generated from digitalservicebund/java-application-template
-
Notifications
You must be signed in to change notification settings - Fork 9
/
lefthook.yaml
92 lines (83 loc) · 3.09 KB
/
lefthook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
min_version: 1.1.4
commit-msg:
commands:
lint-commit-msg:
run: npx --yes commitlint --edit
pre-commit:
parallel: true
commands:
format-backend:
tags: format backend
root: backend/
run: ./gradlew spotlessApply -DspotlessFiles=$(echo {staged_files} | sed 's/ /,/g') && git add {staged_files}
frontend-typecheck:
tags: format frontend
root: frontend/
glob: "*.{ts,vue}"
run: npm run --silent type:check
frontend-prettier:
tags: format frontend
root: frontend/
glob: "*.{vue,ts,js,json}"
run: npm run --silent prettier:fix {staged_files} && git add {staged_files}
frontend-eslint:
tags: frontend lint
root: frontend/
glob: "*.{vue,ts,js,json}"
run: npm run --silent eslint:fix {staged_files} && git add {staged_files}
frontend-stylelint:
tags: frontend lint
root: frontend/
run: npm run --silent stylelint:fix {staged_files} && git add {staged_files}
post-commit:
commands:
secrets-checksum-test:
tags: security
skip: rebase
fail_text: |
This commit has touched files which are known to include false positives of the secret scanner.
It does not mean you have introduced new secrets, but this are "old" reports.
Afterwards stage the file and amend this commit which was just created with `git commit --amend --no-edit`
run: |
local_reference=$(git rev-parse --symbolic-full-name HEAD)
local_object_name=$(git rev-parse HEAD)
# Strong assumption that we run as `post-commit` hook here!
remote_reference=$(git branch --format="%(upstream)" --list $(git rev-parse --abbrev-ref HEAD))
remote_object_name=$(git rev-parse $remote_reference)
echo $local_reference \
$local_object_name \
${remote_reference:-0000000000000000000000000000000000000000} \
${remote_object_name:-0000000000000000000000000000000000000000}
pre-push:
parallel: true
commands:
licenses-audit-backend:
tags: licenses audit backend
root: backend/
run: ./gradlew checkLicense
licenses-audit-frontend:
tags: licenses audit frontend
root: frontend/
run: npm run audit:licences > /dev/null;
check-pipeline-status:
run: |
which gh 2>&1 >/dev/null ||
(echo "You need to install and configure Github CLI."; exit 1)
# Check current brunch, skipping if not main.
current_branch=$(git rev-parse --abbrev-ref HEAD)
if [[ "$current_branch" != "main" ]]; then
echo "Skipping pipeline status. Performs check only on main branch"
exit 0
fi
conclusion="$(
gh run list --branch main --workflow pipeline --json conclusion,status \
--jq '[.[] | select(.status=="completed")][0].conclusion' \
)"
if [[ "$conclusion" != "success" ]]; then
echo "The last completed pipeline run has failed!"
echo "If you intend to fix the pipeline use '--no-verify', BUT ONLY IF all other hooks are okay."
exit 1
fi
skip_output:
- meta
- execution