.pre-commit-config.yaml

# pre-commit install

repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: check-merge-conflict
      - id: check-yaml
        args: ["--unsafe"]
      - id: end-of-file-fixer
      - id: trailing-whitespace
      - id: no-commit-to-branch
      - id: requirements-txt-fixer

  - repo: https://github.com/pre-commit/mirrors-prettier
    rev: v3.0.3
    hooks:
      - id: prettier
        files: \.(js|ts|jsx|tsx|css|less|html|json|markdown|md|yaml|yml)$

  - repo: https://github.com/sirosen/check-jsonschema
    rev: 0.26.3
    hooks:
      - id: check-github-actions
      - id: check-github-workflows

  - repo: https://github.com/myint/autoflake
    rev: v2.2.1
    hooks:
      - id: autoflake
        args:
          [
            "--exclude",
            "lib/context/resources/__init__.py",
            "--in-place",
            "--remove-all-unused-imports",
            "--remove-unused-variable",
          ]

  - repo: https://github.com/timothycrosley/isort
    rev: 5.12.0
    hooks:
      - id: isort
        args: ["--profile", "black"]

  - repo: https://github.com/psf/black
    rev: 23.9.0
    hooks:
      - id: black
        args: ["lib/"]

  - repo: https://github.com/pycqa/flake8
    rev: 6.1.0
    hooks:
      - id: flake8
        args:
          [
            "--exclude=lib/context/resources/__init__.py,lib/config/configuration.py",
            "--ignore=E501,W503,W605,E203",
            "lib/",
          ]

  - repo: https://github.com/hadolint/hadolint
    rev: v2.12.1-beta
    hooks:
      - id: hadolint
        args: ["Dockerfile", "Dockerfile-lambda"]

  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.83.2
    hooks:
      - id: terraform_fmt

  - repo: local
    hooks:
      - id: pylint
        name: pylint
        entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn lib/'
        language: system
        files: '.*\.py'

      # - id: trufflehog
      #   name: TruffleHog
      #   description: Detect secrets in your data.
      #   entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
      #   language: system
      #   stages: ["commit", "push"]

      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
        entry: bash -c 'bandit -q -lll -r lib/'
        language: system
        files: '.*\.py'

      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
        entry: bash -c 'safety check'
        language: system

      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
        entry: bash -c 'vulture --exclude lib/helpers.py --min-confidence 100 lib/'
        language: system
        files: '.*\.py'