-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.pre-commit-config.yaml
114 lines (97 loc) · 3.19 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
exclude: ^public/
- id: check-docstring-first
- id: check-added-large-files
- id: check-yaml
- id: debug-statements
- id: check-merge-conflict
- id: end-of-file-fixer
exclude: ^public/
- repo: https://github.com/gitleaks/gitleaks
rev: v8.16.1
hooks:
- id: gitleaks
- repo: https://github.com/pre-commit/mirrors-mypy # https://github.com/python/mypy # Add static typing checks
rev: 'v1.10.0'
hooks:
- id: mypy
args: [--config-file, ./mypy.ini, --ignore-missing-imports]
- repo: https://github.com/astral-sh/ruff-pre-commit
# Ruff version.
rev: v0.4.4
hooks:
# Run the linter.
- id: ruff
args: [ --fix ]
# Run the formatter.
- id: ruff-format
- repo: https://github.com/python-poetry/poetry
rev: '1.6.0' # add version here
hooks:
- id: poetry-check
- id: poetry-lock
- id: poetry-export
- repo: https://github.com/PyCQA/bandit
rev: 1.7.8
hooks:
- id: bandit # Nb: .bandit file is ignore by pre-commit hook
# args: [--skip, "B320,B410", --recursive, clumper]
# https://github.com/bridgecrewio/checkov/issues/5841
- repo: https://github.com/bridgecrewio/checkov.git
rev: 3.2.194
hooks:
- id: checkov
- id: checkov_diff
- id: checkov_secrets
# - repo: https://github.com/bridgecrewio/checkov
# rev: 3.1.16
# hooks:
# - id: checkov_diff
# - id: checkov_secrets
- repo: https://github.com/semgrep/semgrep
rev: v1.73.0
hooks:
- id: semgrep
exclude: ^public/
# This uses the Python "hook" in .pre-commit-hooks.yaml and setup.py.
# alt: use 'repo: local', and 'language: docker', which can use
# the very latest docker image, which is nice, but is far slower.
language: python
# Both the .semgrepignore file and the --exclude option
# do nothing because the target files are passed
# explicitly on the command line by pre-commit!
args: [
# use osemgrep!
#"--experimental",
# use jsonnet!
# "--config", "semgrep.jsonnet",
# classic flag to use in CI or pre-commit, return error code if findings
"--quiet",
"--error",
# "--strict",
# "--exclude='examples/*",
#"--verbose",
"--skip-unknown-extensions",
# "--metrics=off",
]
# black is an opiniated formatter
# - repo: https://github.com/ambv/black
# rev: 23.9.1
# hooks:
# - id: black
# # language_version: python3.6
# When adding a new hook, we may need to run
# `pre-commit run --all-files`
# right after installing the hook (`pre-commit install`)
# https://stackoverflow.com/questions/54697699/how-to-propertly-configure-my-pre-commit-and-pre-push-hooks
# - repo: https://github.com/google/yapf
# rev: v0.40.2
# hooks:
# - id: yapf
# exclude: ^hello\.*\.py$