1---
  2default_install_hook_types: [pre-commit, commit-msg]
  3default_stages: [pre-commit, pre-push]
  4
  5repos:
  6  - repo: local
  7    hooks:
  8      - id: gitleaks
  9        name: 'gitleaks: Detect hardcoded secrets'
 10        description: Detect hardcoded secrets using Gitleaks
 11        language: system
 12        entry: gitleaks protect --verbose --redact --staged
 13        pass_filenames: false
 14
 15      - id: actionlint
 16        name: 'actionlint: Lint GitHub Actions workflow files'
 17        description: Runs actionlint to lint GitHub Actions workflow files
 18        language: system
 19        types: [yaml]
 20        files: ^\.github/workflows/
 21        entry: actionlint
 22
 23      - id: hadolint
 24        name: 'hadolint: Lint Dockerfiles'
 25        description: Runs hadolint to lint Dockerfiles
 26        language: system
 27        types: [dockerfile]
 28        entry: hadolint
 29        args: [--failure-threshold, warning, --info, DL3007, --info, DL3008, --info, DL3013, --info, DL3016, --info, DL3018, --info, DL3028]
 30
 31      - id: yamlfix
 32        name: 'yamlfix: fix yaml file'
 33        language: system
 34        types: [yaml]
 35        entry: yamlfix
 36
 37      - id: taplo
 38        name: taplo-cli
 39        description: A TOML toolkit written in Rust.
 40        entry: taplo format
 41        language: system
 42        types: [toml]
 43
 44      - id: ruff
 45        name: 'ruff: Python linter'
 46        description: Run 'ruff' for extremely fast Python linting
 47        language: system
 48        minimum_pre_commit_version: 2.9.2
 49        types_or: [python, pyi]
 50        require_serial: true
 51        entry: ruff check --fix --force-exclude --exit-zero
 52
 53      - id: ruff-format
 54        name: 'ruff: Python formatter'
 55        description: Run 'ruff' for extremely fast Python linting
 56        language: system
 57        minimum_pre_commit_version: 2.9.2
 58        types_or: [python, pyi]
 59        require_serial: true
 60        entry: ruff format --force-exclude
 61
 62      - id: gitlint
 63        name: gitlint
 64        description: Checks your git commit messages for style.
 65        language: system
 66        entry: gitlint --staged
 67        args: [--msg-filename]
 68        stages: [commit-msg]
 69
 70  - repo: https://github.com/pre-commit/pre-commit-hooks.git
 71    rev: v5.0.0
 72    hooks:
 73      - id: check-added-large-files
 74        name: check for added large files
 75        description: prevents giant files from being committed.
 76
 77      - id: check-ast
 78        name: check python ast
 79        description: simply checks whether the files parse as valid python.
 80        types: [python]
 81
 82      - id: check-case-conflict
 83        name: check for case conflicts
 84        description: checks for files that would conflict in case-insensitive filesystems.
 85      - id: check-docstring-first
 86        name: check docstring is first
 87        description: checks a common error of defining a docstring after code.
 88        types: [python]
 89
 90      - id: check-executables-have-shebangs
 91        name: check that executables have shebangs
 92        description: ensures that (non-binary) executables have a shebang.
 93        types: [text, executable]
 94        stages: [pre-commit, pre-push, manual]
 95
 96      - id: check-merge-conflict
 97        name: check for merge conflicts
 98        description: checks for files that contain merge conflict strings.
 99        types: [text]
100
101      - id: check-symlinks
102        name: check for broken symlinks
103        description: checks for symlinks which do not point to anything.
104        types: [symlink]
105
106      - id: check-vcs-permalinks
107        name: check vcs permalinks
108        description: ensures that links to vcs websites are permalinks.
109        types: [text]
110
111      - id: check-xml
112        name: check xml
113        description: checks xml files for parseable syntax.
114        types: [xml]
115
116      - id: check-yaml
117        name: check yaml
118        description: checks yaml files for parseable syntax.
119        types: [yaml]
120
121      - id: debug-statements
122        name: debug statements (python)
123        description: checks for debugger imports and py37+ `breakpoint()` calls in python source.
124        types: [python]
125
126      - id: detect-private-key
127        name: detect private key
128        description: detects the presence of private keys.
129        types: [text]
130
131      - id: end-of-file-fixer
132        name: fix end of files
133        description: ensures that a file is either empty, or ends with one newline.
134        types: [text]
135        stages: [pre-commit, pre-push, manual]
136
137      - id: mixed-line-ending
138        name: mixed line ending
139        description: replaces or checks mixed line ending.
140        args: [--fix=no]
141        types: [text]
142
143      - id: name-tests-test
144        name: python tests naming
145        description: this verifies that test files are named correctly.
146        files: (^|/)tests/.+\.py$
147
148      - id: requirements-txt-fixer
149        name: fix requirements.txt
150        description: sorts entries in requirements.txt.
151        files: requirements.*\.txt$
152
153      - id: trailing-whitespace
154        name: trim trailing whitespace
155        description: trims trailing whitespace.
156        types: [python, json, yaml, toml]
157        stages: [pre-commit, pre-push, manual]
158
159# vim: set filetype=yaml :