multiple-documents
- repo: https://github.com/hadolint/hadolint
rev: v2.12.0
hooks:
- id: hadolint
# Rules you want to ignore may be found here: https://github.com/hadolint/hadolint?tab=readme-ov-file#rules
name: Dockerfile linter
description: Dockerfile linter following best-practices
args: [--ignore, DL3051]