ClickHouse
diff --git a/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/docker-security.yml‎
Lines changed: 13 additions & 13 deletions b/‎.github/workflows/docker-security.yml‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎.github/workflows/tests.yml‎
Lines changed: 9 additions & 9 deletions b/‎.github/workflows/tests.yml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 1 deletion b/‎.gitignore‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.golangci.yml‎
Lines changed: 4 additions & 19 deletions b/‎.golangci.yml‎
Lines changed: 4 additions & 19 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 99 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 99 additions & 0 deletions
@@ -8,3 +8,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -11,7 +11,7 @@ jobs:
   docker_security_scan:
     name: 🔍 Container Security Scan
     runs-on: ubuntu-latest
-    
+
     permissions:
       contents: read
       security-events: write
@@ -53,23 +53,23 @@ jobs:
           echo "# 🐳 Container Security Report" > security-report.md
           echo "Generated on: $(date)" >> security-report.md
           echo "" >> security-report.md
-          
+
           # Trivy Results Summary
           echo "## 🛡️ Trivy Scan Results" >> security-report.md
           if [ -f "trivy-results.json" ]; then
             CRITICAL=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL")] | length' trivy-results.json 2>/dev/null || echo "0")
             HIGH=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "HIGH")] | length' trivy-results.json 2>/dev/null || echo "0")
             MEDIUM=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "MEDIUM")] | length' trivy-results.json 2>/dev/null || echo "0")
             LOW=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "LOW")] | length' trivy-results.json 2>/dev/null || echo "0")
-            
+
             echo "- 🔴 Critical: $CRITICAL" >> security-report.md
             echo "- 🟠 High: $HIGH" >> security-report.md
             echo "- 🟡 Medium: $MEDIUM" >> security-report.md
             echo "- 🟢 Low: $LOW" >> security-report.md
           else
             echo "- No Trivy results found" >> security-report.md
           fi
-          
+
           echo "" >> security-report.md
           echo "## 📋 Recommendations" >> security-report.md
           echo "1. Review critical and high severity vulnerabilities" >> security-report.md
@@ -93,7 +93,7 @@ jobs:
           if [ -f "trivy-results.json" ]; then
             CRITICAL=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL")] | length' trivy-results.json 2>/dev/null || echo "0")
             echo "Critical vulnerabilities found: $CRITICAL"
-            
+
             if [ "$CRITICAL" -gt 0 ]; then
               echo "::error::Found $CRITICAL critical vulnerabilities in the container image"
               echo "::error::Please review and fix critical vulnerabilities before deploying"
@@ -110,7 +110,7 @@ jobs:
 
     name: 🐋 Dockerfile Security Scan
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -164,7 +164,7 @@ jobs:
     name: 📋 Generate Container SBOM
     runs-on: ubuntu-latest
     needs: docker_security_scan
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -184,7 +184,7 @@ jobs:
         run: |
           # Install Docker Scout CLI
           curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
-          
+
           # Generate SBOM
           docker scout sbom clickbom:latest --format spdx --output container-sbom-scout.spdx.json || echo "Docker Scout SBOM generation failed"
 
@@ -202,7 +202,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [docker_security_scan, dockerfile_security_scan, container_sbom]
     if: always()
-    
+
     steps:
       - name: 📥 Download Security Artifacts
         uses: actions/download-artifact@v5
@@ -221,29 +221,29 @@ jobs:
           echo "# 🔒 ClickBOM Container Security Summary" >> $GITHUB_STEP_SUMMARY
           echo "**Scan Date:** $(date)" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          
+
           if [ -f "security-results/trivy-results.json" ]; then
             echo "## 🛡️ Vulnerability Scan Results" >> $GITHUB_STEP_SUMMARY
             CRITICAL=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL")] | length' security-results/trivy-results.json 2>/dev/null || echo "0")
             HIGH=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "HIGH")] | length' security-results/trivy-results.json 2>/dev/null || echo "0")
             MEDIUM=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "MEDIUM")] | length' security-results/trivy-results.json 2>/dev/null || echo "0")
             LOW=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity == "LOW")] | length' security-results/trivy-results.json 2>/dev/null || echo "0")
-            
+
             echo "| Severity | Count |" >> $GITHUB_STEP_SUMMARY
             echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
             echo "| 🔴 Critical | $CRITICAL |" >> $GITHUB_STEP_SUMMARY
             echo "| 🟠 High | $HIGH |" >> $GITHUB_STEP_SUMMARY
             echo "| 🟡 Medium | $MEDIUM |" >> $GITHUB_STEP_SUMMARY
             echo "| 🟢 Low | $LOW |" >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
-            
+
             if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ]; then
               echo "⚠️ **Action Required:** Critical or High severity vulnerabilities found!" >> $GITHUB_STEP_SUMMARY
             else
               echo "✅ **Good News:** No critical or high severity vulnerabilities found!" >> $GITHUB_STEP_SUMMARY
             fi
           fi
-          
+
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "## 📋 Artifacts Generated" >> $GITHUB_STEP_SUMMARY
           echo "- Container vulnerability scan results (SARIF format)" >> $GITHUB_STEP_SUMMARY
 
