-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.pre-commit-config.yaml
134 lines (122 loc) · 4.45 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks.git
rev: v5.0.0
hooks:
- id: no-commit-to-branch
name: Check this commit is not to the main/master branch
- id: check-merge-conflict
name: Check for merge conflicts before committing
- id: check-case-conflict
name: Check for case conflicts for case-sensitive filesystems
- id: check-symlinks
name: Check for broken syslinks in the repository
- id: destroyed-symlinks
name: Check for destroyed symlinks in the repository
- id: check-added-large-files
name: Check no large files have been added to the commit
args:
# The CRDs in this repository can be very large in size, so we must
# allow for large files to be added
- --maxkb=4096
- id: trailing-whitespace
name: Check all trailing whitespace is removed
- id: end-of-file-fixer
name: Check all files end in a new-line only
- repo: https://github.com/zricethezav/gitleaks.git
rev: v8.20.1
hooks:
- id: gitleaks
name: Check for hard-coded secrets, keys, and credentials
- repo: https://github.com/antonbabenko/pre-commit-terraform.git
rev: v1.96.1
hooks:
- id: terraform_fmt
name: Check Terraform configuration formatting
- id: terraform_validate
name: Validate the Terraform configuration
files: ^terraform/
- id: terraform_providers_lock
name: Check Terraform Provider plaforms configured
args:
- --args=-platform=linux_amd64
- --args=-platform=darwin_arm64
- --hook-config=--mode=only-check-is-current-lockfile-cross-platform
- id: terraform_tflint
name: Lint the Terraform configuration
files: ^terraform/
args:
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
- id: terraform_tflint
name: Lint the Terraform modules
files: ^modules/
args:
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
# Terraform resources deployed into AWS rely on the default_tags
# argument within the provider to manage the bulk of the tags, so only
# run the aws_resource_missing_tags rule within a Terraform
# configuration for accurate checks
- --args=--disable-rule=aws_resource_missing_tags
- id: terraform_trivy
name: Analyse the Terraform configuration
files: ^terraform/
args:
- --args=--config=__GIT_WORKING_DIR__/.trivy.yaml
- --args=--cache-dir=__GIT_WORKING_DIR__/.trivy
- --args=--ignorefile=__GIT_WORKING_DIR__/.trivyignore.yaml
- --args=--tf-vars=variables/development.tfvars
- --args=--severity=CRITICAL,HIGH,MEDIUM
- id: terraform_docs
name: Check the documentation for the Terraform configurations
files: ^terraform/
args:
- --args=--config=.terraform-docs.yaml
- --args=--lockfile=true
- id: terraform_docs
name: Check the documentation for the Terraform modules
files: ^modules/
args:
- --args=--config=.terraform-docs.yaml
- --args=--lockfile=false
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
hooks:
- id: prettier
name: Lint selected files with Prettier
args:
- --config=.prettier.yaml
additional_dependencies:
- prettier@3.3.2
types_or:
- markdown
- json
- yaml
- css
- repo: https://github.com/igorshubovych/markdownlint-cli.git
rev: v0.42.0
hooks:
- id: markdownlint
name: Check general Markdown correctness and formatting
exclude: ^pages/
args:
- --config
- .markdownlint.yaml
- --ignore-path
- .markdownignore
- id: markdownlint
name: Check GitHub Pages Markdown correctness and formatting
files: ^pages/
args:
- --config
- pages/.markdownlint.yaml
- --ignore-path
- pages/.markdownignore
- repo: https://github.com/python-jsonschema/check-jsonschema.git
rev: 0.29.3
hooks:
- name: Check the Taskfiles for correctness
id: check-taskfile
- name: Check Dependabot configuration for correctness
id: check-dependabot
- name: Check GitHub Workflows for correctness
id: check-github-workflows