latte
f94d21580c
All checks were successful
Enterprise AI Code Review / ai-review (pull_request) Successful in 26s
67 lines
1.8 KiB
YAML
67 lines
1.8 KiB
YAML
# Pre-commit hooks for OpenRabbit
|
|
# Install: pip install pre-commit && pre-commit install
|
|
# Run manually: pre-commit run --all-files
|
|
|
|
repos:
|
|
# Security scanning with custom OpenRabbit scanner
|
|
- repo: local
|
|
hooks:
|
|
- id: security-scan
|
|
name: Security Scanner
|
|
entry: python tools/ai-review/security/pre_commit_scan.py
|
|
language: python
|
|
types: [python]
|
|
pass_filenames: true
|
|
additional_dependencies: []
|
|
|
|
- id: workflow-validation
|
|
name: Validate Workflow Files
|
|
entry: python tools/ai-review/security/validate_workflows.py
|
|
language: python
|
|
files: ^\.gitea/workflows/.*\.yml$
|
|
pass_filenames: true
|
|
|
|
- id: no-secrets
|
|
name: Check for hardcoded secrets
|
|
entry: python tools/ai-review/security/check_secrets.py
|
|
language: python
|
|
types: [text]
|
|
exclude: ^(\.git/|tests/fixtures/|\.pre-commit-config\.yaml)
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: check-yaml
|
|
args: [--unsafe] # Allow custom tags in workflows
|
|
- id: end-of-file-fixer
|
|
- id: trailing-whitespace
|
|
- id: check-merge-conflict
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=1000']
|
|
- id: detect-private-key
|
|
|
|
# Python code quality
|
|
- repo: https://github.com/psf/black
|
|
rev: 23.12.1
|
|
hooks:
|
|
- id: black
|
|
language_version: python3.11
|
|
|
|
- repo: https://github.com/PyCQA/flake8
|
|
rev: 7.0.0
|
|
hooks:
|
|
- id: flake8
|
|
args: [
|
|
'--max-line-length=100',
|
|
'--extend-ignore=E203,W503',
|
|
]
|
|
|
|
# Security: bandit for Python
|
|
- repo: https://github.com/PyCQA/bandit
|
|
rev: 1.7.6
|
|
hooks:
|
|
- id: bandit
|
|
args: ['-c', 'pyproject.toml', '--severity-level', 'medium']
|
|
additional_dependencies: ['bandit[toml]']
|