-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
109 lines (98 loc) · 3.11 KB
/
.pre-commit-config.yaml
File metadata and controls
109 lines (98 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Pre-commit hooks for ThemisDB
# See https://pre-commit.com for more information
# Installation: pip install pre-commit && pre-commit install
repos:
# General file checks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
exclude: ^(.*\.md|.*\.txt)$
- id: end-of-file-fixer
exclude: ^(vcpkg/|build-|.*\.png|.*\.jpg)
- id: check-yaml
args: ['--unsafe'] # Allow custom YAML tags
- id: check-added-large-files
args: ['--maxkb=1024']
- id: check-case-conflict
- id: check-merge-conflict
- id: check-executables-have-shebangs
- id: mixed-line-ending
args: ['--fix=lf']
exclude: ^(.*\.bat|.*\.ps1)$
# CMake formatting
- repo: https://github.com/cheshirekow/cmake-format-precommit
rev: v0.6.13
hooks:
- id: cmake-format
files: ^(CMakeLists\.txt|.*\.cmake)$
args: ['--in-place']
- id: cmake-lint
files: ^(CMakeLists\.txt|.*\.cmake)$
# JSON/YAML validation
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.27.3
hooks:
- id: check-github-workflows
- id: check-github-actions
# Markdown linting
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.38.0
hooks:
- id: markdownlint
args: ['--fix']
exclude: ^(CHANGELOG\.md|\.github/COPILOT_INSTRUCTIONS\.md\.backup)$
# Shell script validation
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.9.0.6
hooks:
- id: shellcheck
args: ['-x'] # Follow sourced files
# Security: Secret detection (detect-secrets baseline)
- repo: https://github.com/Yelp/detect-secrets
rev: v1.4.0
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: ^(vcpkg/|.*\.lock|.*\.sum)$
# Security: Gitleaks – git-history and staged-file secret scanning
- repo: https://github.com/zricethezav/gitleaks
rev: v8.18.2
hooks:
- id: gitleaks
# Security: High-entropy string and regex pattern scanner (local)
- repo: local
hooks:
- id: secret-scan-entropy
name: Secret scan (entropy + patterns)
entry: python3 scripts/secret_scan.py
language: python
types: [text]
exclude: ^(vcpkg/|vcpkg_installed/|build.*/|\.git/|llama\.cpp/|.*\.lock|.*\.sum|.*\.png|.*\.jpg|.*\.pdf)$
# C++ formatting (clang-format)
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: v18.1.0
hooks:
- id: clang-format
types_or: [c++, c]
args: ['-i'] # in-place
# Validate Copilot instructions references
- repo: local
hooks:
- id: validate-copilot-refs
name: Validate Copilot Instructions References
entry: python .github/scripts/validate_copilot_refs.py
language: python
files: ^\.github/(COPILOT_INSTRUCTIONS\.md|copilot/.*\.md)$
pass_filenames: false
# Global exclusions
exclude: |
(?x)^(
vcpkg/|
vcpkg_installed/|
build-.*|
\.git/|
\.vscode/|
.*\.confidential\.md|
COPILOT_INSTRUCTIONS\.md\.backup
)$