repos: ## GENERAL - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.6.0 hooks: - id: check-merge-conflict - id: check-yaml args: ["--unsafe"] - id: check-json - id: end-of-file-fixer - id: trailing-whitespace - id: no-commit-to-branch - id: pretty-format-json args: ["--autofix", "--no-sort-keys", "--no-ensure-ascii"] exclude: 'src/backend/api/fixtures/dev/.*\.json$' ## TOML - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks rev: v2.13.0 hooks: - id: pretty-format-toml args: [--autofix] files: pyproject.toml ## BASH - repo: https://github.com/koalaman/shellcheck-precommit rev: v0.10.0 hooks: - id: shellcheck exclude: contrib ## PYTHON - repo: https://github.com/astral-sh/ruff-pre-commit # Ruff version. rev: v0.5.0 hooks: # Run the linter. - id: ruff args: [ --fix ] # Run the formatter. - id: ruff-format - repo: https://github.com/python-poetry/poetry rev: 1.8.0 hooks: - id: poetry-check args: ["--directory=src"] - id: poetry-lock args: ["--no-update", "--directory=src"] - repo: https://github.com/hadolint/hadolint rev: v2.13.0-beta hooks: - id: hadolint args: ["--ignore=DL3013", "Dockerfile"] - repo: local hooks: - id: pylint name: pylint entry: bash -c 'poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/' language: system files: '.*\.py' - id: trufflehog name: TruffleHog description: Detect secrets in your data. entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail' # For running trufflehog in docker, use the following entry instead: # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail' language: system stages: ["commit", "push"] - id: bandit name: bandit description: "Bandit is a tool for finding common security issues in Python code" entry: bash -c 'poetry run bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .' language: system files: '.*\.py' - id: safety name: safety description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities" entry: bash -c 'poetry run safety check --ignore 70612,66963,74429' language: system - id: vulture name: vulture description: "Vulture finds unused code in Python programs." entry: bash -c 'poetry run vulture --exclude "contrib,.venv,tests,conftest.py" --min-confidence 100 .' language: system files: '.*\.py'