-
Notifications
You must be signed in to change notification settings - Fork 2
/
.lefthook.yml
110 lines (92 loc) · 2.61 KB
/
.lefthook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
assert_lefthook_installed: true
colors: true
no_tty: false
min_version: 1.4.11
rc: ~/.lefthookrc
source_dir: .lefthook/
source_dir_local: .lefthook-local/
output:
- summary
- empty_summary
- success
- failure
pre-commit:
parallel: true
commands:
ec-check:
tags: "always,formatting"
run: tomljson ecrc.toml > .ecrc && editorconfig-checker .
stage_fixed: true
# git-check:
# tags: "always,git"
# run: >-
# git diff-index --check "$(git hash-object -t tree /dev/null)"
# stage_fixed: true
gofmt:
tags: "always,go,formatting"
glob: "**/*.go"
run: >-
gofmt -w -s -r 'interface{} -> any' -r 'a[b:len(a)] -> a[b:]' {staged_files}
stage_fixed: true
gofumpt:
tags: "always,go,formatting"
glob: "**/*.go"
run: >-
gofumpt -w -e {staged_files}
stage_fixed: true
markdownlint:
tags: "always,docs,formatting"
glob: "**/*.md"
run: >-
npx -y [email protected] --ignore=node_modules --ignore=.github --ignore=.templates --fix "{all_files}"
stage_fixed: true
shellcheck:
tags: "always,shell"
glob: "**/*.sh"
run: >-
shellcheck {staged_files}
stage_fixed: false
shfmt:
tags: "always,shell"
glob: "**/*.sh"
run: >-
shfmt --simplify --write --language-dialect=auto --indent=4 --case-indent --space-redirects {staged_files}
stage_fixed: true
trivy-vuln:
tags: "always,secrets"
run: >-
trivy fs --config trivy-vuln.yaml --ignorefile .trivyignore .
stage_fixed: false
trivy-license:
tags: "always,secrets"
run: >-
trivy fs --config trivy-license.yaml --ignorefile .trivyignore .
stage_fixed: false
trufflehog:
tags: "always,secrets"
run: >-
trufflehog git file://. --since-commit HEAD --only-verified --fail --json 2>/dev/null | jq '.'
stage_fixed: false
yamlfmt:
tags: "always,secrets"
glob: "**/*.ya?ml"
run: "yamlfmt {staged_files}"
stage_fixed: true
scripts:
# If the file is marked as executable, it should start with a hashbang.
"executable_must_have_hashbang.sh":
runner: bash
# Shell scripts MUST have a file extension.
"script_must_have_extension.sh":
runner: bash
# File MUST always end with a trailing linebreak.
"end_of_file.py":
runner: poetry run
# Remove trailing whitespace from lines.
"remove_trailing_whitespace.py":
runner: poetry run
commit-msg:
commands:
conventional_commit:
run: gommit check message "$(cat {1})"