privatim/.pre-commit-config.yaml at develop · seantis/privatim · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
      - id: mixed-line-ending
      - id: check-merge-conflict
      - id: check-ast
        language_version: python3.12
      - id: debug-statements
        language_version: python3.12
      - id: end-of-file-fixer
  - repo: https://github.com/seantis/pre-commit-hooks
    rev: v1.1.0
    hooks:
      - id: nocheckin
        exclude: .pre-commit-config.yaml
      - id: pt_structure
  - repo: https://github.com/mondeja/pre-commit-po-hooks
    rev: 'v1.7.3'
    hooks:
      - id: untranslated-messages
        files: '\.po$'
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.6.8
    hooks:
      - id: ruff
        args: [ "--fix" ]
  - repo: https://github.com/PyCQA/flake8
    rev: 7.3.0
    hooks:
      - id: flake8
        language_version: python3.12
        types: [file]
        files: '^(src|stubs|tests).*\.py'
        additional_dependencies:
          - flake8-type-checking==3.0.0
  - repo: local
    hooks:
      - id: system
        name: bandit
        entry: ./bandit.sh
        language: system
        # NOTE: We want this hook to always run, but exactly once
        #       instead of for every file. So we exclude all files
        exclude: '.*'
        always_run: true
        pass_filenames: false
      - id: system
        name: mypy
        entry: ./mypy.sh
        language: system
        # NOTE: We want this hook to always run, but exactly once
        #       instead of for every file. So we exclude all files
        exclude: '.*'
        always_run: true
        pass_filenames: false
      - id: system
        name: check-setup-cfg
        entry: |
          bash -c 'STAGED=$(git diff --cached --name-only);
          if echo "$STAGED" | grep "setup.cfg" > /dev/null; then
            if echo "$STAGED" | grep "requirements.txt" > /dev/null; then
              echo "✅ setup.cfg and requirements.txt both staged - looks good!";
              exit 0;
            elif git diff --name-only | grep "requirements.txt" > /dev/null; then
              echo "⚠️  Warning: setup.cfg is staged but requirements.txt is only modified (not staged)!";
              echo "Run: git add requirements.txt";
              exit 1;
            else
              echo "⚠️  Warning: setup.cfg was modified but requirements.txt was not!";
              echo "On the server we install from requirements.txt, therefore:";
              echo "If you have added new dependencies, run \"make compile\" to re-generate requirements.txt.";
              echo "Otherwise, you can ignore this warning with --no-verify";
              exit 1;
            fi;
          fi'
        language: system
        pass_filenames: false
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.28.0
    hooks:
      - id: gitleaks