@@ -6,7 +6,7 @@ jobs:
   test_unit:
     name: 🧪 Unit Tests
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -34,7 +34,7 @@ jobs:
   test_integration:
     name: 🔗 Integration Tests
     runs-on: ubuntu-latest
-    
+
     services:
       # Mock S3 using LocalStack
       localstack:
@@ -105,7 +105,7 @@ jobs:
   test_lint:
     name: 🔍 Lint & Format
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -151,7 +151,7 @@ jobs:
         exclude:
           - goos: windows
             goarch: arm64
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -178,7 +178,7 @@ jobs:
   test_docker:
     name: 🐳 Docker Build
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -209,7 +209,7 @@ jobs:
     name: 🎯 E2E Tests
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -249,7 +249,7 @@ jobs:
     name: ⚡ Benchmarks
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -275,7 +275,7 @@ jobs:
   test_security:
     name: 🔒 Security Scan
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: 🧾 Checkout
         uses: actions/checkout@v5
@@ -302,4 +302,4 @@ jobs:
       - name: 🔍 Run govulncheck
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
-          govulncheck ./...
+          govulncheck ./...
@@ -1 +1 @@
-.DS_Store
+.DS_Store
@@ -2,41 +2,26 @@ version: "2"
 linters:
   enable:
     - errcheck
-    - gosimple
     - govet
     - ineffassign
     - staticcheck
     - unused
-    - gofmt
-    - goimports
     - misspell
     - unconvert
     - unparam
     - goconst
     - gocyclo
     - gosec
     - revive
-
-linters-settings:
-  errcheck:
-    check-type-assertions: true
-    check-blank: true
-  
-  govet:
-    check-shadowing: true
-  
-  gocyclo:
-    min-complexity: 15
-  
-  gosec:
-    excludes:
-      - G304 # File path provided as taint input
+  settings:
+    gosec:
+      severity: high
+      confidence: high
 
 run:
   timeout: 5m
   tests: true
 
 issues:
-  exclude-use-default: false
   max-issues-per-linter: 0
   max-same-issues: 0
@@ -0,0 +1,99 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  # General file checks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: end-of-file-fixer
+      - id: check-yaml
+        args: [--unsafe]  # Allow custom YAML tags
+      - id: check-json
+      - id: check-toml
+      - id: check-added-large-files
+        args: [--maxkb=1000]
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: mixed-line-ending
+      - id: no-commit-to-branch
+        args: [--branch, main, --branch, master]
+
+  # Go formatting
+  - repo: https://github.com/dnephin/pre-commit-golang
+    rev: v0.5.1
+    hooks:
+      - id: go-fmt
+        name: Format Go code with gofmt
+        description: Runs `gofmt -s -w` on all Go files
+
+      - id: go-imports
+        name: Format Go imports with goimports
+        description: Runs `goimports -w` on all Go files
+        args: [-local, github.com/ClickHouse/ClickBOM]
+
+      - id: go-unit-tests
+        name: Go unit tests
+        description: Runs `go test` on all packages
+        args: [-short, -race]
+
+      - id: go-build
+        name: Go build
+        description: Runs `go build` to ensure code compiles
+
+      - id: go-mod-tidy
+        name: Tidy Go modules
+        description: Runs `go mod tidy` to clean up go.mod and go.sum
+
+  # Additional Go checks
+  - repo: local
+    hooks:
+      - id: go-no-replacement
+        name: Check for replace directives in go.mod
+        entry: "bash -c 'if grep -q \"^replace \" go.mod; then echo \"Error: go.mod contains replace directives\"; exit 1; fi'"
+        language: system
+        files: go\.mod$
+
+      - id: go-critic
+        name: Go critic
+        entry: gocritic check ./...
+        language: system
+        pass_filenames: false
+        files: \.go$
+
+      - id: go-cyclo
+        name: Check cyclomatic complexity
+        entry: gocyclo -over 25 .
+        language: system
+        pass_filenames: false
+        files: \.go$
+
+      - id: golangci-lint
+        name: golangci-lint
+        entry: golangci-lint run --fix
+        language: system
+        pass_filenames: false
+        files: \.go$
+
+  # YAML linting
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.37.1
+    hooks:
+      - id: yamllint
+        args: [-d, relaxed]
+
+  # Dockerfile linting
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.14.0
+    hooks:
+      - id: hadolint-docker
+        args: [--ignore, DL3018]  # Ignore pinning versions in apk add
+
+  # Commit message linting
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v4.3.0
+    hooks:
+      - id: conventional-pre-commit
+        stages: [commit-msg]