-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
87 lines (77 loc) · 3.25 KB
/
Copy path.pre-commit-config.yaml
File metadata and controls
87 lines (77 loc) · 3.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Springtale pre-commit hooks.
# Install pre-commit (https://pre-commit.com) then run `pre-commit install`.
# Per NIST SP 800-218 PO.5.2 (harden dev endpoints).
#
# These hooks run locally before each commit. CI re-runs the same checks
# as gates on PRs, so the pre-commit hook is convenience, not the
# enforcement point.
repos:
# ── Generic hygiene ──────────────────────────────────────────────
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
args: [--allow-multiple-documents]
- id: check-toml
- id: check-json
- id: check-added-large-files
args: [--maxkb=512]
- id: check-merge-conflict
- id: detect-private-key
- id: forbid-submodules
- id: no-commit-to-branch
args: [--branch, main]
# ── Typos ────────────────────────────────────────────────────────
- repo: https://github.com/crate-ci/typos
rev: v1.32.0
hooks:
- id: typos
# ── Rust ─────────────────────────────────────────────────────────
- repo: local
hooks:
- id: cargo-fmt
name: cargo fmt --check
entry: cargo fmt --check --
language: system
types: [rust]
pass_filenames: false
- id: cargo-clippy
name: cargo clippy (changed crates)
# Note: full --workspace runs in CI; pre-commit version stays fast.
entry: cargo clippy --all-targets --quiet -- -D warnings
language: system
types: [rust]
pass_filenames: false
# ── Secrets detection ────────────────────────────────────────────
- repo: https://github.com/gitleaks/gitleaks
rev: v8.21.2
hooks:
- id: gitleaks
# ── GitHub Actions hygiene ───────────────────────────────────────
- repo: https://github.com/rhysd/actionlint
rev: v1.7.6
hooks:
- id: actionlint
files: ^\.github/workflows/.*\.ya?ml$
- repo: https://github.com/woodruffw/zizmor-pre-commit
rev: v1.5.2
hooks:
- id: zizmor
# ── Dockerfile lint ──────────────────────────────────────────────
- repo: https://github.com/hadolint/hadolint
rev: v2.13.1-beta
hooks:
- id: hadolint-docker
# ── Prettier for JSON / YAML (frontend + config) ─────────────────
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
hooks:
- id: prettier
files: \.(json|yaml|yml)$
exclude: ^(Cargo\.lock|tauri/pnpm-lock\.yaml|.*/target/.*)$
ci:
# CI runs the same hooks; pre-commit.ci is not used (no third-party
# bot access to the repo's CI environment).
skip: [cargo-clippy]