-
Notifications
You must be signed in to change notification settings - Fork 35
/
.pre-commit-config.yaml
199 lines (181 loc) · 6.31 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
default_language_version:
golang: system
# Specifying minimum pre-commit version to allow for use of default language with golang envs.
minimum_pre_commit_version: 3.3.2
repos:
- repo: local
hooks:
- id: go-version
name: go version
entry: scripts/check-go-version
language: script
types: [go]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: check-json
- id: check-merge-conflict
- id: check-yaml
- id: detect-private-key
#RA Summary: detect-private-key - Private key found
#RA: detect-private-key detected a private key in source control
#RA: config/tls/devlocal-*.key files are used in devlocal testing environments only.
#RA: pkg/server/testdata*.key files are used for testing purposes only.
#RA: pkg/auth/authentication/auth_test.go contains a static key, used for unit tests in devlocal and pipeline only.
#RA: pkg/cli/auth.go is a false positive; this code generates a keyfile at runtime, and its heuristics resemble an encoded key.
#RA: .envrc.local.template is used in devlocal environments only.
#RA: The risk of a production key being introduced is mitigated by this detect-private-key hook failing, and
#RA: the PR requiring approval by a team designated to gate changes to this file, specifically attempts to exclude
#RA: new key additions.
#RA Developer Status: Mitigated
#RA Validator Status: Mitigated
#RA Modified Severity: CAT III
exclude: >
(?x)^(
config/tls/devlocal-ca.key$|
config/tls/devlocal-client_auth_secret.key$|
config/tls/devlocal-faux-air-force-orders.key$|
config/tls/devlocal-faux-all-orders.key$|
config/tls/devlocal-faux-army-hrc-orders.key$|
config/tls/devlocal-faux-coast-guard-orders.key$|
config/tls/devlocal-faux-marine-corps-orders.key$|
config/tls/devlocal-faux-navy-orders.key$|
config/tls/devlocal-https.key$|
config/tls/devlocal-mtls.key$|
config/tls/devlocal-mtls-expired.key$|
pkg/server/testdata/localhost.key$|
pkg/server/testdata/localhost-invalid.key$|
pkg/server/testdata/officelocal.key$|
pkg/auth/authentication/auth_test.go$|
pkg/handlers/authentication/auth_test.go$|
.envrc.local.template|
pkg/cli/auth.go$|
)$
- id: trailing-whitespace
exclude: >
(?x)^(
public/swagger-ui/|
pkg/edi/tpps_paid_invoice_report/parser_test.go|
)$
- repo: https://github.com/golangci/golangci-lint
rev: v1.61.0
hooks:
- id: golangci-lint
entry: bash -c 'exec golangci-lint run ${GOLANGCI_LINT_VERBOSE} -j=${GOLANGCI_LINT_CONCURRENCY:-1}' # custom bash so we can override concurrency for faster dev runs
- repo: local
hooks:
- id: ato-go-linter
name: ato-go-linter
entry: scripts/pre-commit-go-custom-linter ato-linter
files: \.go$
pass_filenames: false
language: script
- repo: local
hooks:
- id: appcontext-linter
name: appcontext-linter
entry: scripts/pre-commit-go-custom-linter appcontext-linter
files: \.go$
pass_filenames: false
language: script
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.35.0
hooks:
- id: markdownlint
entry: markdownlint --ignore .github/*.md
- repo: https://github.com/detailyang/pre-commit-shell
rev: 1.0.5
hooks:
- id: shell-lint
args: [-x]
- repo: local
hooks:
- id: prettier
name: prettier
entry: node_modules/.bin/prettier --write
language: node
files: \.(js|jsx)$
- repo: local
hooks:
- id: eslint
name: eslint
entry: node_modules/.bin/eslint --ext .js,.jsx --max-warnings=0
language: node
files: \.(js|jsx)$
exclude: >
(?x)^(
cypress/|
.storybook/|
wallaby.js|
config-overrides.js|
.happo.js
)
- repo: local
hooks:
- id: playwright_tsc
name: playwright_tsc
entry: node_modules/.bin/tsc -p playwright/tests/tsconfig.json
language: node
files: ^playwright/tests/.*\.js$
pass_filenames: false
- repo: local
hooks:
- id: swagger
name: Swagger
entry: scripts/pre-commit-swagger-validate
language: script
files: swagger/.*
types: [yaml]
exclude:
swagger-def/.* # These are partial swagger files that are compiled into the ones in swagger/*.
# They will be checked unless explicitly excluded, but they will fail.
# By only validating the compiled files, we are effectively checking these files as well.
require_serial:
true # Make sure that we only call the script once with all affected YAML files as CI seems to
# have sporadic failures if we call this script in parallel.
- repo: local
hooks:
- id: gomod
name: gomod
entry: scripts/pre-commit-go-mod
language: script
files: go.mod
pass_filenames: false
- repo: https://github.com/trussworks/pre-commit-hooks
rev: v1.1.1
hooks:
- id: gen-docs
args: ['docs/adr']
- id: circleci-validate
- id: markdown-toc
- id: hadolint
- repo: local
hooks:
- id: migrations-manifest
name: migrations manifest
entry: scripts/update-migrations-manifest
language: script
pass_filenames: false
- repo: local
hooks:
- id: scripts-docs
name: scripts are documented
entry: scripts/find-scripts-missing-in-readme
language: script
pass_filenames: false
- repo: local
hooks:
- id: spectral
name: Spectral yaml linter
entry: scripts/lint-yaml-with-spectral
language: script
files: swagger/(admin|prime|prime_v2|prime_v3|support|pptas).yaml
types: [yaml]
- repo: local
hooks:
- id: post-merge-migrate
name: post-merge checker
entry: scripts/check-changes
language: script
stages: [post-merge]
pass_filenames: false